Azure Log Analytics - 搜索 REST API - 如何对结果进行分页
[英]Azure Log Analytics - Search REST API - How to Paginate through results
问题描述
When grabbing search result using Azure Log Analytics Search REST API I'm able to receive only the first 5000 results (as by the specs, at the top of the document), but know there are many more (by the "total" attribute in the metadata in the response).
使用Azure Log Analytics Search REST API抓取搜索结果时,我只能收到前 5000 个结果(按照规范,在文档顶部),但知道还有更多(通过“total”属性响应中的元数据)。
Is there a way to paginate so to get the entire result set?有没有办法分页以获得整个结果集?
One hacky way would be to attempt to break down the desired time-range iteratively until the "total" is less than 5000 for that timeframe, and do this process iteratively for the entire desired time-range - but this is guesswork that will cost many redundant requests.一种黑客方法是尝试迭代分解所需的时间范围,直到该时间范围内的“总数”小于 5000,并在整个所需的时间范围内迭代地执行此过程 - 但这是猜测,将花费很多冗余请求。
2 个解决方案
解决方案1
1 已采纳 2016-12-18 06:36:52
While it doesn't appear to be a way to paginate using the REST API itself, you can use your query to perform the pagination.虽然它似乎不是使用 REST API 本身进行分页的一种方式,但您可以使用查询来执行分页。 The two key operators here are TOP and SKIP:这里的两个关键操作符是 TOP 和 SKIP:
Suppose you want page n with pagesize x (starting at page 1), then append to your query: query | skip (n-1) * x | top x假设您希望第 n 页的页面大小为 x(从第 1 页开始),然后附加到您的查询: query | skip (n-1) * x | top x query | skip (n-1) * x | top x query | skip (n-1) * x | top x . query | skip (n-1) * x | top x .
For a full reference list, see https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-search-reference有关完整的参考列表,请参阅https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-search-reference
解决方案2
0 2021-04-28 11:25:48
Yes, skip operation is not available anymore but if you want create pagination there is still an option.是的,跳过操作不再可用,但如果您想创建分页,仍有一个选项。 You need to count total count of entries, use a simple math and two opposite sortings.您需要计算条目的总数,使用简单的数学和两个相反的排序。
Prerequisites for this query are values: ContainerName, Namespace, Page, PageSize.此查询的先决条件是以下值:ContainerName、Namespace、Page、PageSize。 I'm using it in Workbook where these values are set by fields.我在工作簿中使用它,其中这些值由字段设置。
let containers = KubePodInventory
| where ContainerName matches regex '^.*{ContainerName}$' and Namespace == '{Namespace}'
| distinct ContainerID
| project ContainerID;
let TotalCount = toscalar(ContainerLog
| where ContainerID in (containers)
| where LogEntry contains '{SearchText}'
| summarize CountOfLogs = count()
| project CountOfLogs);
ContainerLog
| where ContainerID in (containers)
| where LogEntry contains '{SearchText}'
| extend Log=replace(@'(\x1b\[[0-9]*m|\x1b\[0 [0-9]*m)','', LogEntry)
| project TimeGenerated, Log
| sort by TimeGenerated asc
| take {PageSize}*{Page}
| top iff({PageSize}*{Page} > TotalCount, TotalCount - ({PageSize}*({Page} - 1)) , {PageSize}) by TimeGenerated desc;
// The '| // '| extend' is not needed if in logs are not the annoying special characters如果日志中不是烦人的特殊字符,则不需要扩展
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.