ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 2 question 36 discussion

Actual exam question from Microsoft's AZ-400
Question #: 36
Topic #: 2
[All AZ-400 Questions]

DRAG DROP
-

You have an app named App1. You have a Log Analytics workspace named Workspace1 that contains two tables named Events and Logs. App1 manages events in multiple locations and writes logs to Workspace1.

You need to query Workspace1 for all log entries related to Asia that occurred during the last two days.

In which order should you arrange the query statements? To answer, move all statements from the list of statements to the answer area and arrange them in the correct order.

Show Suggested Answer Hide Answer
Suggested Answer:
by mrg998 at Jan. 21, 2023, 3:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Marek79
Highly Voted 2 years, 5 months ago
timestamp is for Logs and continent for Events (App 1 manages events in multiple locations) So must be: Logs | where Timestamp > ago(1d) | join ( Events | where continent == 'Europe' ) on RequestId https://hybriddbablog.com/2022/03/31/kql-series-understanding-kql-queries-part-2/
upvoted 46 times
Kasurot
2 years, 4 months ago
Agreeing and adding an example straight from Microsoft: https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/tabularexpressionstatements#example
upvoted 4 times
...
...
zellck
Highly Voted 2 years, 1 month ago
Logs | where timestamp > ago(2d) | join (Events | where continent == 'Asia' ) on RequestId https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/best-practices - Use time filters first. Kusto is highly optimized to use time filters.
upvoted 17 times
...
Reddyy21
Most Recent 11 months, 2 weeks ago
Correct Query Structure: A typical Log Analytics query structure for joining tables and applying filters is: Table1 | join (Table2 | where Condition1) on ColumnName | where Condition2 Corrected Query: logs | join (events | where continent == "asia") on requestId | where timestamp > ago(2d)
upvoted 2 times
...
xRiot007
1 year, 11 months ago
Logs are timestamped and time stamps filters are optimized, so use them first so Logs where timestamp... Then you need to enright the log data with Events data so Join Events Where continent is Europe on RequestID
upvoted 2 times
...
mrg998
2 years, 5 months ago
tried this in KQL workspace seems not to error on syntax so might be ok
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel