CODEWITHSUNDEEP
azureazure-data-explorerkql
MaxiPalle
MaxiPalle

Reputation: 450

Kusto: query to group http status codes

I'm trying to query some Azure Application Gateway related things from Azure Log Analytics.

I get for a query like this results for every single http status code:

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| summarize count() by httpStatus_d, Resource

Now I need those results grouped for 2xx, 3xx, 4xx and 5xx.

New to Kusto I don't find the right approach to achieve this. Thanks for your hints!

Upvotes: 2

Views: 5340

Answers (3)

Randy
Randy

Reputation: 1

Group by all httpStatus_d values automatically.

AzureDiagnostics 
| where TimeGenerated > ago(30d)
| summarize count=count() by httpStatus_d
| order by httpStatus_d asc

Upvotes: 0

MaxiPalle
MaxiPalle

Reputation: 450

Thanks to @yoni who sent me into the right direction.

I solved this like this:

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| extend HTTPStatus = case(httpStatus_d between (200 .. 299), "2XX",
                       httpStatus_d between (300 .. 399), "3XX",
                       httpStatus_d between (400 .. 499), "4XX",
                       "5XX")
| summarize count() by HTTPStatus, bin(timeStamp_t, 1h)
| render timechart

Upvotes: 1

Yoni L.
Yoni L.

Reputation: 25955

you could try using the bin() function, e.g.:

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| summarize count() by bin(httpStatus_d, 100), Resource

Upvotes: 1

Related Questions