问题标签 [kql]
For questions regarding programming in ECMAScript (JavaScript/JS) and its various dialects/implementations (excluding ActionScript). Note JavaScript is NOT the same as Java! Please include all relevant tags on your question; e.g., [node.js], [jquery], [json], [reactjs], [angular], [ember.js], [vue.js], [typescript], [svelte], etc.
azure-data-explorer - 如何编写 Kusto 查询以在一张表中获取结果?
我有 2 个 KQL 查询,我想将它们组合起来,以便将两行显示为一个结果。不仅是第一个查询的结果,还有第二个查询的结果:
请参阅下面的示例R_L。我希望看到 2 行结果,其中一个 SrcIP_s 不为空,第二个 SrcIP_s 为空(在这种情况下,它总是相同的)
azure-log-analytics - 是否有任何 KQL 查询来提取页面视图,从 Azure-Log 分析上的 W3C IISlogs 下载计数?
我们正在尝试从 w3c IIS 日志中提取页面浏览量、文件下载计数、用户列表。我们要定义什么是页面视图,即任何用户在同一页面上停留超过 10 秒才能成为一页视图。少一点就不是页面浏览量。w3c 日志似乎没有足够的数据来提取它。这可以用已经可用的东西来实现吗?
这是可用于从中提取上述信息的数据,
数据表运算符
数据表(TimeGenerated:datetime, csUriStem:string, scStatus:string, csUserName:string, sSiteName:string) [datetime(2019-04-12T11:55:13Z),"/Account/","302","-", "网站名称", datetime(2019-04-12T11:55:16Z),"/","302","-","WebsiteName", datetime(2019-04-12T11:55:17Z),"/Account/ ","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:55:17Z),"/Content/site.css","200","-","WebsiteName ", datetime(2019-04-12T11:55:17Z),"/Scripts/modernizr-2.8.3.js","200","-","WebsiteName", datetime(2019-04-12T11:55: 17Z),"/Scripts/bootstrap.js","200","-","网站名称", datetime(2019-04-12T11:55:17Z),"/Content/bootstrap.css","200","-","WebsiteName", datetime(2019-04-12T11:55:18Z),"/Scripts/jquery-3.3.1.js","200","-","网站名称”,日期时间(2019-04-12T11:55:23Z),“/”,“302”,“-”,“网站名称”,日期时间(2019-04-12T11:56:39Z),“/”, 200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:57:13Z),"/Home/About","200","myemail@mycom.com","WebsiteName" , datetime(2019-04-12T11:58:16Z),"/Home/Contact","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z), "/","200","myemail@mycom.com","网站名称"]55:18Z),"/Scripts/jquery-3.3.1.js","200","-","WebsiteName", datetime(2019-04-12T11:55:23Z),"/","302" ,"-","WebsiteName", datetime(2019-04-12T11:56:39Z),"/","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11: 57:13Z),"/Home/About","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:58:16Z),"/Home/Contact","200 ","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]55:18Z),"/Scripts/jquery-3.3.1.js","200","-","WebsiteName", datetime(2019-04-12T11:55:23Z),"/","302" ,"-","WebsiteName", datetime(2019-04-12T11:56:39Z),"/","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11: 57:13Z),"/Home/About","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:58:16Z),"/Home/Contact","200 ","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]"网站名称", 日期时间(2019-04-12T11:56:39Z),"/","200","myemail@mycom.com","网站名称", 日期时间(2019-04-12T11:57:13Z), "/Home/About","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:58:16Z),"/Home/Contact","200","myemail@ mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]"网站名称", 日期时间(2019-04-12T11:56:39Z),"/","200","myemail@mycom.com","网站名称", 日期时间(2019-04-12T11:57:13Z), "/Home/About","200","myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:58:16Z),"/Home/Contact","200","myemail@ mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]myemail@mycom.com","WebsiteName", datetime(2019-04-12T11:59:03Z),"/","200","myemail@mycom.com","WebsiteName"]
azure-data-explorer - 无法解析 Kusto 查询
我有带有 DstIP_s 等字段的 SecurityLog 并希望显示与我的 trojanDst 表匹配的记录
我收到查询无法解析 错误?
azure-data-explorer - Format a number as currency in Azure Data Explorer
I have a query that returns a decimal value. I'm looking for a way to format the value as currency. My current use case is limited to USD, but I'm sure others are looking for similar solutions.
