堆栈内存溢出
  简体   繁体   English

在 Azure(Kusto 查询语言)中聚合多个列

[英]Aggregate over multiple columns in Azure (Kusto Query Language)

 原文  2019-11-04 09:52:59       azure/ pivot/ azure-data-explorer/ kql

问题描述

I have clickstream data in Azure monitor logs in this format:我在 Azure 监控日志中有点击流数据,格式如下:

Category   StepName     Count_    Median_Duration(secs)
   A         step1       1200        00:00
   A         step2       1000        24:00
   A         step3        800        19:00
   B         step1       4000        00:00
   B         step2       3800        37:00

I need to pivot the table to get this:我需要 pivot 表来得到这个:

Category Step1_Count Step1_Duration Step2_Count Step2_Duration Step3_Count ...
   A       1200          00:00         1000        24:00          800      ...
   B       4000          00:00         3800        37:00           0       ...

Right now I am only able to aggregate over one column using evaluate pivot(StepName, sum(Count_)) or evaluate pivot(StepName, sum(Median_Duration)).现在我只能使用评估数据透视(StepName,sum(Count_))或评估数据透视(StepName,sum(Median_Duration))聚合一列。 Is it possible to get the above format without using joins?是否可以在不使用连接的情况下获得上述格式?

Note: Similar formats to the output table are fine, just need the aggregate of the count and duration.注意:类似于 output 表的格式可以,只需要计数和持续时间的聚合。

1 个解决方案

解决方案1
 3 已采纳  2019-11-04 16:11:11

you could try something along the following lines:您可以尝试以下方式:

datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
   "A", "step1", 1200, time(00:00:00),
   "A", "step2", 1000, time(00:00:24),
   "A", "step3",  800, time(00:00:19),
   "B", "step1", 4000, time(00:00:00),
   "B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName
| project Category, p = pack(strcat(StepName, "_Count"), StepCount, strcat(StepName, "_Duration"), Duration)
| summarize b = make_bag(p) by Category
| evaluate bag_unpack(b)

or, if you're ok with a different output schema:或者,如果您可以使用不同的 output 架构:

datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
   "A", "step1", 1200, time(00:00:00),
   "A", "step2", 1000, time(00:00:24),
   "A", "step3",  800, time(00:00:19),
   "B", "step1", 4000, time(00:00:00),
   "B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 Azure Kusto 查询语言 (KQL) 查询 Jmeter Graph,例如 Active Threads Over times - How to use Azure Kusto Query Language (KQL) to query Jmeter Graph such as Active Threads Over times 如何取消 kusto/kql/azure 中的列并将多列合二为一 - How to unpivot columns in kusto/kql/azure and put multiple columns into one Azure Kusto Java SDK 获取查询结果的所有列 - Azure Kusto Java SDK get all columns of query results Azure Kusto 查询 output 格式 - Azure Kusto Query output format Azure 监控日志(Kusto 查询语言)中列内的日期时间差 - Date time difference within a column in Azure Monitor Logs (Kusto Query Language) 将连续的非零行标记为不同的分区,这次使用 kusto - Azure AppInsights 的查询语言 - Tag consecutive non zero rows into distinct partitions, this time using kusto - the query language of the Azure AppInsights 仅获取 Kusto 查询语言(Azure Monitor 日志)中的类别中的唯一值 - Getting only unique values within a category in Kusto Query Language (Azure Monitor Logs) 如何使用 Kusto 查询语言在 Azure 日志中显示具有多个自定义指标的时间表 - How do I display a timechart with more than one custom metric in Azure Logs with Kusto Query Language 使用 Kusto 查询语言的具有单个数字的图表 - A chart with a single number using Kusto Query Language 等效于 Splunk 在 Kusto 查询语言中的查找 - Equivalent of Splunk's lookup in Kusto Query Language
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM