raindrop
Reputation: 523
azure kusto join multiple graph/table two one
I try combining the two graphs I have now (working as expected) into one combined to show In and out. I have used the join command I assume that worked but didn't. did I miss anything?
syslog_CL
| where data_s contains "out"
| where hostname_s contains "interface"
| where TimeGenerated > ago(1hr)
| summarize Reject=dcount(data_s) by bin(TimeGenerated, 5m)
| project Reject
| join kind = inner (
syslog_CL
| where data_s contains "in"
| where hostname_s contains "interface"
| where TimeGenerated > ago(1hr)
| summarize allow=dcount(data_s) by bin(TimeGenerated, 5m)
| project allow
)
| order by timestamp asc
Upvotes: 0
Views: 1152
Answers (1)
Yoni L.
Reputation: 25955
you could try this instead, using the dcountif() aggregation function:
syslog_CL
| where TimeGenerated > ago(1hr)
| where hostname_s contains "interface"
| summarize reject = dcountif(data_s, data_s contains "out"),
allow = dcountif(data_s, data_s contains "in")
by bin(TimeGenerated, 5m)
| render timechart
Upvotes: 1
Related Questions
- Is there a way to combine data from two tables in Kusto?
- Kusto Query: Join tables with different datatypes
- Kusto Query to merge tables
- Kusto - How to put results into another table in another cluster?
- Kusto: Do a leftsemi join including columns from right table
- Kusto Join Query - How to join 2 tables on $left.column1 < $right.column2
- Kusto join tables from different DB
- Kusto Query: Join multiple tables
- How to write Kusto query to get results in one table?
- How to do inner joins using Kusto query language on AppInsights