时间戳

首页 > 解决方案 > Kusto - 每个系列的最后一行按时间戳

azure-data-explorer - Kusto - 每个系列的最后一行按时间戳

问题描述

我有一个记录消息的表,对于每个操作,都有几条带有时间戳的消息。我需要获取每个 operation_id 的最后一条消息。

示例数据:

timestamp                  | operation_id | message 
---------------------------|--------------------------------------------------------
10/2/2019, 10:00:10.000 AM |    1         | message (last msg for this operation id)
10/2/2019, 10:00:00.000 AM |    1         | message
10/2/2019, 10:00:03.000 AM |    2         | message (last msg for this operation id)
10/2/2019, 10:00:00.000 AM |    3         | message
10/2/2019, 10:00:00.000 AM |    2         | message
10/2/2019, 10:00:15.000 AM |    3         | message (last msg for this operation id)

期望的输出:

timestamp                  | operation_id | message 
---------------------------|--------------------------------------------------------
10/2/2019, 10:00:10.000 AM |    1         | message (last msg for this operation id)
10/2/2019, 10:00:03.000 AM |    2         | message (last msg for this operation id)
10/2/2019, 10:00:15.000 AM |    3         | message (last msg for this operation id)

标签: azure-data-explorerkql

解决方案

看一下聚合函数arg_max()

请注意,适用的示例在 arg_min() 文档中...

推荐阅读