I am trying to summarize API requests by url using Application Insights:
requests
| summarize hits = count() by url
| order by hits desc
some of the URLs have path parameters which I would like to ignore in the summary, so if the following urls are called:
https://foo.bar/api/v1/items/abc123/latest
https://foo.bar/api/v1/items/xyz789/latest
I would like them to be summarized together as
url
hits
https://foo.bar/api/v1/items/*/latest| 2
How should I modify my Kusto query?
You can do this with regex_replace:
requests
| extend newUrl = replace_regex(url, #"items\/[a-zA-Z0-9]*\/latest", #"items\/\*\/latest")
| summarize hits = count() by newUrl
| order by hits desc
Related
I am trying to find what's causing the higher RU usage on the Cosmos DB. I enabled the Log Analytics on the Doc DB and ran the below Kusto query to get the RU consumption by Collection Name.
AzureDiagnostics
| where TimeGenerated >= ago(24hr)
| where Category == "DataPlaneRequests"
| summarize ConsumedRUsPer15Minute = sum(todouble(requestCharge_s)) by collectionName_s, _ResourceId, bin(TimeGenerated, 15m)
| project TimeGenerated , ConsumedRUsPer15Minute , collectionName_s, _ResourceId
| render timechart
We have only one collection on the DocDb Account (prd-entities) which is represents Red line in the Chart. I am not able to figure out what the Blue line represents.
Is there a way to get more details about the empty collection name RU usage (i.e., Blue line)
I'm not sure but I think there's no empty collection costs RU actually.
Per my testing in my side, I found that when I execute your kusto query I can also get the 'empty collection', but when I watch the line details, I found all these rows are existing in my operation. What I mean here is that we shouldn't sum by collectionName_s especially you only have one collection in total, you may try to use requestResourceId_s instead.
When using requestResourceId_s, there're still some rows has no id, but they cost 0.
AzureDiagnostics
| where TimeGenerated >= ago(24hr)
| where Category == "DataPlaneRequests"
| summarize ConsumedRUsPer15Minute = sum(todouble(requestCharge_s)) by requestResourceId_s, bin(TimeGenerated, 15m)
| project TimeGenerated , ConsumedRUsPer15Minute , requestResourceId_s
| render timechart
Actually, you can check the requestCharge_s are coming from which operation, just watch details in Results, but not in Chart, and order by the collectionName_s, then you'll see those requests creating from the 'empty collection', judge if these requests existing in your collection.
I understand how to use requests and dependencies in a query.
How can I only list requests having more than a specific number of dependencies?
The comment is right, you should use join and count for your purpose. Note that the requests and dependencies are related by operation_Id.
Please use the code below which works for me (list requests that have more than 3 dependencies).
let myrequests = requests
| where timestamp > ago(1h)
| join (dependencies | where timestamp > ago(1h))
on operation_Id
| summarize mycount=count() by operation_Id
| where mycount > 3;
requests
| where timestamp >ago(1h)
| join myrequests
on operation_Id
Result as below:
I have an application insights query. And in this query I want to join/combine several columns into a single column for display how can this be accomplished.
I want to combine ip, city, state, country.
customEvents
| where timestamp >= ago(7d)
| where (itemType == 'customEvent')
| where name == "Signin"
| project timestamp, customDimensions.appusername, client_IP,client_City,client_StateOrProvince, client_CountryOrRegion
| order by timestamp desc
strcat is your friend, with whatever strings you want as separators (i just use spaces in the example):
| project timestamp, customDimensions.appusername,
strcat(client_IP," ",client_City," ",client_StateOrProvince," ", client_CountryOrRegion)
also, the | where (itemType == 'customEvent') in your query is unnecessary, as everything in the customEvents table is already a customEvent. you only need a filter like that on itemType if you join multiple tables somehow (like union requests, customEvents or a join somewhere in your query that references multiple tables)
I have an Application Insights Azure Stream Analytics query that looks like this...
requests
| summarize count() by bin(duration, 1000)
| order by duration asc nulls last
...which gives me something like this, which shows the number of requests binned by duration in seconds, recorded in Application Insights.
| 0 | 1000 |
| 1000 | 500 |
| 2000 | 200 |
I would like to able to add another column which shows the count of exceptions from all requests in each bin.
I understand that extend is used to add additional columns, but to do so I would have to reference the 'outer' expression to get the bin constraints, which I don't know how to do. Is this the best way to do this? Or am I better off trying to join the two tables together and then doing the summarize?
Thanks
As you suspected - extend will not help you much here. You need is to run join kind=leftouter on the operation IDs (leftouter is needed so you won't drop requests that did not have any exceptions):
requests
| join kind=leftouter (
exceptions
| summarize exceptionsCount = count() by operation_Id
) on operation_Id
| summarize count(), sum(exceptionsCount) by bin(duration, 1000)
| order by duration asc nulls last
Based on datapoint numbers I'm seeing, a client's website is averaging 28 dependencies per each request. That does seem very high to me so I'd like to do some analysis by rolling dependency data points up on page views and requests to the website. Unfortunately, looking at the fields available via Application Insights, there doesn't seem to be a natural field to join dependency to pageviews or requests. Any thoughts as to how I would go about doing so?
You can consider using OperationContext
This may get you running in the right direction
requests
| where timestamp > ago(1d)
| project timestamp, operation_Id
| join (dependencies
| where timestamp > ago(1d)
| summarize count(duration) by operation_Id, type
) on operation_Id
This is what I use to look at 22 hours of my data for a particular request talking to sql server
// Requests
requests
| where timestamp >= datetime(2017-08-24T08:59:59.999Z) and timestamp < datetime(2017-08-25T06:30:00.001Z)
| where (itemType == 'request' and ((timestamp >= datetime(2017-08-24T09:00:00.000Z) and timestamp <= datetime(2017-08-25T06:30:00.000Z)) and (client_Type == 'PC' and operation_Name == 'POST /CareDelivery/CareDelivery/ServiceUserDetailsForDeviceUserChunked/00000000-0000-0000-0000-000000000000')))
| join (dependencies
| where timestamp >= datetime(2017-08-24T08:59:59.999Z) and timestamp < datetime(2017-08-25T06:30:00.001Z)
| summarize count(duration) by operation_Id, type
) on operation_Id
| summarize count_dependencies=avg(count_duration) by type, bin(timestamp, 20m)
Post this into the query and the format will be ok, and you can read it - wish i could