-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discrepancy in the Count of the Events - in the Incidents blade and Log Analytics Workspace results #11302
Comments
Hi Team, A very good day. Let me know if any data is required from my end. |
Adding @v-rusraut
…________________________________
From: Ravindra-Am ***@***.***>
Sent: Monday, October 21, 2024 2:45 PM
To: Azure/Azure-Sentinel ***@***.***>
Cc: Sudarshan Kharat (Tata Consultancy Services Limi) ***@***.***>; Assign ***@***.***>
Subject: Re: [Azure/Azure-Sentinel] Discrepancy in the Count of the Events - in the Incidents blade and Log Analytics Workspace results (Issue #11302)
Hi Team, A very good day. Let me know if any data is required from my end.
Thank you
—
Reply to this email directly, view it on GitHub<#11302 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A7SLE2WUKZKXM4D7JDLNR73Z4TAZ5AVCNFSM6AAAAABQJNE7T6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRWGA4DMMRVHA>.
You are receiving this because you were assigned.Message ID: ***@***.***>
|
Hi Team, a very good day. Any update on the ticket. Let me know if any data is required from my end. |
Hi @Ravindra-Am , we are working with respective team, we will update you. |
Hi Team, Thank you for your response. any update on the ticket? |
Hi Team, a very good day. Any update on this issue |
Hi @Ravindra-Am , Could you please click on this event, Let me know how many events you are getting after running this query. |
Hi Team,
There is a discrepancy between the count of events from the Incident Blade and the output from the Log Analytics Workspace after executing the query.
For Example:
The number of events from the incidents blade for the Incident Number 1394967 are 2, but when the query was executed, the results getting displayed are only "1".
Incident Number: 1394532
Even after deploying the Updated template the results are getting populated the same.
In the query a Cisco URL link was used, which is getting updated every day.
**ASK: When the data for the past incidents was checked, there is a discrepancy in the output, because of which the SOC team is not willing to investigate the incidents. Need a quick solution for this issue.
The text was updated successfully, but these errors were encountered: