![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 60%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,662 questions
Hi @Kunal Mehta ,
If you have a Column for Customer in your table (say T) then you can try one of the below 2 approaches (one using partition operator and another one using union operator).
Using partition operator:
T
| where Customer has_any ('AAA', 'BBB', 'CCC', 'DDD', 'EEE', 'FFF', 'GGG', 'HHH', 'III', 'JJJ')
| partition by Customer
(
top 10 by TimeGenerated
| project TimeGenerated, Customer
)
Using union operator:
let View_1 = view () { T | where Customer == "AAA" | top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_2 = view () { T | where Customer == "BBB" |top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_3 = view () { T | where Customer == "CCC" | top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_4 = view () { T | where Customer == "DDD" |top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_5 = view () { T | where Customer == "EEE" | top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_6 = view () { T | where Customer == "FFF" |top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_7 = view () { T | where Customer == "GGG" | top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_8 = view () { T | where Customer == "HHH" |top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_9 = view () { T | where Customer == "III" | top 10 by TimeGenerated | project TimeGenerated, Customer };
let View_10 = view () { T | where Customer == "JJJ" |top 10 by TimeGenerated | project TimeGenerated, Customer };
union withsource=TableName View_1, View_2, View_3, View_4, View_5, View_6, View_7, View_8, View_9, View_10
where T is table name, Customer is column name of customers, AAA to JJJ are 10 sample customer name
However, if we think from looping standpoint then I believe there are other possible ways as well using operators like top-nested, mv-apply, mv-expand. If interested, take a look at examples section in each of these operator articles.