It’s been some time since I began engaged on information evaluation. Relating to information evaluation, it’s all about how effectively one can filter and fetch the small set of helpful information from a humongous assortment.
I used Kusto Question Language (KQL) for writing superior queries for Azure Log Analytics. At first, while you begin writing queries, it may be very daunting and protecting that in thoughts, I believed, I ought to share a couple of of these queries which might save an enormous quantity of a newbie’s time.
Therefore, my subsequent few posts can be largely primarily based on obtain anticipated output utilizing KQL. So, let’s get began with a easy state of affairs first.
Beneath is the pattern information on which we’re going to question,
|
GenerationDate |
IngestionTime |
DescriptionTitle |
DescriptionDetail |
FeedKey |
|
2020-05-21 00:00:00:0000000 |
2020-05-25 02:00:00:0000000 |
Schedule Job |
Learn feed from server 1 |
acbf-uhef-4t5i-dfff |
|
2020-05-21 00:00:00:0000000 |
2020-05-25 03:00:00:3000000 |
Schedule Job |
Learn feed from server 1 |
acbf-uhef-4t5i-dfff |
|
2020-05-21 00:00:00:0000000 |
2020-05-25 03:00:00:3000000 |
Monitoring Job |
Monitoring failed for LOC |
lcbf-u78f-4p5i-dfff |
|
2020-05-22 00:00:00:0000000 |
2020-05-26 02:00:00:0000000 |
Schedule Job |
Knowledge lacking for palto |
acbf-uhef-4t5i-dfff |
|
2020-05-22 00:00:00:0000000 |
2020-05-26 00:09:00:0000000 |
Schedule Job |
Learn feed from server 1 |
acbf-uhef-4t5i-dfff |
|
2020-05-22 00:00:00:0000000 |
2020-05-27 00:04:00:0000000 |
Failover Dealing with |
Disk fault occurred in area R |
acbf-uhef-4t5i-dfff |
Question description
Find out how to get the numerous description rely for every FeedKey.
- DemoData
- | the place GenerationDate >= datetime(2020-05-20) and GenerationDate <= datetime(2020-05-23)
- | lengthen Descriptions = strcat(DescriptionTitle,” : “,DescriptionDetail)
- | summarize dcount(FeedKey) by Descriptions, FeedKey
- | summarize DescriptionCount = rely() by FeedKey | kind by DescriptionCount desc;
Anticipated output
|
FeedKey |
DescriptionCount |
|
acbf-uhef-4t5i-dfff |
3 |
|
lcbf-u78f-4p5i-dfff |
1 |
Pleased querying!
