azure-application-insights - 使用 KQL (Kusto) 选择行时遇到问题
问题描述
我正在尝试根据时间戳选择行。在随后的示例数据中,某些列包含重复的计算机名称。我对具有最新时间戳的行感兴趣。
+------------------------+----------+---------+------------+
| TIMEST AMP | COMPUTER | VERSION | MORE COLS. |
+------------------------+----------+---------+------------+
| 2019-10-02 10:32:40 | COMPA | 1234 | ... |
+------------------------+----------+---------+------------+
| 2019-09-12 11:15 23 | COMPA | 1235 | ... |
+------------------------+----------+---------+------------+
| 2019-11-13 15:23:25 | COMPA | 1234 | ... |
+------------------------+----------+---------+------------+
| 2019-10-02 10:32:40 | COMPB | 1234 | ... |
+------------------------+----------+---------+------------+
| 2019-09-13 11:15 23 | COMPC | 1235 | ... |
+------------------------+----------+---------+------------+
| 2019-11-13 15:23:25 | COMPC | 1235 | ... |
+------------------------+----------+---------+------------+
应返回以下结果
+------------------------+----------+---------+------------+
| TIMEST AMP | COMPUTER | VERSION | MORE COLS. |
+------------------------+----------+---------+------------+
| 2019-11-13 15:23:25 | COMPA | 1234 | ... |
+------------------------+----------+---------+------------+
| 2019-10-02 10:32:40 | COMPB | 1234 | ... |
+------------------------+----------+---------+------------+
| 2019-11-13 15:23:25 | COMPC | 1235 | ... |
+------------------------+----------+---------+------------+
看起来嵌套查询应该可以工作。我找到了一个例子,但我不知道如何让它与这些数据一起工作
样本
dependencies
| where resultCode == toscalar(
dependencies
| where resultId == 7
| top 1 by timestamp desc
| project resultCode)
解决方案
您可以尝试使用summarize arg_max()(doc):
datatable(timestamp:datetime, computer:string, version:int)
[
datetime(2019-10-02 10:32:40), 'COMPA', 1234,
datetime(2019-09-12 11:15:23), 'COMPA', 1235,
datetime(2019-11-13 15:23:25), 'COMPA', 1234,
datetime(2019-10-02 10:32:40), 'COMPB', 1234,
datetime(2019-09-13 11:15:23), 'COMPC', 1235,
datetime(2019-11-13 15:23:25), 'COMPC', 1235,
]
| summarize arg_max(timestamp, *) by computer
-->
| computer | timestamp | version |
|----------|-----------------------------|---------|
| COMPA | 2019-11-13 15:23:25.0000000 | 1234 |
| COMPB | 2019-10-02 10:32:40.0000000 | 1234 |
| COMPC | 2019-11-13 15:23:25.0000000 | 1235 |
推荐阅读
- windows-10 - Windows 10:可以重置键盘布局吗?
- apache-spark - Apache Spark SQL 无法选择 Cassandra 时间戳列
- memory - .NET - 进程的最大可能内存分配大小?
- python - NLP-我们如何在神经网络中输入 FastText 的输出
- airflow - airflow create sub process based on number of files
- flutter - 搜索列表时,gridview builder中的空容器占用空间
- node.js - 为一个 SQS 使用多个 lambda 触发器
- windows-server-2008-r2 - 如何使用 windows server 2008 R2 远程连接 macbook 11.4 big sur
- python - 在 python 中使用 Selenium 完全加载运行命令而不等待页面
- r - 在 R 中重塑数据表:添加子列