This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Display count of log content with content message and time

Go to solution
Shal
Participant

‎09 May 2025 03:19 PM - last edited on ‎09 May 2025 03:54 PM by Community Team

Hi Team,

Can I get a query (DQL) that can display the results in the below manner for a particular log file 

example: D:/logs/log.txt

I need different content and its count based on date or time selection.

content count date/time
error: abc  2 5th may
error:def 3 5th may
error: ghi 1 6th may

 

Thanks!

Labels:
0 Kudos
Reply
3 REPLIES 3

Go to solution
p_devulapalli
Leader

‎12 May 2025 01:46 AM

@Shal Here is an example query you can try

fetch logs
| fieldsAdd day = getDayOfMonth(timestamp), month = getMonth(timestamp)
| filter log.source == "D:/logs/logs.txt"
| summarize count = count(), by: { day, month, content }

 

Phani Devulapalli
Reply

Go to solution
Shal
Participant
In response to p_devulapalli

‎12 May 2025 07:30 AM - edited ‎26 Jun 2025 02:17 PM

Hi @p_devulapalli 

Thanks for the input.

Its showing the content, count ,day and month.

If you see the below snip, the red ones are same content and blue ones are same content. So can we sum it for a day so that it will show 2 contents with count as 4 each in this case.

Here it is showing separate count as there is small difference in microsecond 

 

Thanks

0 Kudos
Reply

Go to solution
p_devulapalli
Leader
In response to Shal

‎12 May 2025 07:59 AM

@Shal that's because of the timestamp in the content, you just need to find a way to clean/split up the content and them summarize to get the expected result  

Phani Devulapalli
Reply
Ask a question

Featured Posts