我正在根据过滤条件编写KQL,我想加入两个事件数据。我的KQL如下:
let table1=source
|where LogName == "FraudServiceRequest"
| project d_name=LogName,PreciseTimeStamp,ConnectionID,End=substring(TimeStamp,13,20);
let table2=source
| where LogName == "ProxyReceivedRequest"
| project ConnectionID,Start=substring(TimeStamp,13,20);
table1
| join (table2)
on $left.ConnectionID == $right.ConnectionID
|project ConnectionID,m_Ans=(toreal(End)-toreal(Start))/1000.0
但是没有人记录下来。 您能帮我吗,非常非常感谢。