Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

Discrepancy in the Count of the Events - in the Incidents blade and Log Analytics Workspace results

Open Ravindra-Am opened this issue 1 year ago • 4 comments

Hi Team,

There is a discrepancy between the count of events from the Incident Blade and the output from the Log Analytics Workspace after executing the query.

For Example:

The number of events from the incidents blade for the Incident Number 1394967 are 2, but when the query was executed, the results getting displayed are only "1".

Image

Image

Incident Number: 1394532

Image

Image

Even after deploying the Updated template the results are getting populated the same.

In the query a Cisco URL link was used, which is getting updated every day.

**ASK: When the data for the past incidents was checked, there is a discrepancy in the output, because of which the SOC team is not willing to investigate the incidents. Need a quick solution for this issue.  

Ravindra-Am avatar Oct 21 '24 06:10 Ravindra-Am

Hi Team, A very good day. Let me know if any data is required from my end. Thank you

Ravindra-Am avatar Oct 21 '24 09:10 Ravindra-Am

Adding @v-rusraut

From: Ravindra-Am @.> Sent: Monday, October 21, 2024 2:45 PM To: Azure/Azure-Sentinel @.> Cc: Sudarshan Kharat (Tata Consultancy Services Limi) @.>; Assign @.> Subject: Re: [Azure/Azure-Sentinel] Discrepancy in the Count of the Events - in the Incidents blade and Log Analytics Workspace results (Issue #11302)

Hi Team, A very good day. Let me know if any data is required from my end. Thank you

— Reply to this email directly, view it on GitHubhttps://github.com/Azure/Azure-Sentinel/issues/11302#issuecomment-2426086258, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A7SLE2WUKZKXM4D7JDLNR73Z4TAZ5AVCNFSM6AAAAABQJNE7T6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRWGA4DMMRVHA. You are receiving this because you were assigned.Message ID: @.***>

v-sudkharat avatar Oct 21 '24 09:10 v-sudkharat

Hi Team, a very good day. Any update on the ticket. Let me know if any data is required from my end. Thank you

Ravindra-Am avatar Oct 24 '24 04:10 Ravindra-Am

Hi @Ravindra-Am , we are working with respective team, we will update you.

v-rusraut avatar Oct 25 '24 06:10 v-rusraut

Hi Team, Thank you for your response. any update on the ticket?

Ravindra-Am avatar Oct 28 '24 08:10 Ravindra-Am

Hi Team, a very good day. Any update on this issue

Ravindra-Am avatar Nov 05 '24 07:11 Ravindra-Am

Hi @Ravindra-Am , Could you please click on this event, Image Copy the query that includes the specific timestamp, and run it in the Log Analytics Workspace to check for the events? Image

Let me know how many events you are getting after running this query.

v-visodadasi avatar Dec 19 '24 05:12 v-visodadasi

HI @Ravindra-Am , Since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time.

Thank you for your co-operation.

v-visodadasi avatar Dec 27 '24 06:12 v-visodadasi