Azure Kusto 语法
Azure Kusto syntax
我需要运行一个非常简单的查询
requests
| where cloud_RoleName == "blabla"
| summarize Count=count() by url
| order by Count desc
我只需要获取过去 5 分钟的数据
如果我试试这个:
requests | where timestamp < ago(5m)
| where cloud_RoleName == "blabla"
| summarize Count=count() by url
| order by Count desc
或这个
requests
| where cloud_RoleName == "blabla" and timestamp < ago(5m)
| summarize Count=count() by url
| order by Count desc
但他们都返回了超过 5 分钟的数据的答案。
我阅读了文档,但我看不到其他编写此查询的方法
有人可以帮忙吗?
确保检查时间戳是否大于 ago() 的结果。
它 returns 来自例如5 分钟前,所以如果您想要过去 5 分钟内的数据,您需要时间戳高于该时间的数据。
所以查询应该是:
requests
| where timestamp > ago(5m)
| where cloud_RoleName == "blabla"
| summarize Count=count() by url
| order by Count desc
我需要运行一个非常简单的查询
requests
| where cloud_RoleName == "blabla"
| summarize Count=count() by url
| order by Count desc
我只需要获取过去 5 分钟的数据 如果我试试这个:
requests | where timestamp < ago(5m)
| where cloud_RoleName == "blabla"
| summarize Count=count() by url
| order by Count desc
或这个
requests
| where cloud_RoleName == "blabla" and timestamp < ago(5m)
| summarize Count=count() by url
| order by Count desc
但他们都返回了超过 5 分钟的数据的答案。 我阅读了文档,但我看不到其他编写此查询的方法
有人可以帮忙吗?
确保检查时间戳是否大于 ago() 的结果。
它 returns 来自例如5 分钟前,所以如果您想要过去 5 分钟内的数据,您需要时间戳高于该时间的数据。
所以查询应该是:
requests
| where timestamp > ago(5m)
| where cloud_RoleName == "blabla"
| summarize Count=count() by url
| order by Count desc