has_any 具有 > 10K 个值
has_any with > 10K values
我们 运行 Kusto has_any 10K 的限制。
示例代码
// Query: Get failed operations for migrated apps
let migrationsTimeDiff = 15d;
let operationsDiffTime = 24h + 1m;
let migratedApps = FirstTable
| where TimeStamp >= ago(migrationsTimeDiff)
| where MetricName == "JobSucceeded"
| project
MigrationTime = PreciseTimeStamp,
appName = tostring(parse_json(Annotations).AppName)
| project appName;
SecondTable
| where TimeStamp > ago(operationsDiffTime)
| where Url has_any (appName)
| where Result == "Fail"
有没有办法通过连接重组查询?
或者是否可以批量循环 10k?
感谢阅读!
如果 Url 与 appName 完全匹配,那么您应该使用:
SecondTable
| where TimeStamp > ago(operationsDiffTime)
| where Url in (appName) // 'in' instead of 'has_any'
| where Result == "Fail"
否则,您需要使用 extend 从 Url 中提取应用程序名称,然后像我上面建议的那样使用 in,因此您的查询将如下所示:
SecondTable
| where TimeStamp > ago(operationsDiffTime)
| extend ExtractedAppNameFromUrl = ...
| where ExtractedAppNameFromUrl in (appName) // 'in' instead of 'has_any'
| where Result == "Fail"
我们 运行 Kusto has_any 10K 的限制。 示例代码
// Query: Get failed operations for migrated apps
let migrationsTimeDiff = 15d;
let operationsDiffTime = 24h + 1m;
let migratedApps = FirstTable
| where TimeStamp >= ago(migrationsTimeDiff)
| where MetricName == "JobSucceeded"
| project
MigrationTime = PreciseTimeStamp,
appName = tostring(parse_json(Annotations).AppName)
| project appName;
SecondTable
| where TimeStamp > ago(operationsDiffTime)
| where Url has_any (appName)
| where Result == "Fail"
有没有办法通过连接重组查询? 或者是否可以批量循环 10k?
感谢阅读!
如果 Url 与 appName 完全匹配,那么您应该使用:
SecondTable
| where TimeStamp > ago(operationsDiffTime)
| where Url in (appName) // 'in' instead of 'has_any'
| where Result == "Fail"
否则,您需要使用 extend 从 Url 中提取应用程序名称,然后像我上面建议的那样使用 in,因此您的查询将如下所示:
SecondTable
| where TimeStamp > ago(operationsDiffTime)
| extend ExtractedAppNameFromUrl = ...
| where ExtractedAppNameFromUrl in (appName) // 'in' instead of 'has_any'
| where Result == "Fail"