聚合 Azure 中的多个列(Kusto 查询语言)
Aggregate over multiple columns in Azure (Kusto Query Language)
我在 Azure 监视器日志中有以下格式的点击流数据:
Category StepName Count_ Median_Duration(secs)
A step1 1200 00:00
A step2 1000 24:00
A step3 800 19:00
B step1 4000 00:00
B step2 3800 37:00
我需要旋转 table 才能得到这个:
Category Step1_Count Step1_Duration Step2_Count Step2_Duration Step3_Count ...
A 1200 00:00 1000 24:00 800 ...
B 4000 00:00 3800 37:00 0 ...
现在我只能使用评估数据透视(StepName, sum(Count_)) 或评估数据透视(StepName, sum(Median_Duration)) 对一列进行聚合。不使用连接是否可以得到上述格式?
注意:与输出table类似的格式也可以,只需要计数和持续时间的总和。
您可以尝试以下几行:
datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
"A", "step1", 1200, time(00:00:00),
"A", "step2", 1000, time(00:00:24),
"A", "step3", 800, time(00:00:19),
"B", "step1", 4000, time(00:00:00),
"B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName
| project Category, p = pack(strcat(StepName, "_Count"), StepCount, strcat(StepName, "_Duration"), Duration)
| summarize b = make_bag(p) by Category
| evaluate bag_unpack(b)
或者,如果您可以使用不同的输出架构:
datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
"A", "step1", 1200, time(00:00:00),
"A", "step2", 1000, time(00:00:24),
"A", "step3", 800, time(00:00:19),
"B", "step1", 4000, time(00:00:00),
"B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName
我在 Azure 监视器日志中有以下格式的点击流数据:
Category StepName Count_ Median_Duration(secs)
A step1 1200 00:00
A step2 1000 24:00
A step3 800 19:00
B step1 4000 00:00
B step2 3800 37:00
我需要旋转 table 才能得到这个:
Category Step1_Count Step1_Duration Step2_Count Step2_Duration Step3_Count ...
A 1200 00:00 1000 24:00 800 ...
B 4000 00:00 3800 37:00 0 ...
现在我只能使用评估数据透视(StepName, sum(Count_)) 或评估数据透视(StepName, sum(Median_Duration)) 对一列进行聚合。不使用连接是否可以得到上述格式?
注意:与输出table类似的格式也可以,只需要计数和持续时间的总和。
您可以尝试以下几行:
datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
"A", "step1", 1200, time(00:00:00),
"A", "step2", 1000, time(00:00:24),
"A", "step3", 800, time(00:00:19),
"B", "step1", 4000, time(00:00:00),
"B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName
| project Category, p = pack(strcat(StepName, "_Count"), StepCount, strcat(StepName, "_Duration"), Duration)
| summarize b = make_bag(p) by Category
| evaluate bag_unpack(b)
或者,如果您可以使用不同的输出架构:
datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
"A", "step1", 1200, time(00:00:00),
"A", "step2", 1000, time(00:00:24),
"A", "step3", 800, time(00:00:19),
"B", "step1", 4000, time(00:00:00),
"B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName