我有一个http响应表,包括时间戳,服务名称和我想使用KQL / Kusto查询的http响应代码。
我的目标是要有一张表,告诉我“在一段时间内,过去5分钟内某项服务对某类型(2xx,4xx等)的http响应有多少”
我想用5分钟的时间段总结行,同时 和ResponseType(基本上是响应代码类)-但我似乎无法使其工作。当我将count(ResponseType)添加到summary子句时,它返回错误消息Function 'count' cannot be invoked in current context。
我的KQL看起来像这样
InsightsMetrics
| extend Tags = parse_json(Tags)
| extend Responsecode = tostring(Tags.["code"])
| extend ResponseType = strcat(substring(Responsecode, 0, 1), "XX")
| extend Service = tostring(Tags.["service"])
| where TimeGenerated >= now(-4h)
| where Namespace == "prometheus"
| where Name contains "traefik_service_requests_total"
| project TimeGenerated, Responsecode, Service, ResponseType
| summarize by bin(TimeGenerated, 5m), ResponseType
返回如下数据:
| TimeGenerated | ResponseType | Service |
|---------------------|--------------|----------------------------------------------------------|
| 2020-10-01 10:25:00 | 3XX | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
| 2020-10-01 10:30:00 | 2XX | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
| 2020-10-01 10:30:00 | 2XX | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
| 2020-10-01 10:30:00 | 4XX | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
当我想要这样的东西
| TimeGenerated | ResponseType | count(ResponseType) | Service |
|---------------------|--------------|---------------------|----------------------------------------------------------|
| 2020-10-01 10:25:00 | 3XX | 1 | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
| 2020-10-01 10:30:00 | 2XX | 2 | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
| 2020-10-01 10:30:00 | 4XX | 1 | prod-service-internal-50f0bab542c7d81ed22e@kubernetescrd |
答案 0 :(得分:2)
您所要做的就是替换
| summarize by bin(TimeGenerated, 5m), ResponseType
使用
| summarize count() by bin(TimeGenerated, 5m), ResponseType, Service