具有多个维度的Azure日志分析时间表

时间:2017-09-19 16:30:50

标签: azure azure-log-analytics

Azure new log analytics query platform中,您可以查询性能计数器并对它们进行汇总,最后创建一个漂亮的图形。

按照multiple dimensions documentation example说明

  

by子句中的多个表达式创建多个行,一个用于   每种价值观的组合。

我想查询他们的示例数据库,查找每台计算机发送和接收的网络字节数。从this query开始,它应该是

Perf | where TimeGenerated > ago(1d) | where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") | summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, CounterName | extend Threshold = 20 | render timechart

问题是发送和接收的字节在计算机级别的图表中分组

如何在文档中说明多个维度,以便我有计算机X字节发送计算机X字节接收而不是它们组合在一起巫婆没有有道理吗?

Bytes send and received get mixed in the graph

更不用说在之前的版本中,这是按预期工作的。

2 个答案:

答案 0 :(得分:2)

我虽然如果没有真正接受多个维度,字符串连接就可以解决问题。在我看来有点hack,但确实如此。

Perf
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") and InstanceName matches regex "^Microsoft Hyper-V Network Adapter.*$"
| summarize avg(CounterValue) by strcat(Computer, " ", CounterName), bin(TimeGenerated, 10s)
| render timechart

答案 1 :(得分:0)

这是另一个选择

let RuntimeID = CosmosThroughput_CL 
| where MetricName_s == "ProvisionedThroughput" and TimeGenerated between (ago(2h) .. ago(1h))
| order by TimeGenerated desc  
| top 1 by TimeGenerated
| distinct RuntimeID_g;
CosmosThroughput_CL 
| where MetricName_s == "ProvisionedThroughput" and RuntimeID_g in (RuntimeID)
| project Resource = toupper(Resource), Value = Throughput_d, Container = Container_s, Database = Database_s, MetricName = "Provisioned"
| union 
    (
        AzureDiagnostics 
        | where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
        | where TimeGenerated between (ago(1d) .. ago(1d-1h))
        | summarize Value = sum(todouble(requestCharge_s)) by Resource, databaseName_s, collectionName_s
        | project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "HourlyUsage"
    ) 
| union 
    ( 
        AzureDiagnostics 
        | where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
        | where TimeGenerated between (ago(1d) .. ago(1d-1h))
        | summarize Value = sum(todouble(requestCharge_s)/3600) by Resource, databaseName_s, collectionName_s
        | project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "RUs"
    )
| project Resource, Database, Container, Value, MetricName

重要的部分是project相同的列名称。 Value保存每个表中不同的值。第二个union帮助我从同一张表中投影另一个值。

相关问题
最新问题