具有多个维度的 Azure 日志分析时间表

Azure log analytics timechart with multiple dimensions

Azure new log analytics query platform 中,您可以查询性能计数器并汇总它们以最终创建一个漂亮的图表。

multiple dimensions documentation example 之后它说

Multiple expressions in the by clause creates multiple rows, one for each combination of values.

我想查询他们的示例数据库以了解每台计算机发送和接收的网络字节数。以 this query 开头应该是

Perf | where TimeGenerated > ago(1d) | where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") | summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, CounterName | extend Threshold = 20 | render timechart

问题是 发送和接收的字节在计算机级别的图形中分组

如何如文档中所述表示多个维度,以便我有 Computer X Bytes SendComputer X Bytes Received将它们组合在一起 没有任何意义?

更不用说在以前的版本中它按预期工作。

我认为如果不真正接受多个维度,字符串连接就可以解决问题。在我看来有点老套,但确实如此。

Perf
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") and InstanceName matches regex "^Microsoft Hyper-V Network Adapter.*$"
| summarize avg(CounterValue) by strcat(Computer, " ", CounterName), bin(TimeGenerated, 10s)
| render timechart

另一个选项是这个

let RuntimeID = CosmosThroughput_CL 
| where MetricName_s == "ProvisionedThroughput" and TimeGenerated between (ago(2h) .. ago(1h))
| order by TimeGenerated desc  
| top 1 by TimeGenerated
| distinct RuntimeID_g;
CosmosThroughput_CL 
| where MetricName_s == "ProvisionedThroughput" and RuntimeID_g in (RuntimeID)
| project Resource = toupper(Resource), Value = Throughput_d, Container = Container_s, Database = Database_s, MetricName = "Provisioned"
| union 
    (
        AzureDiagnostics 
        | where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
        | where TimeGenerated between (ago(1d) .. ago(1d-1h))
        | summarize Value = sum(todouble(requestCharge_s)) by Resource, databaseName_s, collectionName_s
        | project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "HourlyUsage"
    ) 
| union 
    ( 
        AzureDiagnostics 
        | where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
        | where TimeGenerated between (ago(1d) .. ago(1d-1h))
        | summarize Value = sum(todouble(requestCharge_s)/3600) by Resource, databaseName_s, collectionName_s
        | project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "RUs"
    )
| project Resource, Database, Container, Value, MetricName

重要的部分是project相同的列名。 Value 保存每个 table 的不同值。第二个 union 帮助我从同一个 table.

中预测另一个值