I tried to run below query as user-defined function in kusto but always gives me an error. can someone help me to understand what i am missing here? When i run the query seprately it works but i want to use it like a function as i want to call it separately for every month and union the results .
let availability = (starttime:datetime , endtime:datetime )
{
//let month = format_datetime(starttime,"yyyy-M-dd");
Heartbeat
//| where TimeGenerated >= startofweek(ago(21d
| where TimeGenerated > starttime and TimeGenerated < endtime
| where ResourceId !=""
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, starttime), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_available_hours=countif(available_per_hour==true) by Computer
| extend total_number_of_buckets=round((endtime-starttime)/1h)
| extend availability_rate=total_available_hours*100/total_number_of_buckets
//| extend month
};
let starttime = startofday(datetime("2020-09-01 00:00:00 AM"));
let endtime = endofday(datetime("2020-09-30 11:59:59 PM"));
availability(starttime,endtime)
Related
This is my current query that i have in azure logs:
let numberOfBuckets = 24;
let interval = toscalar(requests | where url matches regex "courses.*"
| summarize interval = (max(timestamp)-min(timestamp)) / numberOfBuckets
| project floor(interval, 1m));
requests | where url matches regex "courses.*"
| summarize count() by url
It doesn't quite work and I've tried a lot of different ways to do this
like this...
let under400_course = requests | where url matches regex "/courses.*" | where duration < 400 | count;
let total_req_course = requests | where url matches regex "/courses.*" | count;
print under400_apt_SLI = toscalar(under400_course) * 100/toscalar(total_req_course);
just as a query to get information...
how do I actually get each response time for every connection in the last 24 hours for this endpoint?
how do I actually get each response time for every connection in the
last 24 hours for this endpoint?
I think the query is simpler for this request. Have you tried this?
requests
| where timestamp > ago(24h)
| where url matches regex "courses.*"
| project timestamp, url, resultCode, duration
The query timestamp > ago(24h) will filter all requests in the last 24 hours.
And the response time for request is already presented in requests table.
You can refer to Kusto guideline by MS here: https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/
let fastResponseTimeMaxMs = 800;
let errorBudgetThresholdForFastResponseTime = 90.0;
//
let startTime = ago(7days);
let endTime = now();
let timeStep = 300m;
//
requests
| where timestamp > startTime and timestamp < endTime
| where success == 'True' | where url matches regex "<URL>.*"
| summarize TotalCount = count(), ActualCount = countif(duration <= fastResponseTimeMaxMs) by bin(timestamp, timeStep)
| extend Percentage = round(todecimal(ActualCount * 100) / todecimal(TotalCount), 2)
| extend ErrorBudgetMinPercent = errorBudgetThresholdForFastResponseTime
| extend InBudget = case(Percentage >= ErrorBudgetMinPercent, 1, 0)
This works... took a bit but I got it!
Can any one share Azure Application Insights Query to display Total Request vs Total Passed vs Total Failed for a given test duration:
Operation Totalcount TotalPassed TotalFailed
Request1 10 5 5
Request2 10 7 3
Thanks to # lubumbax your answer helped a lot to improve my query knowledge.
Here I am using a query to fetch the Total count, Success, and Failure response from Application insights.
The Query follows:
let TOTAL = requests | where timestamp > ago(1d) | summarize TotalRequests=sum(itemCount) | extend Foo=1;
let Req_TOTAL = materialize(TOTAL);
let FAILED = requests
| where timestamp > ago(1d)
| where resultCode hasprefix "5"
| summarize Failed=sum(itemCount)
| extend Foo=1;
let Req_FAILED = materialize(FAILED);
let SUCCESS = requests
| where timestamp > ago(1d)
| where resultCode hasprefix "2"
| summarize Success=sum(itemCount)
| extend Foo=1;
let Req_SUCCESSED = materialize(SUCCESS);
Req_FAILED
| join kind=inner Req_TOTAL on Foo
| join kind=inner Req_SUCCESSED on Foo
| extend PercentFailed = round(todouble(Failed * 100) / TotalRequests, 2)
| extend PercentSuccess = round(todouble(Success * 100)/ TotalRequests, 2)
| project TotalRequests, Failed, Success, PercentFailed, PercentSuccess; availabilityResults
The Result :
| where TimeGenerated > ago(30d)
only gives me the last 30 days logs and I'm searching for a query to get previous month logs from a table, so I can export it directly into Power BI.
