在连接后检索不同的行

时间:2017-04-28 21:42:31

标签: azure-application-insights ms-app-analytics

我正在执行两个事件之间的连接,如下所示。如何在最终输出中获得不同的行?

let fromdate = "2017-04-26 23:00";

let fileEvents = (Events
| where Timestamp > todatetime(fromdate) 
| project fileId, fileName, Application);

fileEvents | join (Events
    | where Timestamp > todatetime(fromdate) and Data.Size > 1024
    | project fileId) on fileId
| project fileId,Application, fileName;

查询输出

1 , Web , Agreement
1 , Web , Agreement
2 , Api , Contract
2 , Api , Contract
1 , Web , Agreement
2 , Api , Contract

我希望输出为

1 , Web , Agreement
2 , Api , Contract

1 个答案:

答案 0 :(得分:3)

使用summarize运算符按所有结果列进行汇总:

let fromdate = "2017-04-26 23:00";

let fileEvents = (Events
| where Timestamp > todatetime(fromdate) 
| project fileId, fileName, Application);

fileEvents
| join (Events
| where Timestamp > todatetime(fromdate) and Data.Size > 1024
| project fileId) on fileId
| summarize by fileId, Application, fileName

以上相当于:

let fromdate = "2017-04-26 23:00";
Events
| where Timestamp > todatetime(fromdate) 
| project fileId, fileName, Application
| join (
    Events
    | where Timestamp > todatetime(fromdate) and Data.Size > 1024
    | project fileId) on fileId
| summarize by fileId, Application, fileName
相关问题
最新问题