Azure日志分析基于日期进行查询

时间:2018-05-09 00:08:58

标签: azure-log-analytics azure-oms

我想查询日志分析中的表格,以获取今天最后一小时的记录数量,并比较上一周(前7天)同一时间内提取的计数天。

我不确定以下查询对我有帮助。请帮助我。

表1 |其中TimeGenerated>现在(-1h)和responseCode_d == 200 |通过responseCode汇总recount = count(responseCode) | project responseCode,recount | join kind = inner(     表格1     |其中TimeGenerated>现在(-7d)和responseCode_d == 200     |通过responseCode汇总recount1 = count(responseCode)     |项目responseCode_d,recount1 )在responseCode

1 个答案:

答案 0 :(得分:0)

这样的事情怎么样?

Table1
| where TimeGenerated >= ago(1h) and TimeGenerated < now()
| where responseCode_d == 200
| summarize responseCountLastWeek=count() by responseCode
| project responseCode, responseCountLastWeek
| join kind=fullouter (
    Table1
    | where TimeGenerated >= ago(1h) - 7d and TimeGenerated < now() - 7d
    | responseCode_d == 200
    | summarize responseCountThisWeek=count() by responseCode
    | project responseCode, responseCountThisWeek
) on responseCode
| project
    responseCode = coalesce(responseCode, responseCode1),
    responseCountPrevWeek = coalesce(responseCountPrevWeek, 0),
    responseCountThisWeek = coalesce(responseCountThisWeek, 0)
相关问题
最新问题