I'd like to be able to go from "123456.789" to "$123,456.79".
azure-data-explorer - Kusto 查询按总数百分比显示摘要
我正在尝试以总数的百分比汇总失败,请参阅下面的查询。这很好,但我希望它显示Vendor1=0.5 和 Vendor2=0.5(50% 失败),而不仅仅是Vendor1=1(一个失败为 0),Vendor2=2(两个失败为 0)
azure-application-insights - 如何将基于聚合的恒定参考线引入 Kusto 时间表?
我有一个简单的 KQL 查询,它绘制了 90 天内所有异常的(日志)计数:
我想做的是在生成的时间表中添加一些参考线。根据文档,这非常简单:
复杂的因素是我希望这些参考线基于我正在绘制的值的聚合。例如,我想要最小值、平均值和第三四分位数的参考线。
专注于其中的第一个(最低限度),事实证明您不能min()在summarize(). 但我可以在extend().
我被吸引到min_of(),但这需要一个参数列表而不是一列。我想我可能可以将该列扩展为一系列值,但这感觉很糟糕,并且会超出一定数量的值。
这样做的惯用方式是什么?
azure-data-explorer - 是否可以从某个列值中获取特定数量的行,类似于 Java 中的 foreach 循环?
有没有办法让 kusto 中的行为类似于 Java 中的 foreach 循环?例如,假设我有一个不同的服务列表 AF,那么对于这个不同的列表,我想为每个不同的列值取 N 行,有没有办法在单个查询中做到这一点?
我尝试了多种加入方式,但无法让它以动态方式工作。我所说的动态是指我不想编写不同的查询来指定| where service = 'A' | take 30.
实际结果是它只为不同列表中的单个值返回 30,而不是每个值
parameters - 如何在 KQL 查询中指定参数?
我正在尝试使用查询参数和 .NET Kusto SDK 对 Azure 数据资源管理器集群执行 KQL 查询。
我尝试将参数放在大括号 {} 内并且没有大括号。
我已阅读有关将参数传递给查询的文档,但我找不到任何示例说明通过 .NET SDK 将查询传递给 Azure 数据资源管理器时的外观。
当我在工具中设置参数时,我的查询在 Kusto.Explorer 工具中有效,但在使用 SDK 时我没有运气。
我收到一个错误,提示我尚未设置参数值:“语法错误:无法解析查询:无法解析日期时间文字:'datetime(startdate)'”
azure-application-insights - 如何访问“range()”语句中使用的“toscalar()”语句中的范围步长值
我正在使用 Kusto 查询在 Azure AppInsights 中创建一个时间表,使用Google 的一个衡量 Web 服务是否在其错误预算内的示例来可视化我们的 Web 服务何时在其 SLO 内(以及何时不在) :
假设在 7 天的窗口中检查间隔为 10 分钟,这是我的代码:
我希望实现的示例查询输出:
我得到的错误是:
我试过todatetime(InspectionTime)了,同样的错误失败了。
替换InspectionTime为其他类型的对象datetime可以使此代码正常执行,但不能使用我想要的日期时间值。例如,当在我上面的代码示例中使用时,使用此代码段执行正常:
InspectionTime对我来说,使用within似乎toscalar(...)是这个问题的症结所在,因为我可以InspectionTime在类似的查询中使用range(...)它,而不是将它嵌套在toscalar(...).
注意:我不想要 的时间表request.duration,因为根据上面定义的公式,这并不能告诉我超过我的阈值(400 毫秒)的请求计数是否超过了我们的错误预算。