总时间查询
Total over time query
在 Log Analytics 中,我可以编写以下查询:
requests
| where timestamp > ago(30d)
| summarize count() by bin(timestamp, 5m)
每个箱子都会有那个时间范围内的请求数。
bin 1 -> 5 req
bin 2 -> 2 req
bin 3 -> 8 req
我想了解一段时间内的总计,如:
bin 1 -> 5 req
bin 2 -> 7 req (bin1 + bin2)
bin 3 -> 15 req (bin1 + bin2 + bin3)
如何使用 Kusto 实现这一目标?
您可以尝试使用 row_cumsum():https://docs.microsoft.com/en-us/azure/kusto/query/rowcumsumfunction
datatable(dummy:int, timestamp:datetime)
[
1, datetime(2019-10-06 00:00),
1, datetime(2019-10-06 00:01),
1, datetime(2019-10-06 00:02),
1, datetime(2019-10-06 00:03),
1, datetime(2019-10-06 00:04),
1, datetime(2019-10-06 06:00),
1, datetime(2019-10-06 06:01),
1, datetime(2019-10-06 12:00),
1, datetime(2019-10-06 12:00),
1, datetime(2019-10-06 12:02),
1, datetime(2019-10-06 12:01),
1, datetime(2019-10-06 12:04),
1, datetime(2019-10-06 12:01),
1, datetime(2019-10-06 12:02),
1, datetime(2019-10-06 12:02),
]
| summarize count() by bin(timestamp, 5m)
| order by timestamp asc
| project timestamp, c = row_cumsum(count_)
-->
| timestamp | c |
|-----------------------------|----|
| 2019-10-06 00:00:00.0000000 | 5 |
| 2019-10-06 06:00:00.0000000 | 7 |
| 2019-10-06 12:00:00.0000000 | 15 |
在 Log Analytics 中,我可以编写以下查询:
requests
| where timestamp > ago(30d)
| summarize count() by bin(timestamp, 5m)
每个箱子都会有那个时间范围内的请求数。
bin 1 -> 5 req
bin 2 -> 2 req
bin 3 -> 8 req
我想了解一段时间内的总计,如:
bin 1 -> 5 req
bin 2 -> 7 req (bin1 + bin2)
bin 3 -> 15 req (bin1 + bin2 + bin3)
如何使用 Kusto 实现这一目标?
您可以尝试使用 row_cumsum():https://docs.microsoft.com/en-us/azure/kusto/query/rowcumsumfunction
datatable(dummy:int, timestamp:datetime)
[
1, datetime(2019-10-06 00:00),
1, datetime(2019-10-06 00:01),
1, datetime(2019-10-06 00:02),
1, datetime(2019-10-06 00:03),
1, datetime(2019-10-06 00:04),
1, datetime(2019-10-06 06:00),
1, datetime(2019-10-06 06:01),
1, datetime(2019-10-06 12:00),
1, datetime(2019-10-06 12:00),
1, datetime(2019-10-06 12:02),
1, datetime(2019-10-06 12:01),
1, datetime(2019-10-06 12:04),
1, datetime(2019-10-06 12:01),
1, datetime(2019-10-06 12:02),
1, datetime(2019-10-06 12:02),
]
| summarize count() by bin(timestamp, 5m)
| order by timestamp asc
| project timestamp, c = row_cumsum(count_)
-->
| timestamp | c |
|-----------------------------|----|
| 2019-10-06 00:00:00.0000000 | 5 |
| 2019-10-06 06:00:00.0000000 | 7 |
| 2019-10-06 12:00:00.0000000 | 15 |