库斯托 |使用 where 子句汇总 count() 多列
Kusto | Summarize count() multiple columns with where clauses
我正在尝试获取 Kusto 查询中多项内容的计数,但无法使其正常工作。假设我有一个这样的样本 table:
let SampleTable = datatable(Department:string, Status:string, DateStamp:datetime)
[
"Logistics", "Open", "05-01-2019",
"Finance", "Closed", "05-01-2020",
"Logistics", "Open", "05-01-2020"
];
我这样查询:
SampleTable
| summarize closedEntries = count() by (Status | where Status == "Closed"),
openEntries = (Status | where Status == "Open"),
recentDates = (DateStamp | where DateStamp > "12-31-2019"),
Department
预期结果:
但这会产生错误“名称 'Status' 未引用任何已知列、table、变量或函数。”和 DateStamp 的相同错误。我也试过使用 extend 和 join,但是很乱。
您可以使用 countif() 聚合函数:https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/countif-aggfunction
datatable(Department:string, Status:string, DateStamp:datetime)
[
"Logistics", "Open", "05-01-2019",
"Finance", "Closed", "05-01-2020",
"Logistics", "Open", "05-01-2020"
]
| summarize closedEntries = countif(Status == "Closed"),
openEntries = countif(Status == "Open"),
recentDates = countif(DateStamp > datetime(12-31-2019))
by Department
我正在尝试获取 Kusto 查询中多项内容的计数,但无法使其正常工作。假设我有一个这样的样本 table:
let SampleTable = datatable(Department:string, Status:string, DateStamp:datetime)
[
"Logistics", "Open", "05-01-2019",
"Finance", "Closed", "05-01-2020",
"Logistics", "Open", "05-01-2020"
];
我这样查询:
SampleTable
| summarize closedEntries = count() by (Status | where Status == "Closed"),
openEntries = (Status | where Status == "Open"),
recentDates = (DateStamp | where DateStamp > "12-31-2019"),
Department
预期结果:
但这会产生错误“名称 'Status' 未引用任何已知列、table、变量或函数。”和 DateStamp 的相同错误。我也试过使用 extend 和 join,但是很乱。
您可以使用 countif() 聚合函数:https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/countif-aggfunction
datatable(Department:string, Status:string, DateStamp:datetime)
[
"Logistics", "Open", "05-01-2019",
"Finance", "Closed", "05-01-2020",
"Logistics", "Open", "05-01-2020"
]
| summarize closedEntries = countif(Status == "Closed"),
openEntries = countif(Status == "Open"),
recentDates = countif(DateStamp > datetime(12-31-2019))
by Department