azure-data-explorer - Setting input table name in Kusto query depending on variable?
问题描述
Summary
Depending on an input parameter I would like to use table1 or table2 for Kusto query.
Background
I've got a Kusto table, e.g. "table_all", with webserver access logs, lots of rows for all customer traffic. Currently I am adding a second table that contains the number of hits per customer per minute or per hour. ("table_aggregated")
To visualise this I am using Grafana with Kusto to plot number of hits per customer over time. The Grafana dashboard contains a query like
table_all
| where $__timeFilter(event_timestamp)
| where customer == "$customer"
| summarize count(), bin(event_timestamp, $__interval)
which works ok to plot the number of hits of a particular customer over time.
Depending on Grafana's time range view I would like to use either table_full or table_aggregated as input into the query.
When a full month or more is selected in Grafana $__interval is set to 1h, and I could leverage the table with aggregated data.
Is there a way to build the input table name from the value of $__interval?
解决方案
您可能会使用它union来实现:https ://docs.microsoft.com/en-us/azure/kusto/query/unionoperator
例如:
let T1 = range x from 1 to 3 step 1;
let T2 = range x from 11 to 13 step 1;
let _interval = 7h;
union
(T1 | where _interval < 5h),
(T2 | where _interval >= 5h)
将返回数字11,12,13。
如果您替换7h为 ,3h它将返回数字1,2,3