azure-data-explorer - 按时间戳和类别取消堆叠大数据表 Kusto
问题描述
我正在处理 ADX 上的一个大数据集,我需要在其中解开数据行并将它们转换为列。数据中的uniqueID由三个字段组合而成:组、时间戳和名称。
datatable(Group:string, timestamp:datetime, channel_name:string , value:long)
[
"A", datetime(2019-05-01 00:00:01), "channel_1", 12,
"A", datetime(2019-05-01 00:00:02), "channel_1", 14,
"A", datetime(2019-05-01 00:00:03), "channel_1", 16,
"A", datetime(2019-05-01 00:00:01), "channel_2", 12,
"A", datetime(2019-05-01 00:00:02), "channel_2", 14,
"A", datetime(2019-05-01 00:00:01), "channel_3", 16,
"B", datetime(2019-04-01 00:00:01), "channel_1", 3,
"B", datetime(2019-04-01 00:00:04), "channel_1", 5,
"B", datetime(2019-04-01 00:00:07), "channel_2", 1,
"B", datetime(2019-04-01 00:00:10), "channel_3", 8,
]
一组的预期输出(结果可以有或没有组列——因为总是应用组过滤器)
group, timestamp, channel_1, channel_2, channel_3
"A", datetime(2019-05-01 00:00:01), 12, 12, NULL,
"A", datetime(2019-05-01 00:00:02), 14,14, NULL,
"A", datetime(2019-05-01 00:00:03), 16, NULL,NULL,
尝试运行以下查询(基于),但这不会按预期取消堆叠列。这以与上述相同的格式返回数据。
| where timestamp > datetime(2019-04-01) and timestamp <datetime(2019-04-03) \\ filter1 Always applied
| where machine_name =='A' \\filter2 Always Applied
| where channel_name in ("channel1, channel2, channel3")
| summarize value=sum(value) by channel_name, timestamp
解决方案
你可以试试这个:
datatable(group:string, timestamp:datetime, channel_name:string , value:long)
[
"A", datetime(2019-05-01 00:00:01), "channel_1", 12,
"A", datetime(2019-05-01 00:00:02), "channel_1", 14,
"A", datetime(2019-05-01 00:00:03), "channel_1", 16,
"A", datetime(2019-05-01 00:00:01), "channel_2", 12,
"A", datetime(2019-05-01 00:00:02), "channel_2", 14,
"A", datetime(2019-05-01 00:00:01), "channel_3", 16,
"B", datetime(2019-04-01 00:00:01), "channel_1", 3,
"B", datetime(2019-04-01 00:00:04), "channel_1", 5,
"B", datetime(2019-04-01 00:00:07), "channel_2", 1,
"B", datetime(2019-04-01 00:00:10), "channel_3", 8,
]
| where group == "A"
| summarize b = make_bag(pack(channel_name, value)) by timestamp
| project timestamp, channel_1 = tolong(b.channel_1), channel_2 = tolong(b.channel_2), channel_3 = tolong(b.channel_3)
或者这个(由于使用效率较低bag_unpack()):
datatable(group:string, timestamp:datetime, channel_name:string , value:long)
[
"A", datetime(2019-05-01 00:00:01), "channel_1", 12,
"A", datetime(2019-05-01 00:00:02), "channel_1", 14,
"A", datetime(2019-05-01 00:00:03), "channel_1", 16,
"A", datetime(2019-05-01 00:00:01), "channel_2", 12,
"A", datetime(2019-05-01 00:00:02), "channel_2", 14,
"A", datetime(2019-05-01 00:00:01), "channel_3", 16,
"B", datetime(2019-04-01 00:00:01), "channel_1", 3,
"B", datetime(2019-04-01 00:00:04), "channel_1", 5,
"B", datetime(2019-04-01 00:00:07), "channel_2", 1,
"B", datetime(2019-04-01 00:00:10), "channel_3", 8,
]
| where group == "A"
| summarize b = make_bag(pack(channel_name, value)) by timestamp
| evaluate bag_unpack(b)
两者都输出此表:
| timestamp | channel_1 | channel_2 | channel_3 |
|-----------------------------|-----------|-----------|-----------|
| 2019-05-01 00:00:01.0000000 | 12 | 12 | 16 |
| 2019-05-01 00:00:02.0000000 | 14 | 14 | |
| 2019-05-01 00:00:03.0000000 | 16 | | |
推荐阅读
- javascript - 木偶表演者无头行为不同
- javascript - JSON、特殊字符和发送到数据库
- java - 获取 Maven 依赖项的连接重置
- javascript - JavaScript:返回 null 的类
- excel - 概述来自多个来源的一个单元格中的文本
- r - geom_bar() 和 geom_col() 的所有位置是什么?
- design-patterns - OLAP 多维数据集设计:运行时生成的度量
- javascript - 警告控制台:列表中的每个子项都应在代码 react.js 中的表中具有唯一的“键”道具
- c++ - 将 ASCII 字符表示的十六进制数转换为 C/C++ 中的十进制整数
- typescript - 当我映射和展平数组时,TypeScript 错误地出错?