是否有任何 KQL 查询来提取页面视图,从 Azure-Log 分析上的 W3C IISlogs 下载计数?
Is there any KQL queries to extract page views, download counts from the W3C IISlogs on Azure-Log analytics?
我们正在尝试从 w3c IIS 日志中提取页面浏览量、文件下载计数、用户列表。我们想定义什么是页面视图,即任何用户在同一页面上停留超过 10 秒都属于单页视图。少一点就不是页面浏览量。 w3c 日志似乎没有足够的数据来提取它。这可以用现有的东西实现吗?
这是可用于从中提取上述信息的数据,
数据表运算符
数据表(TimeGenerated:日期时间,csUriStem:string,scStatus:string,csUserName:string,sSiteName:字符串)
[日期时间(2019-04-12T11:55:13Z),"/账户/","302","-","WebsiteName",
日期时间(2019-04-12T11:55:16Z),“/”,“302”,“-”,"WebsiteName",
日期时间(2019-04-12T11:55:17Z),“/帐户/”,“200”,"myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Content/site.css","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Scripts/modernizr-2.8.3.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Scripts/bootstrap.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Content/bootstrap.css","200","-","WebsiteName",
datetime(2019-04-12T11:55:18Z),"/Scripts/jquery-3.3.1.js","200","-","WebsiteName",
日期时间(2019-04-12T11:55:23Z),“/”,“302”,“-”,"WebsiteName",
日期时间(2019-04-12T11:56:39Z),“/”,“200”,"myemail@mycom.com","WebsiteName",
日期时间(2019-04-12T11:57:13Z),“/Home/About”,“200”,"myemail@mycom.com","WebsiteName",
日期时间(2019-04-12T11:58:16Z),“/Home/Contact”,“200”,"myemail@mycom.com","WebsiteName",
日期时间(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]
我不确定我是否正确地满足了您的所有要求,但这里有一些内容可以帮助您入门并为您提供初步指导。
datatable (TimeGenerated:datetime, csUriStem:string, scStatus:string, csUserName:string, sSiteName :string)
[datetime(2019-04-12T11:55:13Z),"/Account/","302","-","WebsiteName",
datetime(2019-04-12T11:55:16Z),"/","302","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Account/","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Content/site.css","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Scripts/modernizr-2.8.3.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Scripts/bootstrap.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Content/bootstrap.css","200","-","WebsiteName",
datetime(2019-04-12T11:55:18Z),"/Scripts/jquery-3.3.1.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:23Z),"/","302","-","WebsiteName",
datetime(2019-04-12T11:56:39Z),"/","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:57:13Z),"/Home/About","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:58:16Z),"/Home/Contact","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]
| where scStatus !in ('302') // exclude status 302
| where csUriStem !startswith '/Scripts' and csUriStem !endswith ".css" // exclude pages coming from '/Script' and .css files
| order by TimeGenerated asc
| summarize t=make_list(TimeGenerated) by csUriStem, csUserName // create time-series of visit events
| mv-apply t to typeof(datetime) on // run subquery on each of the series
(
project isVisit = (t - prev(t)) > 1min // compare with previous timestamp, and see if >1min passed
| summarize Visits=sum(isVisit)
)
| project csUriStem, csUserName, Visits
这里是 make_list() (aggregation function), prev() (window function), summarize operator, and mv-apply 运算符
的链接
我们正在尝试从 w3c IIS 日志中提取页面浏览量、文件下载计数、用户列表。我们想定义什么是页面视图,即任何用户在同一页面上停留超过 10 秒都属于单页视图。少一点就不是页面浏览量。 w3c 日志似乎没有足够的数据来提取它。这可以用现有的东西实现吗?
这是可用于从中提取上述信息的数据,
数据表运算符
数据表(TimeGenerated:日期时间,csUriStem:string,scStatus:string,csUserName:string,sSiteName:字符串) [日期时间(2019-04-12T11:55:13Z),"/账户/","302","-","WebsiteName", 日期时间(2019-04-12T11:55:16Z),“/”,“302”,“-”,"WebsiteName", 日期时间(2019-04-12T11:55:17Z),“/帐户/”,“200”,"myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:55:17Z),"/Content/site.css","200","-","WebsiteName", datetime(2019-04-12T11:55:17Z),"/Scripts/modernizr-2.8.3.js","200","-","WebsiteName", datetime(2019-04-12T11:55:17Z),"/Scripts/bootstrap.js","200","-","WebsiteName", datetime(2019-04-12T11:55:17Z),"/Content/bootstrap.css","200","-","WebsiteName", datetime(2019-04-12T11:55:18Z),"/Scripts/jquery-3.3.1.js","200","-","WebsiteName", 日期时间(2019-04-12T11:55:23Z),“/”,“302”,“-”,"WebsiteName", 日期时间(2019-04-12T11:56:39Z),“/”,“200”,"myemail@mycom.com","WebsiteName", 日期时间(2019-04-12T11:57:13Z),“/Home/About”,“200”,"myemail@mycom.com","WebsiteName", 日期时间(2019-04-12T11:58:16Z),“/Home/Contact”,“200”,"myemail@mycom.com","WebsiteName", 日期时间(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]
我不确定我是否正确地满足了您的所有要求,但这里有一些内容可以帮助您入门并为您提供初步指导。
datatable (TimeGenerated:datetime, csUriStem:string, scStatus:string, csUserName:string, sSiteName :string)
[datetime(2019-04-12T11:55:13Z),"/Account/","302","-","WebsiteName",
datetime(2019-04-12T11:55:16Z),"/","302","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Account/","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Content/site.css","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Scripts/modernizr-2.8.3.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Scripts/bootstrap.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:17Z),"/Content/bootstrap.css","200","-","WebsiteName",
datetime(2019-04-12T11:55:18Z),"/Scripts/jquery-3.3.1.js","200","-","WebsiteName",
datetime(2019-04-12T11:55:23Z),"/","302","-","WebsiteName",
datetime(2019-04-12T11:56:39Z),"/","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:57:13Z),"/Home/About","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:58:16Z),"/Home/Contact","200","myemail@mycom.com","WebsiteName",
datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]
| where scStatus !in ('302') // exclude status 302
| where csUriStem !startswith '/Scripts' and csUriStem !endswith ".css" // exclude pages coming from '/Script' and .css files
| order by TimeGenerated asc
| summarize t=make_list(TimeGenerated) by csUriStem, csUserName // create time-series of visit events
| mv-apply t to typeof(datetime) on // run subquery on each of the series
(
project isVisit = (t - prev(t)) > 1min // compare with previous timestamp, and see if >1min passed
| summarize Visits=sum(isVisit)
)
| project csUriStem, csUserName, Visits
这里是 make_list() (aggregation function), prev() (window function), summarize operator, and mv-apply 运算符
的链接