KQL 过滤器系列按最大值
KQL filter series by max value
我想制作一个时间表,但我的图表上散落着一些没有显着值的系列:
是否可以通过以下方式过滤系列:
- 只取一定数量的最大值
- 丢弃所有最大值 < const 的系列
我的要求是
let Step = timespan(1d);
let PeriodStart = ago(30d);
cluster("").database("").table("")
| where Timestamp > PeriodStart
| where Source == "courierapp" and isnotempty(CourierId)
| summarize by CourierId, bin(Timestamp, Step), AppVersion
| make-series Version=count() default=0 on Timestamp from PeriodStart to ago(0d) step Step by AppVersion
| render timechart
一种可能的解决方案基于series_stats()
let threshold = 1000;
...
| make-series Version=count() default=0 on Timestamp from PeriodStart to ago(0d) step Step by AppVersion
| extend series_stats(Version)
| where series_stats_Version_max >= threshold
| render timechart
我想制作一个时间表,但我的图表上散落着一些没有显着值的系列:
- 只取一定数量的最大值
- 丢弃所有最大值 < const 的系列
我的要求是
let Step = timespan(1d);
let PeriodStart = ago(30d);
cluster("").database("").table("")
| where Timestamp > PeriodStart
| where Source == "courierapp" and isnotempty(CourierId)
| summarize by CourierId, bin(Timestamp, Step), AppVersion
| make-series Version=count() default=0 on Timestamp from PeriodStart to ago(0d) step Step by AppVersion
| render timechart
一种可能的解决方案基于series_stats()
let threshold = 1000;
...
| make-series Version=count() default=0 on Timestamp from PeriodStart to ago(0d) step Step by AppVersion
| extend series_stats(Version)
| where series_stats_Version_max >= threshold
| render timechart