累计查询

时间:2019-10-06 14:21:28

标签: azure azure-log-analytics kusto kusto-query-language

在Log Analytics中,我可以编写以下查询:

requests
| where timestamp > ago(30d)
| summarize count() by bin(timestamp, 5m)

在该时间段内,每个垃圾箱都会对请求进行计数。

bin 1 -> 5 req
bin 2 -> 2 req
bin 3 -> 8 req

我希望获得一段时间内的总体情况,如:

bin 1 -> 5  req
bin 2 -> 7  req (bin1 + bin2)
bin 3 -> 15 req (bin1 + bin2 + bin3)

我如何用Kusto做到这一点?

1 个答案:

答案 0 :(得分:2)

您可以尝试使用row_cumsum()https://docs.microsoft.com/en-us/azure/kusto/query/rowcumsumfunction 

datatable(dummy:int, timestamp:datetime)
[
    1, datetime(2019-10-06 00:00),
    1, datetime(2019-10-06 00:01),
    1, datetime(2019-10-06 00:02),
    1, datetime(2019-10-06 00:03),
    1, datetime(2019-10-06 00:04),
    1, datetime(2019-10-06 06:00),
    1, datetime(2019-10-06 06:01),
    1, datetime(2019-10-06 12:00),
    1, datetime(2019-10-06 12:00),
    1, datetime(2019-10-06 12:02),
    1, datetime(2019-10-06 12:01),
    1, datetime(2019-10-06 12:04),
    1, datetime(2019-10-06 12:01),
    1, datetime(2019-10-06 12:02),
    1, datetime(2019-10-06 12:02),
]
| summarize count() by bin(timestamp, 5m)
| order by timestamp asc 
| project timestamp, c = row_cumsum(count_)

-> 

| timestamp                   | c  |
|-----------------------------|----|
| 2019-10-06 00:00:00.0000000 | 5  |
| 2019-10-06 06:00:00.0000000 | 7  |
| 2019-10-06 12:00:00.0000000 | 15 |
相关问题
最新问题