Contribute in GitHub:
Edit online
count() (aggregation function)
Returns a count of the records per summarization group (or in total, if summarization is done without grouping).
- Can be used only in context of aggregation inside summarize
- Use the countif aggregation function to count only records for which some predicate returns
true
.
Syntax
count()
Returns
Returns a count of the records per summarization group (or in total, if summarization is done without grouping).
Example
This example simply aggregates events
by their severity
.
events
| project severity, original_time
| where original_time > ago(24h)
| where severity > 6
| summarize EventCount=count() by EventSeverity=severity
| order by EventSeverity desc
Results
EventSeverity | EventCount |
---|---|
10 | 245015 |
9 | 1401646 |
8 | 360175 |
7 | 1258226 |