Reputation: 49
Azure Kusto Query output format
I have the follwoing query which runs fine but I'm not happy with the output format in the body of the e-mail for the 'parsedstack' column.
exceptions | project timestamp, type, method, outerMessage, customDimensions.RequestPath, customDimensions.user, customDimensions.aisAuditId, details[0].parsedStack
Running this within Azure it all looks fine as per the below screenshot
However, when the alert triggers and sends an e-mail it looks like the below which is a bit messy ...
Does anyone have any ideas on how I'd add formatting to the kusto query, or another way of improving the presentation in the alert e-mail (if it's possible)?
Thanks!
Upvotes: 0
Views: 2504
Answers (1)
Reputation: 5512
There are two super useful operators in the Kusto Query Language that help working with JSON data:
The bag_unpack plugin is used with the evaluate operator, and unpacks a single column of type dynamic by treating each property bag top-level slot as a column.
Example:
datatable(d:dynamic)
[
dynamic({"Name": "John", "Age":20}),
dynamic({"Name": "Dave", "Age":40}),
dynamic({"Name": "Jasmine", "Age":30}),
]
| evaluate bag_unpack(d)
Output:
| Name | Age |
|------------|----------------|
| John | 20 |
| Dave | 40 |
| Jasmine | 30 |
mv-expand on the other hand, expands multi-value dynamic arrays or property bags into multiple records.
Example:
datatable (a:int, b:dynamic)[1,dynamic({"prop1":"a", "prop2":"b"})]
| mv-expand b
Output:
| a | b |
|------------|----------------|
| 1 | {"prop1":"a"} |
| 1 | {"prop2":"b"} |
I've found these two utilities incredibly useful to format query results. Since data like logs, exception stack traces etc. are more likely to contain nested objects and fields, you can use a mix of these two to unpack/extract relevant fields to any level.
Here are some other posts that explain this further:
- Extracting Nested Fields in Kusto
- How to i expand JSON data in kusto/data explorer that has multiple layers?
- Split an array into multiple rows in Kusto
Upvotes: 0
Related Questions
- Kusto Query from c#
- Need to achieve the below output using Kusto Query language(KQl)
- Rows to columns in azure data explorer (kusto)
- Kusto Query Pipeline Query
- Kusto Query Language: How to save column of results into a variable?
- Kusto result column name, bin value from request_parameters
- How to write Kusto query to get results in one table?
- KUSTO display two series of data
- Azure Kusto Java SDK get all columns of query results
- How to output multiple variables using Azure Kusto?