Questions
Before moving on to the next chapter, test your knowledge by answering these questions. The answers can be found at the back of this book:
- What are the properties of a time series?
- Which operator can we use to generate a time series?
- Can you fill in the blanks of this query to display the number of patches that have been installed in the last 30 days and render the results as a time chart?
let startTime = ago(____); let endTime = now(); let binSize = 7d; Update | where Classification == "Security Updates" | make-series security_updates=count() default=0 on TimeGenerated from startTime to endTime step _____ by UpdateState | render ____
- Using
mv-expand
, split the following time series into records:let startTime = ago(100d); let endTime = now(); let binSize = 7d; Update | where Classification == "Security Updates" | make-series security_updates=count() default=0 on TimeGenerated from startTime to endTime step binSize by UpdateState