有没有办法将所有最后插入的性能计数器按机器分组在一行中?
Is there a way to group all the last inserted performance counters by machine in one row?
我正在尝试查询日志分析 Perf table。此 table 有关于计算机的性能计数器。
我想在一行中获取机器的所有性能计数器。
我写了这个 Kusto 查询,但它把每个计数器都放在自己的行中。
Perf
| where Computer in ('aks-nodepool1-85388480-3', 'aks-agentpool-40719753-2')
| summarize arg_max(TimeGenerated, *) by CounterName, Computer
| project Computer, CounterName, TimeGenerated, CounterValue
我想要一个可以带来以下结果的查询:
(Computer1, TimeGenerated, CounterName1, CounterName1Value, CounterName2, CounterName2Value, ...)
(Computer2, TimeGenerated, CounterName1, CounterName1Value, CounterName2, CounterName2Value, ...)
(Computer3, TimeGenerated, CounterName1, CounterName1Value, CounterName2, CounterName2Value, ...)
如有任何帮助或建议,我们将不胜感激。
这样的事情怎么样?
(它的输出模式与您最初在问题中提到的输出模式略有不同)
datatable(Computer:string, CounterName:string, CounterValue:double, TimeGenerated:datetime)
[
"comp1", "counter1", 1.0, datetime(2019-02-07 16:31:15),
"comp2", "counter1", 1.1, datetime(2019-02-07 16:31:15),
"comp3", "counter1", 1.2, datetime(2019-02-07 16:31:15),
"comp4", "counter1", 1.3, datetime(2019-02-07 16:31:16),
"comp2", "counter2", 1.4, datetime(2019-02-07 16:31:16),
"comp3", "counter3", 1.5, datetime(2019-02-07 16:31:16),
"comp4", "counter2", 1.6, datetime(2019-02-07 16:31:14),
]
| summarize TimeGenerated = any(TimeGenerated), d = make_dictionary(pack(CounterName, CounterValue)) by Computer
| evaluate bag_unpack(d)
将输出:
| Computer | TimeGenerated | counter1 | counter2 | counter3 |
|----------|-----------------------------|----------|----------|----------|
| comp1 | 2019-02-07 16:31:15.0000000 | 1 | | |
| comp2 | 2019-02-07 16:31:15.0000000 | 1.1 | 1.4 | |
| comp3 | 2019-02-07 16:31:15.0000000 | 1.2 | | 1.5 |
| comp4 | 2019-02-07 16:31:16.0000000 | 1.3 | 1.6 | |
你也可以这样做:
datatable(Computer:string, CounterName:string, CounterValue:double, TimeGenerated:datetime)
[
"comp1", "counter1", 1.0, datetime(2019-02-07 16:31:15),
"comp2", "counter1", 1.1, datetime(2019-02-07 16:31:15),
"comp3", "counter1", 1.2, datetime(2019-02-07 16:31:15),
"comp4", "counter1", 1.3, datetime(2019-02-07 16:31:16),
"comp2", "counter2", 1.4, datetime(2019-02-07 16:31:16),
"comp3", "counter3", 1.5, datetime(2019-02-07 16:31:16),
"comp4", "counter2", 1.6, datetime(2019-02-07 16:31:14),
]
| summarize arg_max(TimeGenerated, *) by Computer, CounterName
| summarize d = make_dictionary(pack(CounterName, CounterValue, "TimeGenerated", TimeGenerated)) by Computer
| evaluate bag_unpack(d)
这将输出:
| Computer | TimeGenerated | counter1 | counter2 | counter3 |
|----------|-----------------------------|----------|----------|----------|
| comp1 | 2019-02-07 16:31:15.0000000 | 1 | | |
| comp2 | 2019-02-07 16:31:15.0000000 | 1.1 | 1.4 | |
| comp3 | 2019-02-07 16:31:15.0000000 | 1.2 | | 1.5 |
| comp4 | 2019-02-07 16:31:16.0000000 | 1.3 | 1.6 | |
我正在尝试查询日志分析 Perf table。此 table 有关于计算机的性能计数器。
我想在一行中获取机器的所有性能计数器。
我写了这个 Kusto 查询,但它把每个计数器都放在自己的行中。
Perf
| where Computer in ('aks-nodepool1-85388480-3', 'aks-agentpool-40719753-2')
| summarize arg_max(TimeGenerated, *) by CounterName, Computer
| project Computer, CounterName, TimeGenerated, CounterValue
我想要一个可以带来以下结果的查询:
(Computer1, TimeGenerated, CounterName1, CounterName1Value, CounterName2, CounterName2Value, ...)