Here is how you can do it below. I am showing two ways. The 'easy' way is to just hand jam the dates in for the month. The harder way requires you to use the make_datetime function.
// The Easy 'Manual' Way
AuditLogs
| where TimeGenerated >= datetime('2021-08-01') and TimeGenerated <= datetime('2021-08-31')
// Automated Way
let lastmonth = getmonth(datetime(now)) -1;
let year = getyear(datetime(now));
let monthEnd = endofmonth(datetime(now),-1);
AuditLogs
| where TimeGenerated >= make_datetime(year,lastmonth,01) and TimeGenerated <= monthEnd
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/make-datetimefunction
Just wanted to add on to #Ken W MSFT's great query, by suggesting this for the automation
let time_start = startofmonth(datetime(now), -1);
let time_end = endofmonth(datetime(now),-1);
AuditLogs
| where TimeGenerated between (time_start .. time_end)
I have such a query:
let start=datetime("2019-06-22T01:44:00.000");
let end=datetime("2019-06-22T07:44:00.000");
let timeGrain=5m;
let dataset1= requests
| where timestamp > start and timestamp < end ;
dataset1
| summarize Gesamt=sum(itemCount) , Durchschnittsdauer=round(avg(duration /1000),2), Instanz=dcount(cloud_RoleInstance) by Funktionsname=name
| join kind= inner
(
exceptions
| where timestamp > start and timestamp < end
| summarize Fehler=count() by Funktionsname=operation_Name
) on Funktionsname
| project Funktionsname ,Gesamt , Erfolgreich=Gesamt - Fehler, Fehler, Durchschnittsdauer
If I test it in Application insight query manager, I get data. But after I pin it to the share dashboard, and changing the Time (local and UTC) the dashboard shows me no results. Do you know how can I solve this problem?
I got it
I should change starttime and endtime to:
let start=datetime("2019-06-24 13:44:00.000Z");
let end=datetime("2019-06-24 19:44:00.000Z");
I need to combine requests and customMetrics tables by parsed url. On output it should have common parsed url, avg duration of requests and avg value of requests from CustomMetrics.
This code doesn't work ^(
let parseUrlOwn = (stringUrl:string) {
let halfparsed = substring(stringUrl,157);
substring(halfparsed,0 , indexof(halfparsed, "?"))
};
customMetrics
| where name == "Api.GetData"
| extend urlURI = tostring(customDimensions.RequestedUri)
| extend urlcustomMeticsParsed = parseUrlOwn(urlURI)
| extend unionColumnUrl = urlcustomMeticsParsed
| summarize summaryCustom = avg(value) by unionColumnUrl
| project summaryCustom, unionColumnUrl
| join (
requests
| where isnotempty(cloud_RoleName)
| extend urlRequestsParsed = parseUrlOwn(url)
| extend unionColumnUrl = urlRequestsParsed
| summarize summaryRequests =sum(itemCount), avg(duration)
| project summaryRequests, unionColumnUrl
) on unionColumnUrl
Instead of inventing your own url parsing, how about using parse_url (https://docs.loganalytics.io/docs/Language-Reference/Scalar-functions/parse_url()) and using that instead?
It also appears that your summarize line in the requests join, isn't summarizing on url, so I'm not sure how that works.
Shouldn't this line:
| summarize summaryRequests =sum(itemCount), avg(duration)
be
| summarize summaryRequests =sum(itemCount), avg(duration) by unionColumnUrl
like it is in the metrics part of the query. Also, why are you calculating the average in that summarize? you're just throwing it away by not projecting it on the next line.