Azure 数据资源管理器 - 日志查询

【问题标题】:Azure Data Explorer - Log queryAzure 数据资源管理器 - 日志查询
【发布时间】:2020-09-02 20:51:57
【问题描述】:

有人可以分享一个示例,说明我如何为具有不同阈值的计算机的磁盘空间编写单个 azure 日志查询。

以下是我编写查询以处理具有不同阈值的计算机的方式。我想知道在单个查询中是否有其他更好的方法来做同样的事情

Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| where Computer !in~ ("DUFFVEEAMREPO01","TORFILE01")
| extend ComputerDrive= strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 10)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "DUFFVEEAMREPO01" and InstanceName == "K:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 1)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "DUFFVEEAMREPO01" and InstanceName == "I:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 2.5)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "TORFILE01" and InstanceName == "F:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 2.5)
//////////////////////////////////////////////
| union kind=outer (Perf
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| where Computer contains "TORFILE01" and InstanceName == "K:"
| where strlen(InstanceName) ==2 and InstanceName contains ":"
| extend drive = strcat(Computer, ' - ', InstanceName)
| summarize Free_Space = min(CounterValue) by ComputerDrive
| sort by Free_Space asc
| where Free_Space< 5)




Thanks
Swapna

【问题讨论】:

    标签: azure azure-data-explorer kql


    【解决方案1】:

    我认为您发布的三个查询,我可以看到 instanceName 和计算机名称的区别。我认为您可以使用 IN 子句并改进查询。

    类似的东西 InstanceName IN ("I:", "K:", "F:")

    【讨论】:

      猜你喜欢
      • 2020-04-07
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-04-25
      • 2020-05-31
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode