Azure日志分析聚合查询

时间:2019-03-20 14:09:20

标签: azure event-log azure-log-analytics

使用下面的查询创建时遇到问题。

我正在尝试在一小时的时间间隔内从四台计算机获取平均会话数。然后,我想绘制24小时内四个平均值的总和。

到目前为止,我在下面使用联接进行查询,但无法获得正确的结果。

 // Total Sessions for all four computers
    Perf
    | project Computer, bin(TimeGenerated,1h) 
    | where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
    | join kind= inner (
        Perf
        | where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
        | where CounterName  == "Total Sessions"
        | summarize avg(CounterValue) by Computer, bin(TimeGenerated, 1h)
 ) on TimeGenerated
| summarize sum(avg_CounterValue) by TimeGenerated
| render timechart

enter image description here

1 个答案:

答案 0 :(得分:0)

以下代码似乎可以正常工作。我使用联合而不是联接。

    // Total Sessions for all four computers
Perf
| project Computer, bin(TimeGenerated,1h) 
| where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
| union (
    Perf
    | where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
    | where CounterName  == "Total Sessions"
    | summarize avg(CounterValue) by Computer, bin(TimeGenerated, 1h)
    | project-rename avg_CounterValue, interval=TimeGenerated
) 
| summarize sum(avg_CounterValue) by interval
| render timechart

enter image description here

相关问题
最新问题