1. 技术文章
  2. Date time difference within a column in Azure Monitor Logs (Kusto Query Language)

Date time difference within a column in Azure Monitor Logs (Kusto Query Language)

混江龙づ霸主 提交于 2019-12-11 10:56:40

问题


I have clickstream data in Azure Monitor Logs in this format:

       Timestamp             Category  Session_ID    Step_Name
10/22/2019, 9:28:14.868 AM      A        ++9Ti        step 1    
10/22/2019, 9:28:18.034 AM      A        ++9Ti        step 2    
10/22/2019, 9:28:22.487 AM      A        ++9Ti        step 3
10/23/2019, 7:02:02.527 AM      B        ++MoY        step 1    
10/23/2019, 7:02:09.244 AM      B        ++MoY        step 2    
10/23/2019, 7:02:21.156 AM      B        ++MoY        step 3        <-- 
10/23/2019, 7:02:27.195 AM      B        ++MoY        step 3        <--
10/23/2019, 7:15:13.544 AM      A        ++0a3        step 1    
10/23/2019, 7:15:35.438 AM      A        ++0a3        step 2

I need to get the mean time that a consumer spends on each step in a Category

Also, when steps are repeated (like step 3 in session_ID = '++MoY'), we need to take the latest timestamp while calculating the mean.

Example : Mean time spent on step 2 in category A is (3.166 + 21.894)/2 = 12.53 seconds. (Note : timestamp gives time at which step is completed)


回答1:


you could try something like the following

a) using arg_max() to take the latest by step/category

b) using prev() after order by to calculate the duration for each step

datatable(Timestamp:datetime, Category:string, Session_ID:string, Step_Name:string)
[
    datetime(10/22/2019, 9:28:14.868 AM), 'A', '++9Ti', 'step 1',
    datetime(10/22/2019, 9:28:18.034 AM), 'A', '++9Ti', 'step 2',
    datetime(10/22/2019, 9:28:22.487 AM), 'A', '++9Ti', 'step 3',
    datetime(10/23/2019, 7:02:02.527 AM), 'B', '++MoY', 'step 1',
    datetime(10/23/2019, 7:02:09.244 AM), 'B', '++MoY', 'step 2',
    datetime(10/23/2019, 7:02:21.156 AM), 'B', '++MoY', 'step 3',
    datetime(10/23/2019, 7:02:27.195 AM), 'B', '++MoY', 'step 3',
    datetime(10/23/2019, 7:15:13.544 AM), 'A', '++0a3', 'step 1',
    datetime(10/23/2019, 7:15:35.438 AM), 'A', '++0a3', 'step 2',
]
| summarize arg_max(Timestamp, *) by Step_Name, Session_ID
| order by Session_ID asc, Timestamp asc
| extend duration = iff(Session_ID == prev(Session_ID), Timestamp - prev(Timestamp), 0s)
| summarize avg(duration) by Step_Name, Category
| where Step_Name == "step 2" and Category == "A"


来源:https://stackoverflow.com/questions/58519476/date-time-difference-within-a-column-in-azure-monitor-logs-kusto-query-language

标签
azure
datetime
kusto
kusto-query-language
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!