This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Log Analytics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Counting multiple status codes for same transaction-id

VladS
Visitor

‎29 Sep 2025 07:36 AM

Hello,

I am trying to create a dashboard for a service that has multiple endpoints and calculate success rate for calls to each endpoint. Due to the design of the API gateway, in the case of certain status codes (e.g. spike arrests), the response will not contain the endpoint name in contents, therefore there is no way to know which endpoint was called. I can get around this by also querying for the request-in logs (which cointain the endpoint), then summarize by transaction-id, something like this:

| summarize {
status_code = max(status_code),
endpoint = max(inbound_request_uri)
},
by: { transaction_id }

Afterwhich I can filter for the desired endpoint and count the status codes to calculate my success rate.

The problem arises for certain status codes (like mentioned before, spike arrests), where the same transaction-id will be used for multiple transactions, so there will be multiple status codes in the same transaction (e.g. a couple of 429s, then 200). If I use the method above it will count a single 429 and the other two will be lost.

What can I do in this case to count multiple status codes for the same transaction-id? Unfortunately there's no other field to summarize by. I can summarize by multiple fields to separate the codes, but then I don't know how to filter them by the desired endpoint.

Any suggestion is welcomed, thanks!

Labels:
0 Kudos
Reply
0 REPLIES 0
Ask a question

Featured Posts