Kusto：查询以分组 http 状态代码

Question

我正在尝试从 Azure Log Analytics 查询一些与 Azure 应用程序网关相关的内容。

对于每个 http 状态代码，我都会得到这样的查询结果：

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| summarize count() by httpStatus_d, Resource

现在我需要将这些结果分组为 2xx、3xx、4xx 和 5xx。

Kusto 的新手我找不到实现此目标的正确方法。感谢您的提示！

Answer 1

您可以尝试使用 bin() 函数，例如：

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| summarize count() by bin(httpStatus_d, 100), Resource

Answer 2

感谢@yoni 指引了我正确的方向。

我是这样解决的：

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| extend HTTPStatus = case(httpStatus_d between (200 .. 299), "2XX",
                       httpStatus_d between (300 .. 399), "3XX",
                       httpStatus_d between (400 .. 499), "4XX",
                       "5XX")
| summarize count() by HTTPStatus, bin(timeStamp_t, 1h)
| render timechart

Answer 3

自动按所有 httpStatus_d 值分组。

AzureDiagnostics 
| where TimeGenerated > ago(30d)
| summarize count=count() by httpStatus_d
| order by httpStatus_d asc

Kusto：查询以分组 http 状态代码

Kusto: query to group http status codes

azure

kql

azure-data-explorer