用于对 AppInsights 消息进行分组的 Kusto 查询
Kusto query for grouping AppInsights messages
我需要 Azure AppInsights 中的消息按消息中特定子字符串的存在和这些消息的计数进行分组。
最后,这是分组的样子
messages count
-------- -------
foomessages <say, 300>
barmessages <say, 450>
:
:
哪里
foomessages = All messages containing the substring "foo" etc.
我如何为此构建查询?
datatable(log: string) [
"hello world",
"this is a test",
"this is a world test",
"another test"
]
| summarize
LogsWithWorld = countif(log has "world"),
LogsWithTest = countif(log has "test")
| project Result = pack_all()
| mv-expand Result
| extend Message = tostring(bag_keys(Result)[0])
| extend Count = tolong(Result[Message])
| project Message, Count
产生的结果是:
| Message | Count |
|---------------|-------|
| LogsWithWorld | 2 |
| LogsWithTest | 3 |
|---------------|-------|
我需要 Azure AppInsights 中的消息按消息中特定子字符串的存在和这些消息的计数进行分组。
最后,这是分组的样子
messages count
-------- -------
foomessages <say, 300>
barmessages <say, 450>
:
:
哪里
foomessages = All messages containing the substring "foo" etc.
我如何为此构建查询?
datatable(log: string) [
"hello world",
"this is a test",
"this is a world test",
"another test"
]
| summarize
LogsWithWorld = countif(log has "world"),
LogsWithTest = countif(log has "test")
| project Result = pack_all()
| mv-expand Result
| extend Message = tostring(bag_keys(Result)[0])
| extend Count = tolong(Result[Message])
| project Message, Count
产生的结果是:
| Message | Count |
|---------------|-------|
| LogsWithWorld | 2 |
| LogsWithTest | 3 |
|---------------|-------|