Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Discrepancy in the Count of the Events - in the Incidents blade and Log Analytics Workspace results #11302

Open
Ravindra-Am opened this issue Oct 21, 2024 · 7 comments

Comments

@Ravindra-Am
Copy link

Hi Team,

There is a discrepancy between the count of events from the Incident Blade and the output from the Log Analytics Workspace after executing the query.

For Example:

The number of events from the incidents blade for the Incident Number 1394967 are 2, but when the query was executed, the results getting displayed are only "1".

Image

Image

Incident Number: 1394532

Image

Image

Even after deploying the Updated template the results are getting populated the same.

In the query a Cisco URL link was used, which is getting updated every day.

**ASK: When the data for the past incidents was checked, there is a discrepancy in the output, because of which the SOC team is not willing to investigate the incidents. Need a quick solution for this issue.  

@Ravindra-Am
Copy link
Author

Hi Team, A very good day. Let me know if any data is required from my end.
Thank you

@v-sudkharat
Copy link
Contributor

v-sudkharat commented Oct 21, 2024 via email

@Ravindra-Am
Copy link
Author

Hi Team, a very good day. Any update on the ticket. Let me know if any data is required from my end.
Thank you

@v-rusraut
Copy link
Contributor

Hi @Ravindra-Am , we are working with respective team, we will update you.

@Ravindra-Am
Copy link
Author

Hi Team, Thank you for your response. any update on the ticket?

@Ravindra-Am
Copy link
Author

Hi Team, a very good day. Any update on this issue

@v-visodadasi
Copy link
Contributor

Hi @Ravindra-Am , Could you please click on this event,
Image
Copy the query that includes the specific timestamp, and run it in the Log Analytics Workspace to check for the events?
Image

Let me know how many events you are getting after running this query.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants