获取截至给定日期的累计计数的 Kusto 查询
Kusto query for getting cummulative count up to a given date
我有一个数据库,其中包含一组带有用户 ID 和时间戳的事件,我正在尝试编写一个查询,该查询将为我提供截至每天触发事件的不同用户的数量。所以如果我们有以下数据:
Event | UID | Time Stamp
event 1 | 0 | 9/25/19 9:00 AM
event 2 | 1 | 9/25/19 3:00 PM
event 3 | 2 | 9/26/19 2:00 PM
event 4 | 1 | 9/28/19 5:00 PM
event 5 | 3 | 9/29/19 7:00 AM
那么输出应该是:
9/25/19 : 2
9/26/19 : 3
9/27/19 : 3 (since there are no new events on the 27th)
9/28/19 : 3 (since user with UID=1 has already been counted)
9/29/19 : 4
我有一个查询,它会获取每天的事件数,但不会获取那天之前所有天的事件数。任何帮助将不胜感激!
Kusto/ADX 中有几个内置的用户分析插件:https://docs.microsoft.com/en-us/azure/kusto/query/useranalytics
例如,其中一个是 activity_engagement 插件:https://docs.microsoft.com/en-us/azure/kusto/query/activity-engagement-plugin
例如:
let T = datatable(Event:string, UID:int, Timestamp:datetime)
[
'event 1', 0, datetime(9/25/19 9:00 AM),
'event 2', 1, datetime(9/25/19 3:00 PM),
'event 3', 2, datetime(9/26/19 2:00 PM),
'event 4', 1, datetime(9/28/19 5:00 PM),
'event 5', 3, datetime(9/29/19 7:00 AM),
]
;
let min_date_time = toscalar(T | summarize startofday(min(Timestamp)));
let max_date_time = toscalar(T | summarize startofday(max(Timestamp)));
T
| evaluate activity_engagement (UID, Timestamp, 1d, 1d + max_date_time - min_date_time)
| project Timestamp, dcount_activities_outer
而且,如果您想 "fill the gap" 参加 9 月 27 日,您可以执行以下操作:
let T = datatable(Event:string, UID:int, Timestamp:datetime)
[
'event 1', 0, datetime(9/25/19 9:00 AM),
'event 2', 1, datetime(9/25/19 3:00 PM),
'event 3', 2, datetime(9/26/19 2:00 PM),
'event 4', 1, datetime(9/28/19 5:00 PM),
'event 5', 3, datetime(9/29/19 7:00 AM),
]
;
let min_date_time = toscalar(T | summarize startofday(min(Timestamp)));
let max_date_time = toscalar(T | summarize startofday(max(Timestamp)));
range Timestamp from min_date_time to max_date_time step 1d
| join kind=leftouter (
T
| evaluate activity_engagement (UID, Timestamp, 1d, 1d + max_date_time - min_date_time)
| project Timestamp, dcount_activities_outer
) on Timestamp
| order by Timestamp asc
| project Timestamp, coalesce(dcount_activities_outer, prev(dcount_activities_outer))
我有一个数据库,其中包含一组带有用户 ID 和时间戳的事件,我正在尝试编写一个查询,该查询将为我提供截至每天触发事件的不同用户的数量。所以如果我们有以下数据:
Event | UID | Time Stamp
event 1 | 0 | 9/25/19 9:00 AM
event 2 | 1 | 9/25/19 3:00 PM
event 3 | 2 | 9/26/19 2:00 PM
event 4 | 1 | 9/28/19 5:00 PM
event 5 | 3 | 9/29/19 7:00 AM
那么输出应该是:
9/25/19 : 2
9/26/19 : 3
9/27/19 : 3 (since there are no new events on the 27th)
9/28/19 : 3 (since user with UID=1 has already been counted)
9/29/19 : 4
我有一个查询,它会获取每天的事件数,但不会获取那天之前所有天的事件数。任何帮助将不胜感激!
Kusto/ADX 中有几个内置的用户分析插件:https://docs.microsoft.com/en-us/azure/kusto/query/useranalytics
例如,其中一个是 activity_engagement 插件:https://docs.microsoft.com/en-us/azure/kusto/query/activity-engagement-plugin
例如:
let T = datatable(Event:string, UID:int, Timestamp:datetime)
[
'event 1', 0, datetime(9/25/19 9:00 AM),
'event 2', 1, datetime(9/25/19 3:00 PM),
'event 3', 2, datetime(9/26/19 2:00 PM),
'event 4', 1, datetime(9/28/19 5:00 PM),
'event 5', 3, datetime(9/29/19 7:00 AM),
]
;
let min_date_time = toscalar(T | summarize startofday(min(Timestamp)));
let max_date_time = toscalar(T | summarize startofday(max(Timestamp)));
T
| evaluate activity_engagement (UID, Timestamp, 1d, 1d + max_date_time - min_date_time)
| project Timestamp, dcount_activities_outer
而且,如果您想 "fill the gap" 参加 9 月 27 日,您可以执行以下操作:
let T = datatable(Event:string, UID:int, Timestamp:datetime)
[
'event 1', 0, datetime(9/25/19 9:00 AM),
'event 2', 1, datetime(9/25/19 3:00 PM),
'event 3', 2, datetime(9/26/19 2:00 PM),
'event 4', 1, datetime(9/28/19 5:00 PM),
'event 5', 3, datetime(9/29/19 7:00 AM),
]
;
let min_date_time = toscalar(T | summarize startofday(min(Timestamp)));
let max_date_time = toscalar(T | summarize startofday(max(Timestamp)));
range Timestamp from min_date_time to max_date_time step 1d
| join kind=leftouter (
T
| evaluate activity_engagement (UID, Timestamp, 1d, 1d + max_date_time - min_date_time)
| project Timestamp, dcount_activities_outer
) on Timestamp
| order by Timestamp asc
| project Timestamp, coalesce(dcount_activities_outer, prev(dcount_activities_outer))