使用 in() 时,Log Analytics 保持变量顺序
Log Analytics keep order from variable when using in()
我是 Log Analytics 的新手,我正在尝试获取前 10 台计算机的“可用百分比 Space”排序器按“_Total”排序,所有磁盘按计算机分组按“_Total”排序像这样:
let top_10_free =
Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space" and InstanceName == "_Total" and TimeGenerated > todatetime("2020-01-01 00:00:00")
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue desc nulls last
| project Computer;
Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space" and Computer in(top_10_free)
| summarize arg_max(TimeGenerated, *) by InstanceName, Computer
| project-rename Ultimo_Check = TimeGenerated, Instancia = Computer, Particion = InstanceName, Porcentaje_Disponible = CounterValue
| project Ultimo_Check, Instancia, Particion, Porcentaje_Disponible
在此查询中,计算机在 "top_10_free" 中排序,但未在最终输出中排序。
最终输出(这几乎是我想要的,只是计算机的顺序不符合要求):
总而言之,我希望第二个 img(在 Instancia 列下)的服务器组像第一个 img(在 Computer 列下)中的服务器一样排序。
预期输出:
+---------------+-----------+-----------+-----------------------+
|Ultimo_Check |Instancia |Particion |Porcentaje_Disponible |
+---------------+-----------+-----------+-----------------------+
|somedate |server10 |C: |97,402 |
+---------------+-----------+-----------+-----------------------+
|somedate |server10 |D: |83,363 |
+---------------+-----------+-----------+-----------------------+
|somedate |server10 |_Total |90,383 |
+---------------+-----------+-----------+-----------------------+
|somedate |server |C: |83,849 |
+---------------+-----------+-----------+-----------------------+
|somedate |server |D: |91,185 |
+---------------+-----------+-----------+-----------------------+
|somedate |server |_Total |87,617 |
+---------------+-----------+-----------+-----------------------+
|somedate |AK |C: |67,599 |
+---------------+-----------+-----------+-----------------------+
|somedate |AK |HarddiskVol|30,461 |
+---------------+-----------+-----------+-----------------------+
|somedate |AK |_Total |67,735 |
+---------------+-----------+-----------+-----------------------+
Then AC with _Total = 66,281
Then CU with _Total = 63,249
Then CO with _Total = 37,563
Then GR with _Total = 36,19
提前致谢。
在最后添加 order by 有帮助吗?例如:
...
| project Ultimo_Check, Instancia, Particion, Porcentaje_Disponible
| order by Instancia asc, Porcentaje_Disponible desc
编辑以添加解决问题的评论
order by 根据排序键对记录进行排序。它不排序 "groups of records",因为在查询语言和底层数据层中都没有这样的概念。您可能想要重组您的数据(在查询时),以便您最终得到每个 "group" 的记录(例如,将 _Total 作为一列,其余驱动器在 属性像 {"C:":1234, "D:":3456} 这样的包。然后,您可以按列 _Total
对记录(现在 "groups")进行排序
我是 Log Analytics 的新手,我正在尝试获取前 10 台计算机的“可用百分比 Space”排序器按“_Total”排序,所有磁盘按计算机分组按“_Total”排序像这样:
let top_10_free =
Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space" and InstanceName == "_Total" and TimeGenerated > todatetime("2020-01-01 00:00:00")
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue desc nulls last
| project Computer;
Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space" and Computer in(top_10_free)
| summarize arg_max(TimeGenerated, *) by InstanceName, Computer
| project-rename Ultimo_Check = TimeGenerated, Instancia = Computer, Particion = InstanceName, Porcentaje_Disponible = CounterValue
| project Ultimo_Check, Instancia, Particion, Porcentaje_Disponible
在此查询中,计算机在 "top_10_free" 中排序,但未在最终输出中排序。
最终输出(这几乎是我想要的,只是计算机的顺序不符合要求):
总而言之,我希望第二个 img(在 Instancia 列下)的服务器组像第一个 img(在 Computer 列下)中的服务器一样排序。
预期输出:
+---------------+-----------+-----------+-----------------------+
|Ultimo_Check |Instancia |Particion |Porcentaje_Disponible |
+---------------+-----------+-----------+-----------------------+
|somedate |server10 |C: |97,402 |
+---------------+-----------+-----------+-----------------------+
|somedate |server10 |D: |83,363 |
+---------------+-----------+-----------+-----------------------+
|somedate |server10 |_Total |90,383 |
+---------------+-----------+-----------+-----------------------+
|somedate |server |C: |83,849 |
+---------------+-----------+-----------+-----------------------+
|somedate |server |D: |91,185 |
+---------------+-----------+-----------+-----------------------+
|somedate |server |_Total |87,617 |
+---------------+-----------+-----------+-----------------------+
|somedate |AK |C: |67,599 |
+---------------+-----------+-----------+-----------------------+
|somedate |AK |HarddiskVol|30,461 |
+---------------+-----------+-----------+-----------------------+
|somedate |AK |_Total |67,735 |
+---------------+-----------+-----------+-----------------------+
Then AC with _Total = 66,281
Then CU with _Total = 63,249
Then CO with _Total = 37,563
Then GR with _Total = 36,19
提前致谢。
在最后添加 order by 有帮助吗?例如:
...
| project Ultimo_Check, Instancia, Particion, Porcentaje_Disponible
| order by Instancia asc, Porcentaje_Disponible desc
编辑以添加解决问题的评论
order by 根据排序键对记录进行排序。它不排序 "groups of records",因为在查询语言和底层数据层中都没有这样的概念。您可能想要重组您的数据(在查询时),以便您最终得到每个 "group" 的记录(例如,将 _Total 作为一列,其余驱动器在 属性像 {"C:":1234, "D:":3456} 这样的包。然后,您可以按列 _Total