Create an aggregated value based by a provided function
//provides count per CounterName value
Perf
| summarize count() by CounterName
Example using multiple columns
//provides count per ObjectName and CounterName value
Perf
| summarize count() by ObjectName, CounterName
Example with renaming the default _count column
//provides count per ObjectName and CounterName value adds a renamed _count column
Perf
| summarize PerfCount=count()
by ObjectName, CounterName
Example leveraging the average function
Perf
| where CounterName == "% Free Space"
| summarize NumberofEntries=count()
, AverageFreeSpace=avg(CounterValue)
by CounterName
Summarize into logical groups
// Bin used to summarize into local groups, like days
Perf
| summarize NumberOfEntities=count()
by bin(TimeGenerated,1d)
//Bin used to group by mulitple levels - Count amount of entries and group by CounterName
Perf
| summarize NumberOfEntitites=count()
by CounterName
, bin(TimeGenerated, 1d)
RootSecurity 