29 Aug 2024 02:58 PM
Hi All,
I am currently trying to write some dql which will provide some graphical data from the fetch logs command.
This is the fetch logs command I have so far below. I need to average the results by 1day and 7days, whist also showing the status code field
fetch logs
| filter application =="myapp" or application == "mayapp2"
| filter sourcecontext == "source"
| filter requestpath == "limits/daily"
| summarize count(), by:{statuscode}
Is this possible?
Thanks
30 Aug 2024 09:57 PM
If I understand the need correctly, first you need to calculate counts per day. This can be done this way:
fetch logs
| summarize cnt=count(), by:{status, timestamp=bin(timestamp,1d,at:-2h) }
In the next step you need to average daily counts:
fetch logs
| summarize cnt=count(), by:{status, timestamp=bin(timestamp,1d,at:-2h) }
| summarize cnt=avg(cnt), by: {status}
notes: I used column status, I do not have stauscode ; I used samplingRatio parameter in my queries to speed up their execution