Robert Cain continues a series on KQL:
Back in June of 2022 I covered the
topoperator in my Fun With KQL – Top post. We showed how to create your own top 10 lists, for example what were the top 5 computers ranked by free disk space.What if you needed your top results in a nested hierarchy? For example, you wanted to know which three objects in the Perf table had the most entries? But, for each one of those, what were the three counters with the most entires?
That’s where the
top-nestedoperator comes in. It allows you to create top lists in nested, also called hierarchical levels.
Click through for the normal slew of examples on how to use this operator.