有没有一种方法可以将所有最后插入的性能计数器按机器分组到一排?

时间:2019-02-07 16:22:41

标签: azure azure-log-analytics kusto

我正在尝试查询日志分析Perf表。该表具有有关计算机的性能计数器。

我希望在一台计算机上获得所有性能计数器。

我已经编写了这个Kusto查询,但是它把每个计数器都放在了自己的行中。

Perf  
| where Computer in ('aks-nodepool1-85388480-3', 'aks-agentpool-40719753-2') 
| summarize arg_max(TimeGenerated, *) by CounterName, Computer
| project   Computer, CounterName, TimeGenerated, CounterValue

我想要一个可以带来以下结果的查询:

(Computer1,TimeGenerated,CounterName1,CounterName1Value,CounterName2,CounterName2Value等)

(计算机2,TimeGenerated,CounterName1,CounterName1Value,CounterName2,CounterName2Value等)

(计算机3,TimeGenerated,CounterName1,CounterName1Value,CounterName2,CounterName2Value等)

任何帮助或建议将不胜感激。

1 个答案:

答案 0 :(得分:1)

这样的事情怎么样? (其输出架构与您最初在问题中提到的输出架构稍有不同)

datatable(Computer:string, CounterName:string, CounterValue:double, TimeGenerated:datetime)
[
    "comp1", "counter1", 1.0, datetime(2019-02-07 16:31:15),
    "comp2", "counter1", 1.1, datetime(2019-02-07 16:31:15),
    "comp3", "counter1", 1.2, datetime(2019-02-07 16:31:15),
    "comp4", "counter1", 1.3, datetime(2019-02-07 16:31:16),
    "comp2", "counter2", 1.4, datetime(2019-02-07 16:31:16),
    "comp3", "counter3", 1.5, datetime(2019-02-07 16:31:16),
    "comp4", "counter2", 1.6, datetime(2019-02-07 16:31:14),
]
| summarize TimeGenerated = any(TimeGenerated), d = make_dictionary(pack(CounterName, CounterValue)) by Computer
| evaluate bag_unpack(d)

将输出:

| Computer | TimeGenerated               | counter1 | counter2 | counter3 |
|----------|-----------------------------|----------|----------|----------|
| comp1    | 2019-02-07 16:31:15.0000000 | 1        |          |          |
| comp2    | 2019-02-07 16:31:15.0000000 | 1.1      | 1.4      |          |
| comp3    | 2019-02-07 16:31:15.0000000 | 1.2      |          | 1.5      |
| comp4    | 2019-02-07 16:31:16.0000000 | 1.3      | 1.6      |          |

,您也可以这样做:

datatable(Computer:string, CounterName:string, CounterValue:double, TimeGenerated:datetime)
[
    "comp1", "counter1", 1.0, datetime(2019-02-07 16:31:15),
    "comp2", "counter1", 1.1, datetime(2019-02-07 16:31:15),
    "comp3", "counter1", 1.2, datetime(2019-02-07 16:31:15),
    "comp4", "counter1", 1.3, datetime(2019-02-07 16:31:16),
    "comp2", "counter2", 1.4, datetime(2019-02-07 16:31:16),
    "comp3", "counter3", 1.5, datetime(2019-02-07 16:31:16),
    "comp4", "counter2", 1.6, datetime(2019-02-07 16:31:14),
]
| summarize arg_max(TimeGenerated, *) by Computer, CounterName
| summarize d = make_dictionary(pack(CounterName, CounterValue, "TimeGenerated", TimeGenerated)) by Computer
| evaluate bag_unpack(d)

它将输出:

| Computer | TimeGenerated               | counter1 | counter2 | counter3 |
|----------|-----------------------------|----------|----------|----------|
| comp1    | 2019-02-07 16:31:15.0000000 | 1        |          |          |
| comp2    | 2019-02-07 16:31:15.0000000 | 1.1      | 1.4      |          |
| comp3    | 2019-02-07 16:31:15.0000000 | 1.2      |          | 1.5      |
| comp4    | 2019-02-07 16:31:16.0000000 | 1.3      | 1.6      |          |
相关问题
最新问题