dcount, dcountif

The dcount() aggregation function is primarily useful for estimating the cardinality of huge sets

Estimation accuracy

The dcount() aggregate function uses a variant of the HyperLogLog (HLL) algorithm, which does a stochastic estimation of set cardinality. The algorithm provides a "knob" that can be used to balance accuracy and execution time per memory size:

Accuracy

Error (%)

Entry count

1.6

212

0.8

214

0.4

216

0.28

217

0.2

218

dcount, dcountifIntuneDevices

| where TimeGenerated > ago (30d)
        and isnotempty(OS)
| summarize Count = dcount(SerialNumber, 4)

dcountif

IntuneDevices
| where TimeGenerated > ago (30d)
        and isnotempty(OS)
| summarize Count = dcountif(SerialNumber, OS != 'Windows')

Previouscount, countif Nexttake_any

Last updated 2 years ago