I am using below query to get the container error log and filtering to remove duplicates.
<code> let ContainerIdList = KubePodInventory
| where ContainerName contains "acc-c1-logger"
| where Namespace has "prd" | where ClusterId =~ '/subscriptions/xxxx/resourcegroups/xxxx/providers/Microsoft.ContainerService/managedClusters/aksprd'
| distinct ContainerID;
ContainerLog
| where ContainerID in (ContainerIdList)
| where LogEntry !has "SRV1174"
| where LogEntry has "| E |" or LogEntry has "| F |"
| where LogEntry !contains "the I/O interface definition of project"
| where LogEntry !contains "the I/O interface definition of cuc"
| where TimeGenerated > ago(5m)
| project LogEntrySource, LogEntry, TimeGenerated
| order by TimeGenerated desc
| top 1000 by LogEntry
| render table
| extend SplitLog = split(LogEntry, "|")
| project C1 = SplitLog[0], cc=SplitLog[1],C2 = todatetime(SplitLog[1]), C3 =
SplitLog[2], C4 = SplitLog[3], C5=SplitLog[4], logerror=SplitLog[5]
| summarize arg_max(C2,*) by tostring(logerror)
| project-away logerror
| project ERROR = strcat( cc, "|", C3, "|", C4, "|", C5, "|", logerror1)
</code>
<code> let ContainerIdList = KubePodInventory
| where ContainerName contains "acc-c1-logger"
| where Namespace has "prd" | where ClusterId =~ '/subscriptions/xxxx/resourcegroups/xxxx/providers/Microsoft.ContainerService/managedClusters/aksprd'
| distinct ContainerID;
ContainerLog
| where ContainerID in (ContainerIdList)
| where LogEntry !has "SRV1174"
| where LogEntry has "| E |" or LogEntry has "| F |"
| where LogEntry !contains "the I/O interface definition of project"
| where LogEntry !contains "the I/O interface definition of cuc"
| where TimeGenerated > ago(5m)
| project LogEntrySource, LogEntry, TimeGenerated
| order by TimeGenerated desc
| top 1000 by LogEntry
| render table
| extend SplitLog = split(LogEntry, "|")
| project C1 = SplitLog[0], cc=SplitLog[1],C2 = todatetime(SplitLog[1]), C3 =
SplitLog[2], C4 = SplitLog[3], C5=SplitLog[4], logerror=SplitLog[5]
| summarize arg_max(C2,*) by tostring(logerror)
| project-away logerror
| project ERROR = strcat( cc, "|", C3, "|", C4, "|", C5, "|", logerror1)
</code>
let ContainerIdList = KubePodInventory
| where ContainerName contains "acc-c1-logger"
| where Namespace has "prd" | where ClusterId =~ '/subscriptions/xxxx/resourcegroups/xxxx/providers/Microsoft.ContainerService/managedClusters/aksprd'
| distinct ContainerID;
ContainerLog
| where ContainerID in (ContainerIdList)
| where LogEntry !has "SRV1174"
| where LogEntry has "| E |" or LogEntry has "| F |"
| where LogEntry !contains "the I/O interface definition of project"
| where LogEntry !contains "the I/O interface definition of cuc"
| where TimeGenerated > ago(5m)
| project LogEntrySource, LogEntry, TimeGenerated
| order by TimeGenerated desc
| top 1000 by LogEntry
| render table
| extend SplitLog = split(LogEntry, "|")
| project C1 = SplitLog[0], cc=SplitLog[1],C2 = todatetime(SplitLog[1]), C3 =
SplitLog[2], C4 = SplitLog[3], C5=SplitLog[4], logerror=SplitLog[5]
| summarize arg_max(C2,*) by tostring(logerror)
| project-away logerror
| project ERROR = strcat( cc, "|", C3, "|", C4, "|", C5, "|", logerror1)
i get following output in the error table
<code> 2024-06-27 20:43:47 | con-prc-sc | SRV2006 | E | [DB_AdviceSimulationAlerted] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 7."
2024-06-27 20:44:00 | con-prc-sc | SRV2001 | E | Unable to connect DB
2024-06-27 20:44:47 | con-prc-sc | SRV2006 | E | [DB_AdviceSimulationAlerted] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 9."
2024-06-27 20:45:00 | con-prc-sc | SRV2001 | E | file is missing on relative path
2024-06-27 20:45:47 | con-prc-sc | SRV2006 | E | [DB_Advice] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 11."
</code>
<code> 2024-06-27 20:43:47 | con-prc-sc | SRV2006 | E | [DB_AdviceSimulationAlerted] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 7."
2024-06-27 20:44:00 | con-prc-sc | SRV2001 | E | Unable to connect DB
2024-06-27 20:44:47 | con-prc-sc | SRV2006 | E | [DB_AdviceSimulationAlerted] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 9."
2024-06-27 20:45:00 | con-prc-sc | SRV2001 | E | file is missing on relative path
2024-06-27 20:45:47 | con-prc-sc | SRV2006 | E | [DB_Advice] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 11."
</code>
2024-06-27 20:43:47 | con-prc-sc | SRV2006 | E | [DB_AdviceSimulationAlerted] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 7."
2024-06-27 20:44:00 | con-prc-sc | SRV2001 | E | Unable to connect DB
2024-06-27 20:44:47 | con-prc-sc | SRV2006 | E | [DB_AdviceSimulationAlerted] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 9."
2024-06-27 20:45:00 | con-prc-sc | SRV2001 | E | file is missing on relative path
2024-06-27 20:45:47 | con-prc-sc | SRV2006 | E | [DB_Advice] on project
'Advice': error while storing: During executeUpdate: Could not find prepared statement
with handle 11."
the requirement is here , i need to get only top 1 from the could not fine prepared statement error along with other errors. how can we do. thanks in advance