Azure日志分析基于日期进行查询

Question

我想查询日志分析中的表格，以获取今天最后一小时的记录数量，并比较上一周（前7天）同一时间内提取的计数天。

我不确定以下查询对我有帮助。请帮助我。

表1 |其中TimeGenerated＆gt;现在（-1h）和responseCode_d == 200 |通过responseCode汇总recount = count（responseCode） | project responseCode，recount | join kind = inner（     表格1     |其中TimeGenerated＆gt;现在（-7d）和responseCode_d == 200     |通过responseCode汇总recount1 = count（responseCode）     |项目responseCode_d，recount1 ）在responseCode

上

Answer 1

这样的事情怎么样？

Table1
| where TimeGenerated >= ago(1h) and TimeGenerated < now()
| where responseCode_d == 200
| summarize responseCountLastWeek=count() by responseCode
| project responseCode, responseCountLastWeek
| join kind=fullouter (
    Table1
    | where TimeGenerated >= ago(1h) - 7d and TimeGenerated < now() - 7d
    | responseCode_d == 200
    | summarize responseCountThisWeek=count() by responseCode
    | project responseCode, responseCountThisWeek
) on responseCode
| project
    responseCode = coalesce(responseCode, responseCode1),
    responseCountPrevWeek = coalesce(responseCountPrevWeek, 0),
    responseCountThisWeek = coalesce(responseCountThisWeek, 0)