alan32
Reputation: 11
Kusto - Compare 2 query results and get the diff
I would like to compare the HTTP 5xx and 2xx codes from the W3CIISLog in Azure Monitor using Kusto.
How do you return two or more values and then compare against eachother?
For example, I can return all 2xx and 5xx values using:
search "W3CIISLog"// | where scStatus startswith "2" or scStatus startswith "5"
But then I want what each returns into a variable so I can then compare to eachother.
Thanks
Upvotes: 1
Views: 7121
Answers (1)
Yoni L.
Reputation: 25955
you can use !in() or an anti-join
- https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/inoperator
- https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/joinoperator
for example:
let colors = datatable(c:string)
[
'Red',
'Green',
'Blue',
'Black',
'White'
]
;
colors
| where c !in ((
customEvents
| ...
| distinct Colours
))
Upvotes: 1
Related Questions
- How to use result of first KQL query in the second query to filter results?
- How can I filter out redundant results except one?
- Need to achieve the below output using Kusto Query language(KQl)
- Difference between 2 consecutive values in Kusto
- Comparison in UDF in Kusto on tabular data
- Kusto / KQL query to take distinct output and then use in subsequent query
- how to extract time difference between two requests using KUSTO
- How to write Kusto query to get results in one table?
- How to compare Kusto query against 2 table columns?
- KUSTO display two series of data