具有多个维度的 Azure 日志分析时间表
Azure log analytics timechart with multiple dimensions
在 Azure new log analytics query platform 中,您可以查询性能计数器并汇总它们以最终创建一个漂亮的图表。
在 multiple dimensions documentation example 之后它说
Multiple expressions in the by clause creates multiple rows, one for
each combination of values.
我想查询他们的示例数据库以了解每台计算机发送和接收的网络字节数。以 this query 开头应该是
Perf
| where TimeGenerated > ago(1d)
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec")
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, CounterName
| extend Threshold = 20
| render timechart
问题是 发送和接收的字节在计算机级别的图形中分组。
如何如文档中所述表示多个维度,以便我有 Computer X Bytes Send 和 Computer X Bytes Received将它们组合在一起 没有任何意义?
更不用说在以前的版本中它按预期工作。
我认为如果不真正接受多个维度,字符串连接就可以解决问题。在我看来有点老套,但确实如此。
Perf
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") and InstanceName matches regex "^Microsoft Hyper-V Network Adapter.*$"
| summarize avg(CounterValue) by strcat(Computer, " ", CounterName), bin(TimeGenerated, 10s)
| render timechart
另一个选项是这个
let RuntimeID = CosmosThroughput_CL
| where MetricName_s == "ProvisionedThroughput" and TimeGenerated between (ago(2h) .. ago(1h))
| order by TimeGenerated desc
| top 1 by TimeGenerated
| distinct RuntimeID_g;
CosmosThroughput_CL
| where MetricName_s == "ProvisionedThroughput" and RuntimeID_g in (RuntimeID)
| project Resource = toupper(Resource), Value = Throughput_d, Container = Container_s, Database = Database_s, MetricName = "Provisioned"
| union
(
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
| where TimeGenerated between (ago(1d) .. ago(1d-1h))
| summarize Value = sum(todouble(requestCharge_s)) by Resource, databaseName_s, collectionName_s
| project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "HourlyUsage"
)
| union
(
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
| where TimeGenerated between (ago(1d) .. ago(1d-1h))
| summarize Value = sum(todouble(requestCharge_s)/3600) by Resource, databaseName_s, collectionName_s
| project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "RUs"
)
| project Resource, Database, Container, Value, MetricName
重要的部分是project
相同的列名。 Value
保存每个 table 的不同值。第二个 union
帮助我从同一个 table.
中预测另一个值
在 Azure new log analytics query platform 中,您可以查询性能计数器并汇总它们以最终创建一个漂亮的图表。
在 multiple dimensions documentation example 之后它说
Multiple expressions in the by clause creates multiple rows, one for each combination of values.
我想查询他们的示例数据库以了解每台计算机发送和接收的网络字节数。以 this query 开头应该是
Perf
| where TimeGenerated > ago(1d)
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec")
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, CounterName
| extend Threshold = 20
| render timechart
问题是 发送和接收的字节在计算机级别的图形中分组。
如何如文档中所述表示多个维度,以便我有 Computer X Bytes Send 和 Computer X Bytes Received将它们组合在一起 没有任何意义?
更不用说在以前的版本中它按预期工作。
我认为如果不真正接受多个维度,字符串连接就可以解决问题。在我看来有点老套,但确实如此。
Perf
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") and InstanceName matches regex "^Microsoft Hyper-V Network Adapter.*$"
| summarize avg(CounterValue) by strcat(Computer, " ", CounterName), bin(TimeGenerated, 10s)
| render timechart
另一个选项是这个
let RuntimeID = CosmosThroughput_CL
| where MetricName_s == "ProvisionedThroughput" and TimeGenerated between (ago(2h) .. ago(1h))
| order by TimeGenerated desc
| top 1 by TimeGenerated
| distinct RuntimeID_g;
CosmosThroughput_CL
| where MetricName_s == "ProvisionedThroughput" and RuntimeID_g in (RuntimeID)
| project Resource = toupper(Resource), Value = Throughput_d, Container = Container_s, Database = Database_s, MetricName = "Provisioned"
| union
(
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
| where TimeGenerated between (ago(1d) .. ago(1d-1h))
| summarize Value = sum(todouble(requestCharge_s)) by Resource, databaseName_s, collectionName_s
| project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "HourlyUsage"
)
| union
(
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
| where TimeGenerated between (ago(1d) .. ago(1d-1h))
| summarize Value = sum(todouble(requestCharge_s)/3600) by Resource, databaseName_s, collectionName_s
| project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "RUs"
)
| project Resource, Database, Container, Value, MetricName
重要的部分是project
相同的列名。 Value
保存每个 table 的不同值。第二个 union
帮助我从同一个 table.