Skip to main content


Showing posts with the label Azure Log Analytics

Azure Data Explorer - Approaches For Data Aggregation In Kusto

In my previous posts I tried to transcribe the things that were not too obvious for me when I initially started working on Kusto Query Language. Continuing with the same thought, this time I’m going to share a few of the approaches that can be taken to aggregate the data.   Let’s consider the below input data: let demoData = datatable(Environment: string, Version: int , BugCount: int )   [   "dev" ,1, 1,   "test" ,1, 1,   "prod" ,1, 1,   "dev" ,2, 2,   "test" ,2, 0,   "dev" ,3, 2,   "test" ,3, 0,   "prod" ,2,2,   ]; Description Get the average number of bugs falling under each category.   Expected Output   There are several approaches to achieve this.   Approach 1 - Using Partition Operator   Partition operator first partitions the input data with defined criteria and then combines all the results. demoData| partition by Environment (summarize ceiling(avg(BugCount)) by Environment);    Appr

Azure Data Explorer - Reading JSON Data Using Kusto

You may have a requirement wherein you have a data stored in a column as JSON format and business need is to read that column value. Now when it comes to JSON, there are few ways, which can help us to read this data and represent that in a meaningful and readable manner. Let’s consider below sample data: In the above table, last column named Description is holding the data which is in JSON format. Using Dynamic One way to extract data of description column is by using the dynamic literal as shown in below query: demoData  | extend AllProperties = todynamic(Description)   | project Environment, BugId = AllProperties[ "Id" ], AssignedTo = AllProperties[ "AssignedTo" ]  On execution of above query, you will notice that all the properties of JSON are extracted in the form of new columns, as shown below: We can further improvise the above query in terms of readability. If the column title and the JSON property are having the same name, then JSON property can

Perform Calculation On Multiple Values From Single Kusto Input

Let’s consider a scenario, wherein requirement is to find out the percentage of a particular type of values from the single input set. Below can be considered as an example of input sample data and need is to find out how much percentage of dev releases and how much percentage of prod releases are present in the input data. let demoData = datatable(Environment: string, Feature:string)   [   "dev" ,  "Feature1" ,   "test" ,  "Feature1" ,   "prod" ,  "Feature1" ,   "Dev" ,  "Feature2" ,   "test" ,  "Feature2" ,   "dev" ,  "Feature3" ,   "test" ,  "Feature3" ,   "prod" ,  "Feature3"    ];  Approach In order to achieve the solution, one has to go through various steps as mentioned below: Step 1: Get total number of records from input set let totalRecords = demoData |  count   | project TotalRecords =  Count ;   Step 2: Get

Working with Kusto Case Sensitivity

Like most of the other programming and query languages, Kusto too has sense of case sensitivity, which means, it can deal with upper-case and lower-case while performing comparisons between values. Let’s consider below sample data: let demoData = datatable(Environment: string, Feature:string)   [          "dev" ,  "Feature1" ,       "test" ,  "Feature1" ,       "prod" ,  "Feature1" ,       "Dev" ,  "Feature2" ,       "test" ,  "Feature2" ,       "dev" ,  "Feature3" ,       "test" ,  "Feature3" ,       "prod" ,  "Feature3"       ]; Case Sensitive Comparison The Case sensitive means match should be exact, upper-case letter must match with upper-case only and same for lower-case. Whenever the match is performed between an upper-case character and a lower-case character, query would return false, although both the characters a