-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sentinel Central Workbook in correctly counting incidents #10465
Comments
Fixed issue Azure#10465 where incidents were not being counted correctly.
ISSUE Azure#10465 Fix - Sentinel Central Workbook now counting incidents correctly
Hi @melatonein5, |
Hi @melatonein5, |
Hi @melatonein5, |
…lPatch Fixed ISSUE #10465 - Sentinel Central Workbook Patch
Hi@melatonein5, |
Describe the bug
When viewing the "Sentinel Central" workbook, all queries returning incident counts are returning incorrect numbers.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Both incident counts should match.
Additional context
Opening this bug to reference the issue in the changelog. Adding
| summarise arg_max(TimeGenerated, *) by IncidentName
to affected queries fixes the issue. This is because every time an incident is modified, it creates a new log entry, which is not being accounted for in these queries.The text was updated successfully, but these errors were encountered: