Distinct returns a deduplicated column results
Perf
| distinct ObjectName, CounterName
//Limit results exampe (only return unique event errors sources)
Event
| where EventLevelName == "Success"
| distinct Source
Perf
| where CounterName == "Total Bytes Received"
| distinct InstanceName
Top return the fist N rows of a column
Perf
| top 20 by TimeGenerated desc
//combine serveral functions - get a list of computers that are low on disk space
Perf
| where CounterName == "Free Megabytes"
and TimeGenerated >=ago(1h)
|project Computer
, TimeGenerated
, CounterName
, FreeMegaBytes =CounterValue
|distinct Computer
, TimeGenerated
, CounterName
, FreeMegaBytes
| top 25 by FreeMegaBytes asc
RootSecurity 