如何从 kusto table 创建具有 json 记录的新 table
how to create a new table having json record from a kusto table
我们收到多行 json(格式如下),并在使用多行 json 映射后将它们存储到 Kusto table "OldT"。
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:06.077963Z"}
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:00.893151Z"}
记录在table"OldT":
sender timestamp severity version body priority facility hostname
Test.login 2020-04-23T07:07:06.077963 0 2a09dfa1 1 Test.login
Test.login 2020-04-23T07:07:00.893151Z 0 2a09dfa1 1 Test.login
现在我需要将数据移动到另一个 table,比如只有一列的“NewT”,比如“Rawrecord”
原始记录:
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:06.077963Z"}
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:00.893151Z"}
如何将此数据移动到 NewT?
您可以使用pack_all()函数。例如:
OldT | project Rawrecord = pack_all()
要将其移动到另一个 table,您可以使用 .set-or-append 命令,例如:
.set-or-append NewT <| OldT | project Rawrecord = pack_all()
我们收到多行 json(格式如下),并在使用多行 json 映射后将它们存储到 Kusto table "OldT"。
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:06.077963Z"}
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:00.893151Z"}
记录在table"OldT":
sender timestamp severity version body priority facility hostname
Test.login 2020-04-23T07:07:06.077963 0 2a09dfa1 1 Test.login
Test.login 2020-04-23T07:07:00.893151Z 0 2a09dfa1 1 Test.login
现在我需要将数据移动到另一个 table,比如只有一列的“NewT”,比如“Rawrecord”
原始记录:
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:06.077963Z"}
{"severity":"0","hostname":"Test.login","sender":"Test.login","body":"2a09dfa1","facility":"1","version":"1","timestamp":"2020-04-23T07:07:00.893151Z"}
如何将此数据移动到 NewT?
您可以使用pack_all()函数。例如:
OldT | project Rawrecord = pack_all()
要将其移动到另一个 table,您可以使用 .set-or-append 命令,例如:
.set-or-append NewT <| OldT | project Rawrecord = pack_all()