如何在 KQL 中使用服务器获取 top CPU 的详细信息
How to get details of top CPU using servers in KQL
我们所有的服务器都安装了 Log Analytics 代理。代理配置为捕获性能计数器信息。通过触发此查询,我可以轻松地了解 CPU 在所有服务器上的使用情况:
Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize HourlyUsage = avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
我想创建一个图表来显示前 10 个负载最重的服务器的 CPU 使用情况。我创建了一个 KQL 查询以获取 CPU 中的前 10 个,使用服务器:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last;
此查询为我提供了感兴趣的服务器列表。现在我想得到这个列表的性能计数器。当我尝试这个时:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last;
Perf | join (TopCPUMaxServers) on Computer
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
我只从时间图表上显示的第一个查询中获取测量值。 (基本上10个值)
如何获取在第一个查询中获得的服务器的性能计数器?
此致,
斯文
您可以使用 in() 运算符使用下一个变体:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last
| project Computer;
Perf
| where Computer in (TopCPUMaxServers)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
默认的 join kind 是 "innerunique" 其中 returns 第一个匹配项。您可以使用 "leftouter" 类型,但对于这种情况,"in" 运算符会更简单并且可能表现更好:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last
| project Computer;
Perf
| where Computer in (TopCPUMaxServers)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
我们所有的服务器都安装了 Log Analytics 代理。代理配置为捕获性能计数器信息。通过触发此查询,我可以轻松地了解 CPU 在所有服务器上的使用情况:
Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize HourlyUsage = avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
我想创建一个图表来显示前 10 个负载最重的服务器的 CPU 使用情况。我创建了一个 KQL 查询以获取 CPU 中的前 10 个,使用服务器:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last;
此查询为我提供了感兴趣的服务器列表。现在我想得到这个列表的性能计数器。当我尝试这个时:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last;
Perf | join (TopCPUMaxServers) on Computer
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
我只从时间图表上显示的第一个查询中获取测量值。 (基本上10个值) 如何获取在第一个查询中获得的服务器的性能计数器?
此致, 斯文
您可以使用 in() 运算符使用下一个变体:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last
| project Computer;
Perf
| where Computer in (TopCPUMaxServers)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart
默认的 join kind 是 "innerunique" 其中 returns 第一个匹配项。您可以使用 "leftouter" 类型,但对于这种情况,"in" 运算符会更简单并且可能表现更好:
let TopCPUMaxServers = Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize Max_CPU = max(CounterValue) by Computer, CounterName
| top 10 by Max_CPU asc nulls last
| project Computer;
Perf
| where Computer in (TopCPUMaxServers)
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer
| render timechart