We have a query that displays the top 5 computers with eventlog errors/warnings:
Event
| where EventLevelName has_any ("Error","Warning")
| summarize count() by Computer
| top 5 by count_
We are collecting logs from multiple customers, so i would like to have a column that shows the computer domain aswell.
Is it possible to use another table and match computer names? Like "Heartbeat" table and the columns "Computer"/"Tenantid"
I guess i would need to use somthing like:
union Event, workspace("xxxxx").Heartbeat
As this would get the correct tenantid..
Since eventlogs are sent directly to our tenant, the table "Event" only contains a single Tenantid
