Skip to main content

vw_bookmarks

Creates, updates, deletes, gets or lists a vw_bookmarks resource.

Overview

Namevw_bookmarks
TypeView
Idazure.sentinel.vw_bookmarks

Fields

See the SQL Definition (view DDL) for fields returned by this view.

SQL Definition

SELECT
etag as etag,
JSON_EXTRACT(properties, '$.created') as "created",
JSON_EXTRACT(properties, '$.createdBy') as "created_by",
JSON_EXTRACT(properties, '$.displayName') as "display_name",
JSON_EXTRACT(properties, '$.labels') as "labels",
JSON_EXTRACT(properties, '$.notes') as "notes",
JSON_EXTRACT(properties, '$.query') as "query",
JSON_EXTRACT(properties, '$.queryResult') as "query_result",
JSON_EXTRACT(properties, '$.updated') as "updated",
JSON_EXTRACT(properties, '$.updatedBy') as "updated_by",
JSON_EXTRACT(properties, '$.eventTime') as "event_time",
JSON_EXTRACT(properties, '$.queryStartTime') as "query_start_time",
JSON_EXTRACT(properties, '$.queryEndTime') as "query_end_time",
JSON_EXTRACT(properties, '$.incidentInfo') as "incident_info",
subscriptionId,
resourceGroupName,
workspaceName,
bookmarkId
FROM azure.sentinel.bookmarks
WHERE subscriptionId = 'replace-me' AND resourceGroupName = 'replace-me' AND workspaceName = 'replace-me';