Reputation: 23
Azure Log Insights - How to aggregate events per hour
I am trying to monitor Azure ASR VM Disk churn & throughput processing.
I can get the last hours worth of VM Churn & Upload rate with the following query:
Perf
| where ObjectName == "ASRAnalytics"
| where InstanceName contains "VMName"
| where TimeGenerated >= ago(1h)
| project TimeGenerated, CounterName, Churn_MBps = todouble(CounterValue)/5242880
| render timechart
This will only get me either a line chart showing what the VM upload activity looked like, or a table of values with columns TimeGenerated, Countername, Churn_MBps
How can I aggregate these values into a single value per counter name (SourceVmThrpRate,SourceVmCurnRate) that will show me the total aggregate Churn or Thrp for the total hour?
Upvotes: 1
Views: 2945
Answers (1)
Reputation: 305
Kusto Query has aggregated functions; like count(), avg(), max(), etc - you can read more about Aggregated Functions.
I hope below updated query helps; I have added summarize but I have not validated result as I will have different data.
| summarize avg(Churn_MBps) by bin(TimeGenerated, 1h), CounterName
Perf
| where ObjectName == "ASRAnalytics"
| where InstanceName contains "VMName"
| where TimeGenerated >= ago(1h)
| project TimeGenerated, CounterName, Churn_MBps = todouble(CounterValue) / 5242880
| summarize avg(Churn_MBps) by bin(TimeGenerated, 1h), CounterName
| render timechart
Upvotes: 4
Related Questions
- Azure Log Analytics - How to view logs from last x days but only between certain hours?
- Azure Stream Analytics current day aggregation
- Azure OPDG System Aggregation Logs to TimeChart in KQL
- Application Insights aggregate sums of event occurrences
- Azure log analytics timechart with multiple dimensions
- Group or Join multiple data events without a common event id
- How to extract Log-Data from Azure Log Analytics / Application Insights?
- azure log analytics use average and count in a query
- Total over time query
- Adding Where condition on Timestamp yields odd aggregated results