Azure数据资源管理器(kusto)如何按天和顶部与“其他”进行汇总?

时间:2019-11-07 09:34:43

标签: kusto azure-data-explorer kql

我是Kusto语言的新手-请帮助我创建查询。

此处的数据集:

let T = datatable(d:datetime , s:string)
[
    datetime(2019-10-01T00:01:00.00), "A",
    datetime(2019-10-01T00:02:00.00), "A",
    datetime(2019-10-01T00:03:00.00), "A",
    datetime(2019-10-02T00:01:00.00), "A",
    datetime(2019-10-02T00:02:00.00), "A",
    datetime(2019-10-02T00:03:00.00), "A",    
    datetime(2019-10-01T00:01:00.00), "C",    
    datetime(2019-10-01T00:02:00.00), "C",
    datetime(2019-10-02T00:01:00.00), "C",
    datetime(2019-10-02T00:02:00.00), "C",
    datetime(2019-10-01T00:01:00.00), "D",        
    datetime(2019-10-02T00:01:00.00), "D",    
    datetime(2019-10-01T00:01:00.00), "E",    
    datetime(2019-10-02T00:01:00.00), "E",                                
];

我希望与其他人一起获得每个“ s”字符串的前2个,并按天汇总。 即结果必须是:

2019-10-01T00:00:00Z    A   3
2019-10-01T00:00:00Z    C   2
2019-10-01T00:00:00Z    Other   2
2019-10-02T00:00:00Z    A   3
2019-10-02T00:00:00Z    C   2
2019-10-02T00:00:00Z    Other   2

我认为我要结束查询:

T
| summarize c = count() by bin(d, 1d), s
| top-nested of d by dummy0 = max(0)
| top-nested 2 of s with others = "Other" by c0 = sum(c);

但这不起作用。

请告知。

2 个答案:

答案 0 :(得分:0)

找到了实现此目标的方法。不确定它是最佳的。

let Q=T
|top-nested 2 of s with others = "" by c = count()
| project sq = s;
T
| join kind=leftouter Q on $left.s==$right.sq
| summarize c = count() by bin(d, 1d), s=sq
| project d,s=iif(isempty(s),"Other",s),c

答案 1 :(得分:0)

这是一种使用最嵌套的方法来执行此操作的方法,该方法应比您的建议要好:

let T = datatable(d:datetime , s:string)
[
    datetime(2019-10-01T00:01:00.00), "A",
    datetime(2019-10-01T00:02:00.00), "A",
    datetime(2019-10-01T00:03:00.00), "A",
    datetime(2019-10-02T00:01:00.00), "A",
    datetime(2019-10-02T00:02:00.00), "A",
    datetime(2019-10-02T00:03:00.00), "A", 
    datetime(2019-10-01T00:01:00.00), "C",    
    datetime(2019-10-01T00:02:00.00), "C",
    datetime(2019-10-02T00:01:00.00), "C",
    datetime(2019-10-02T00:02:00.00), "C",
    datetime(2019-10-01T00:01:00.00), "D",        
    datetime(2019-10-02T00:01:00.00), "D",    
    datetime(2019-10-01T00:01:00.00), "E",    
    datetime(2019-10-02T00:01:00.00), "E",                                
];
T
| summarize c = count() by bin(d, 1d), s
| top-nested of d by dummy=max(0), top-nested 2 of s with others = "Others" by _count = sum(c)
| where _count > 0 | project-away dummy

enter image description here

相关问题
最新问题