Azure Kusto language query through all tables

Question

I am trying to build a KUSTO query to verify that logs are coming to Azure log analytic tables or not. This is my code. This command work perfectly & give number of records it received. But Issue is it does not consider in the query output the table names that received zero(not any) logs

union withsource=sourceTable kind=outer Table1, Table2, Table3
| summarize AggregatedValue=count() by bin(TimeGenerated, 5m), sourceTable

Expected output:

| Table Name | Count |
----------------------
| Table1     | 5     |
| Table2     | 3     |
| Table3     | 0     | //If the count is zero, query output does not show the table name
----------------------

Answer 1

You didn't specify the values in the column for bin(TimeGenerated, 5m) in your expected output. I assume you didn't really want this column there (otherwise, I'm not sure what exactly you wish to see in the expected output for Table3, which has 0 records).

To get the output you want, use the following trick:

let DefaultResult = datatable(['Table Name']: string, Count: long) [
    "Table1", 0,
    "Table2", 0,
    "Table3", 0
];
union withsource=sourceTable kind=outer Table1, Table2, Table3
| summarize AggregatedValue=count() by bin(TimeGenerated, 5m), sourceTable
| union DefaultResult
| summarize Count = sum(Count) by ['Table Name']
| order by ['Table Name'] asc

Answer 2

This might help:

let reCount = union withsource=sourceTable kind=outer  AppServiceFileAuditLogs,AzureDiagnostics, BaiClusterEvent
| summarize AggregatedValue=count() by sourceTable;
let tableList = datatable (name:string)
[
    'AppServiceFileAuditLogs',
    'AzureDiagnostics',
    'BaiClusterEvent'
];
tableList
| join kind=leftouter reCount on $left.name == $right.sourceTable
|project name,count = iff(isnull(AggregatedValue)==true,0,AggregatedValue )

Idea here is to do a left join with table expression having table names (tableList) and then place 0 where AggregatedValue is NULL.