When i use summarize any() all my columns get a new name any_original name. I want to keep the original name or rename the any away
in Splunk used to do something like rename value(*) as * and that did the trick, in kql im not sure
2
votes
1 Answers
2
votes
ORIGINAL ANSWER (May 2021)
You can supply your own column names, like this:
MyTable
| summarize (Timestamp, Api, Application) = any(Timestamp, Api, Application)
UPDATE (Jun 2021)
Following your request, we've introduced a new aggregation function, called take_any() that behaves just like any(), but leaves the column names as is:
For example:
MyTable
| summarize take_any(Timestamp, Api, Application)
The output will contain 3 columns named: Timestamp, Api, Application.