(Computer2, TimeGenerated, CounterName1, CounterName1Value, CounterName2, CounterName2Value, ...)
(Computer3, TimeGenerated, CounterName1, CounterName1Value, CounterName2, CounterName2Value, ...)
如有任何帮助或建议,我们将不胜感激。
这样的事情怎么样? (它的输出模式与您最初在问题中提到的输出模式略有不同)
datatable(Computer:string, CounterName:string, CounterValue:double, TimeGenerated:datetime)
[
"comp1", "counter1", 1.0, datetime(2019-02-07 16:31:15),
"comp2", "counter1", 1.1, datetime(2019-02-07 16:31:15),
"comp3", "counter1", 1.2, datetime(2019-02-07 16:31:15),
"comp4", "counter1", 1.3, datetime(2019-02-07 16:31:16),
"comp2", "counter2", 1.4, datetime(2019-02-07 16:31:16),
"comp3", "counter3", 1.5, datetime(2019-02-07 16:31:16),
"comp4", "counter2", 1.6, datetime(2019-02-07 16:31:14),
]
| summarize TimeGenerated = any(TimeGenerated), d = make_dictionary(pack(CounterName, CounterValue)) by Computer
| evaluate bag_unpack(d)
将输出:
| Computer | TimeGenerated | counter1 | counter2 | counter3 |
|----------|-----------------------------|----------|----------|----------|
| comp1 | 2019-02-07 16:31:15.0000000 | 1 | | |
| comp2 | 2019-02-07 16:31:15.0000000 | 1.1 | 1.4 | |
| comp3 | 2019-02-07 16:31:15.0000000 | 1.2 | | 1.5 |
| comp4 | 2019-02-07 16:31:16.0000000 | 1.3 | 1.6 | |
你也可以这样做:
datatable(Computer:string, CounterName:string, CounterValue:double, TimeGenerated:datetime)
[
"comp1", "counter1", 1.0, datetime(2019-02-07 16:31:15),
"comp2", "counter1", 1.1, datetime(2019-02-07 16:31:15),
"comp3", "counter1", 1.2, datetime(2019-02-07 16:31:15),
"comp4", "counter1", 1.3, datetime(2019-02-07 16:31:16),
"comp2", "counter2", 1.4, datetime(2019-02-07 16:31:16),
"comp3", "counter3", 1.5, datetime(2019-02-07 16:31:16),
"comp4", "counter2", 1.6, datetime(2019-02-07 16:31:14),
]
| summarize arg_max(TimeGenerated, *) by Computer, CounterName
| summarize d = make_dictionary(pack(CounterName, CounterValue, "TimeGenerated", TimeGenerated)) by Computer
| evaluate bag_unpack(d)
这将输出:
| Computer | TimeGenerated | counter1 | counter2 | counter3 |
|----------|-----------------------------|----------|----------|----------|
| comp1 | 2019-02-07 16:31:15.0000000 | 1 | | |
| comp2 | 2019-02-07 16:31:15.0000000 | 1.1 | 1.4 | |
| comp3 | 2019-02-07 16:31:15.0000000 | 1.2 | | 1.5 |
| comp4 | 2019-02-07 16:31:16.0000000 | 1.3 | 1.6 | |