Adding Where condition on Timestamp yields odd aggregated resultsApplication Insights Query for higher than usualAzure Log Analytics Query with WHERE clause produces no resultsProblem seeing custom application log in Azure Log Analytics
How to track mail undetectably?
Where to connect the fuse and why?
Why will we fail creating a self sustaining off world colony?
Customs and immigration on a USA-UK-Sweden flight itinerary
Is there a list of all of the cases in the Talmud where תיקו ("Teiku") is said?
Why are symbols not written in words?
Meaning of the word "good" in context
Fully submerged water bath for stove top baking?
What was the point of separating stdout and stderr?
How do I present a future free of gender stereotypes without being jarring or overpowering the narrative?
Perform mirror symmetry transformation of 3D model (in OBJ)
How did they film the Invisible Man being invisible in 1933?
Is it OK to throw pebbles and stones in streams, waterfalls, ponds, etc.?
How do I tell my girlfriend she's been buying me books by the wrong author for the last nine months?
Why are examinees often not allowed to leave during the start and end of an exam?
Could you fall off a planet if it was being accelerated by engines?
Hard for me to understand one tip written in "The as-if rule" of cppreference
How to count the number of bytes in a file, grouping the same bytes?
What does 5d4 x 10 gp mean?
Does it make sense to (partially) create a conlang that you don't intend to actually use in the story?
Why didn't Caesar move against Sextus Pompey immediately after Munda?
The alcoholic village festival
Why doesn't SpaceX land boosters in Africa?
Why am I getting an electric shock from the water in my hot tub?
Adding Where condition on Timestamp yields odd aggregated results
Application Insights Query for higher than usualAzure Log Analytics Query with WHERE clause produces no resultsProblem seeing custom application log in Azure Log Analytics
I'm looking into Azure Monitor queries for the first time, and can't understand why adding this line:
| where timestamp <= ago(1days)
makes the query results "de-aggregated."
Screenshots of the 2 separate queries/results:
Desired Output
Undesired Output
azure-log-analytics azure-monitoring
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
add a comment |
I'm looking into Azure Monitor queries for the first time, and can't understand why adding this line:
| where timestamp <= ago(1days)
makes the query results "de-aggregated."
Screenshots of the 2 separate queries/results:
Desired Output
Undesired Output
azure-log-analytics azure-monitoring
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage?
– Ivan Yang
Mar 18 at 2:48
add a comment |
I'm looking into Azure Monitor queries for the first time, and can't understand why adding this line:
| where timestamp <= ago(1days)
makes the query results "de-aggregated."
Screenshots of the 2 separate queries/results:
Desired Output
Undesired Output
azure-log-analytics azure-monitoring
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
I'm looking into Azure Monitor queries for the first time, and can't understand why adding this line:
| where timestamp <= ago(1days)
makes the query results "de-aggregated."
Screenshots of the 2 separate queries/results:
Desired Output
Undesired Output
azure-log-analytics azure-monitoring
azure-log-analytics azure-monitoring
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
asked Mar 15 at 15:30
Mark C.Mark C.
4,9613 gold badges25 silver badges49 bronze badges
4,9613 gold badges25 silver badges49 bronze badges
Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage?
– Ivan Yang
Mar 18 at 2:48
add a comment |
Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage?
– Ivan Yang
Mar 18 at 2:48
Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage?
– Ivan Yang
Mar 18 at 2:48
Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage?
– Ivan Yang
Mar 18 at 2:48
add a comment |
1 Answer
1
active
oldest
votes
The operator you should be using is timestamp >= ago(1d), which should pick the rows which have timestamp for last 24Hrs.
Below is the sample
requests
| where timestamp >= ago(1d)
| summarize C = count() by itemType
Output from Explorer with timestamp with in the query
requests
| summarize C = count() by itemType
Output from Explorer with timestamp from Time Range
Documentation reference for using ago()
Hope this helps !
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55185955%2fadding-where-condition-on-timestamp-yields-odd-aggregated-results%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The operator you should be using is timestamp >= ago(1d), which should pick the rows which have timestamp for last 24Hrs.
Below is the sample
requests
| where timestamp >= ago(1d)
| summarize C = count() by itemType
Output from Explorer with timestamp with in the query
requests
| summarize C = count() by itemType
Output from Explorer with timestamp from Time Range
Documentation reference for using ago()
Hope this helps !
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
add a comment |
The operator you should be using is timestamp >= ago(1d), which should pick the rows which have timestamp for last 24Hrs.
Below is the sample
requests
| where timestamp >= ago(1d)
| summarize C = count() by itemType
Output from Explorer with timestamp with in the query
requests
| summarize C = count() by itemType
Output from Explorer with timestamp from Time Range
Documentation reference for using ago()
Hope this helps !
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
add a comment |
The operator you should be using is timestamp >= ago(1d), which should pick the rows which have timestamp for last 24Hrs.
Below is the sample
requests
| where timestamp >= ago(1d)
| summarize C = count() by itemType
Output from Explorer with timestamp with in the query
requests
| summarize C = count() by itemType
Output from Explorer with timestamp from Time Range
Documentation reference for using ago()
Hope this helps !
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
The operator you should be using is timestamp >= ago(1d), which should pick the rows which have timestamp for last 24Hrs.
Below is the sample
requests
| where timestamp >= ago(1d)
| summarize C = count() by itemType
Output from Explorer with timestamp with in the query
requests
| summarize C = count() by itemType
Output from Explorer with timestamp from Time Range
Documentation reference for using ago()
Hope this helps !
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
edited Mar 25 at 17:38
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
answered Mar 25 at 15:46
bharathn-msftbharathn-msft
3405 bronze badges
3405 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55185955%2fadding-where-condition-on-timestamp-yields-odd-aggregated-results%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage?
– Ivan Yang
Mar 18 at 2:48