'Kusto query using TimeGenerated as Parameter
I'm trying to use a Kusto query, taking the TimeGenerated field as input and get the below error.
Error is Query could not be parsed at 'datetime(start_time)'
let start_time = Heartbeat | summarize min(TimeGenerated);
let end_time = Heartbeat | summarize max(TimeGenerated);
Heartbeat
| where TimeGenerated > datetime(start_time) and TimeGenerated < datetime(end_time)
It works, when I set a constant to start_time or even use ago() function.
Solution 1:[1]
you could try this:
let times = toscalar(
T1
| summarize pack_array(min(timestamp), max(timestamp))
)
;
T2
| where timestamp > todatetime(times[0])
| where timestamp < todatetime(times[1])
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |