az-400 question 68 discussion
View all Microsoft Azure DevOps Solutions here
back to microsoft forumQuestion 68 Topic 6
DRAG DROP
You have several Azure virtual machines that run Windows Server 2019.
You need to identify the distinct event IDs of each virtual machine as shown in the following table.
How should you complete the Azure Monitor query? To answer, drag the appropriate values to the correct locations. Each
value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.
NOTE: Each correct selection is worth one point.
Select and Place:
Answer:
Explanation:
You can use makelist to pivot data by the order of values in a particular column. For example, you may want to explore the
most common order events take place on your machines. You can essentially pivot the data by the order of EventIDs on
each machine.
Example:
Event
| where TimeGenerated > ago(12h)
| order by TimeGenerated desc
| summarize makelist(EventID) by Computer
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/advanced-aggregations
The correct answer is makeset. beacuse makeset is distinct event id. makelist is not distinct.