![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 57.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHF%3C/text%3E%3C/svg%3E)
Azure Data Explorer
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
480 questions
Hi HurminLNU-FT,
Thank you for posting query in Microsoft Q&A Platform.
To include columns we need to include then in
summarizeoperator. Kindly try to include missing columns to it if that works as per your requirement.
Below is the sample query just for reference.
Update
| where TimeGenerated > ago(5h) and OSType == "Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated > ago(12h) and OSType == "Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, *) by Computer, SourceComputerId, Product, ProductArch, CVENumbers, PackageSeverity
| where UpdateState =~ "Needed" and Computer == "AM-PROD-APP1"
| render table
Hope this helps. Please try and let me know how it goes. Thank you.