Azure Log Analytics聚合查询

问题描述 投票:0回答:1

我在使用以下查询创建时遇到问题。

我试图在一小时的时间间隔内获得四台计算机的平均会话数。然后我想绘制24小时内四个平均值的总和。

到目前为止,我有一个使用连接的查询,但我无法得到正确的结果。

 // Total Sessions for all four computers
    Perf
    | project Computer, bin(TimeGenerated,1h) 
    | where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
    | join kind= inner (
        Perf
        | where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
        | where CounterName  == "Total Sessions"
        | summarize avg(CounterValue) by Computer, bin(TimeGenerated, 1h)
 ) on TimeGenerated
| summarize sum(avg_CounterValue) by TimeGenerated
| render timechart

enter image description here

azure event-log azure-log-analytics
1个回答
0
投票

下面的代码似乎正在起作用。我使用了联合而不是联接。

    // Total Sessions for all four computers
Perf
| project Computer, bin(TimeGenerated,1h) 
| where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
| union (
    Perf
    | where Computer == "s-az-vdigpu2.company.local" or Computer == "s-az-vdigpu4.company.local" or Computer == "s-az-vdigpu5.company.local" or Computer == "s-az-vdigpu6.company.local"
    | where CounterName  == "Total Sessions"
    | summarize avg(CounterValue) by Computer, bin(TimeGenerated, 1h)
    | project-rename avg_CounterValue, interval=TimeGenerated
) 
| summarize sum(avg_CounterValue) by interval
| render timechart

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.