Azure数据资源管理器-日志查询

时间:2020-09-02 20:51:57

标签: azure azure-data-explorer kusto-query-language

有人可以分享给我一个例子,说明我如何为具有不同阈值的计算机的磁盘空间编写单个Azure日志查询。

下面是我编写查询以处理具有不同阈值的计算机的方式。我想知道在单个查询中是否还有其他更好的方法可以做到这一点

Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| where Computer !in~ ("DUFFVEEAMREPO01","TORFILE01")
| extend ComputerDrive= strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 10)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "DUFFVEEAMREPO01" and InstanceName == "K:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 1)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "DUFFVEEAMREPO01" and InstanceName == "I:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 2.5)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "TORFILE01" and InstanceName == "F:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 2.5)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "TORFILE01" and InstanceName == "K:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 5)




Thanks
Swapna

1 个答案:

答案 0 :(得分:0)

我认为您发布了三个查询,我可以看到instanceName和Computer name的区别。我认为您可以使用IN子句并改进查询。

类似的东西 InstanceName IN(“ I:”,“ K:”,“ F:”)

相关问题
最新问题