none
KQL Assistance

    Question

  • Hello All,

    Need some help with KQL to look for something specific. Not sure if this is possible, but thought I would try here. We are looking for Requests to our URLs and the duration they take. However, what we noticed was that the durations are all over the place, meaning one request may take 143 ms and another (for the same URL) may take 1321 ms. So, given the varied nature of the requests, I think the only thing that makes sense is to summarize the URLs by count, but also include three other columns (min, max, mean) in terms of the durations. Here is what I have so far. Just need help finishing it off. 

    requests |where timestamp between(todatetime('2019-05-17T00:00:00.000')..todatetime('2019-05-17T11:59:00.000'))
    | order by timestamp desc
    | summarize count() by url
    | order by count_

    Monday, May 20, 2019 6:33 PM

Answers

  • Hi Vegas577,

    You can try something like this:

    requests
    | where timestamp between(todatetime('2019-05-17T00:00:00.000')..todatetime('2019-05-17T11:59:00.000'))
    | summarize count(), avgRequestDuration=avg(duration), maxRequestDuration=max(duration), minRequestDuration=min(duration) by url

    Hope this helps!

    Monday, May 20, 2019 7:19 PM
    Moderator

All replies

  • Hi Vegas577,

    You can try something like this:

    requests
    | where timestamp between(todatetime('2019-05-17T00:00:00.000')..todatetime('2019-05-17T11:59:00.000'))
    | summarize count(), avgRequestDuration=avg(duration), maxRequestDuration=max(duration), minRequestDuration=min(duration) by url

    Hope this helps!

    Monday, May 20, 2019 7:19 PM
    Moderator
  • Looks good. Thanks! Now I understand how to format the query. 
    Monday, May 20, 2019 7:39 PM
  • Glad to help :)
    Tuesday, May 21, 2019 2:40 AM
    Moderator