lambda function can't ends with a 'make-graph' operator without an "unkown function" error

[JiTmun]

Description

In Log Analytics, a call to 'make-graph' operator at the end of a custom build_graph lambda function to return the produced graph fails with the following error : Unknown function: 'build_graph'. Request id: 9b114b20-1503-4dec-8795-42d70154d2ed"

I try to define general purpose function to build a process directed graph based on a predefined table, to then filter freely on target results.

cf code below,.

Code to get the error

let Data = datatable (Computer:string, process_parent_command_line:string, process_command_line:string)[ "ComputerA", "root cmd", "cmd lvl1", "ComputerA", "cmd lvl1", "cmd lvl2", "ComputerA", "cmd lvl1", "cmd lvl1.2", "ComputerA", "cmd lvl2", "cmd lvl3", "ComputerA", "cmd lvl3", "cmd /C evil lvl4", "ComputerA", "cmd /C evil lvl4", "cmd evil lvl5", "ComputerA", "cmd evil lvl5", "cmd lvl6" ] ; let build_graph = (T:(process_parent_command_line:string, process_command_line:string, Computer:string)){ T | extend parent_id = strcat(Computer, process_parent_command_line), child_id = strcat(Computer, process_command_line) | as hint.materialized=true data | make-graph parent_id --> child_id with (data | mv-expand node_id = pack_array(parent_id, child_id ) to typeof(string) | summarize take_any() by node_id ) on node_id // Uncommenting rows below dosen't raise any error. Goal would be rather to use this after the build_graph function call. //| graph-match (parent)-[edge1..10]->(child) //// where child.process_command_line has "evil" // project root_cmd = parent.process_parent_command_line, // in_between = edge.process_parent_command_line, // lowest_child = child.process_command_line } ; Data | invoke build_graph() // fail as long as no graph-match is part of the defined func

[royoMS]

Thanks for reporting @JiTmun , the issue has been fixed. The fix will be deployed in a couple of weeks.

[JiTmun]

thanks