按 Azure 监视器日志中列表中的元素分组
Group by elements in list in Azure monitor log
我的日志消息将 ID 列表记录为逗号分隔的字符串,我想查明是否有任何 ID 在特定日志输出中被多次提及(查找重复操作)。
到目前为止,我已经能够按整个逗号分隔的字符串进行计数,但我想按它的每个值进行计数。
traces
| where operation_Name contains "MyOperation"
| where message contains "Trigger Details"
| extend messageIdArray = extract("MessageIdArray: (.*?), ", 1, message)
| extend messageIdList = split(messageIdArray, ",")
| summarize occurences=count() by <I want each element of messageIdList here>
| sort by occurences desc
有办法实现吗?
您可以尝试扩展数组,然后按其元素汇总:
traces
| where operation_Name has "MyOperation"
| where message has "Trigger Details"
| parse message with * "MessageIdArray: " messageIdArray
| extend messageIdList = split(messageIdArray, ",")
| mv-expand messageIdList to typeof(string)
| summarize occurrences=count() by messageIdList
| sort by occurrences desc
我的日志消息将 ID 列表记录为逗号分隔的字符串,我想查明是否有任何 ID 在特定日志输出中被多次提及(查找重复操作)。
到目前为止,我已经能够按整个逗号分隔的字符串进行计数,但我想按它的每个值进行计数。
traces
| where operation_Name contains "MyOperation"
| where message contains "Trigger Details"
| extend messageIdArray = extract("MessageIdArray: (.*?), ", 1, message)
| extend messageIdList = split(messageIdArray, ",")
| summarize occurences=count() by <I want each element of messageIdList here>
| sort by occurences desc
有办法实现吗?
您可以尝试扩展数组,然后按其元素汇总:
traces
| where operation_Name has "MyOperation"
| where message has "Trigger Details"
| parse message with * "MessageIdArray: " messageIdArray
| extend messageIdList = split(messageIdArray, ",")
| mv-expand messageIdList to typeof(string)
| summarize occurrences=count() by messageIdList
| sort by occurrences desc