I want to have a table that stores only daily tables sizes.
But it won't work this way:
.set-or-replace async tables_daily_storage <|
(
.show cluster extents
| where MinCreatedOn >= startofday(now())
| project DatabaseName,TableName,OriginalSize,D=bin(MinCreatedOn,1d)
| summarize total_size=sum(OriginalSize) by DatabaseName, TableName
)
Because I used .show function which is a management function.
Is there anything to get around this problem?
Simply remove the brackets
doc
.set-or-replace async tables_daily_storage <|
.show cluster extents
| where MinCreatedOn >= startofday(now())
| project DatabaseName,TableName,OriginalSize,D=bin(MinCreatedOn,1d)
| summarize total_size=sum(OriginalSize) by DatabaseName, TableName
Related
The following example query works in the Azure Data Explorer UI but not with Kqlmagic in Jupyter Notebook.
%%kql
let min_t = toscalar(demo_make_series1 | summarize min(TimeStamp));
let max_t = toscalar(demo_make_series1 | summarize max(TimeStamp));
demo_make_series1
| make-series num=count() default=0 on TimeStamp in range(min_t, max_t, 1h) by OsVer
| render timechart
It just throws No valid xcolumn. Any idea whats the issue?
Note: The database demo_make_series1 is available on the help cluster from ADX.
This indeed looks like a bug in KqlMagic rendering. We shall check and update. Meanwhile you can use mv-expand before rendering. Regardless, in make-series I suggest you avoid using the deprecated range(...) syntax in favor of 'from ... to ... step ...'. Here is the updated query:
%%kql
let min_t = toscalar(demo_make_series1 | summarize min(TimeStamp));
let max_t = toscalar(demo_make_series1 | summarize max(TimeStamp));
demo_make_series1
| make-series num=count() default=0 on TimeStamp from min_t to max_t step 1h by OsVer
| mv-expand num to typeof(long), TimeStamp to typeof(datetime)
| render timechart
thanks,
Adi
After upgrading to mariadb 10.5.11 I ran into a weird problem with the indexes.
Simple table with two colums Type(varchar) and Point(point)
An index on Type(Tindex) and a spatial index on Point(Pindex)
Now a query like
SELECT X(Point) as x,Y(Point) as y,hotels.Type FROM hotels WHERE (Type in ("acco")) AND MBRContains( GeomFromText( 'LINESTRING(4.922 52.909,5.625 52.483)' ), hotels.Point)
;
Results in a
Error in query (1207): Update locks cannot be acquired during a READ UNCOMMITTED transaction
While both
SELECT X(Point) as x,Y(Point) as y,hotels.Type FROM hotels USE INDEX (Pindex) WHERE (Type in ("acco")) AND MBRContains( GeomFromText( 'LINESTRING(4.922 52.909,5.625 52.483)' ), hotels.Point)
;
and
SELECT X(Point) as x,Y(Point) as y,hotels.Type FROM hotels USE INDEX (Tindex) WHERE (Type in ("acco")) AND MBRContains( GeomFromText( 'LINESTRING(4.922 52.909,5.625 52.483)' ), hotels.Point)
;
work fine. As mariadb 10.5.10 did
| id | select_type | table | type | possible_keys | key | key_len | ref | rows | Extra |
| 1 | SIMPLE | hotels | range|filter | Type,Pindex | Pindex|Type | 34|302 | NULL | 340 (4%) | Using where; Using rowid filter |
The issue is now being tracked as MDEV-26123 (I guess you reported it there). The issue description says that the problem was introduced in MariaDB 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.1.
I ran into the issue after upgrading to MariaDB 10.6.4. I downgraded to 10.6.0, which was possible without having to do any migration of the data. It seems to have fixed the problem for now.
The cause of this appears to be the code fix for MDEV-25594.
I cannot see anything in the commit message or discussion there that indicates that a change to the READ UNCOMMITTED behavior was intentional.
There are no open bug reports on this so I recommend you create a new bug report.
select ##session.autocommit;
set ##session.autocommit=0;
select ##session.autocommit;
#add in my.cnf
autocommit = 0
using mariadb 10.2.40 ( resolved )
https://developpaper.com/transaction-isolation-level-of-mariadb/
Query1
cluster(x).database('$systemdb').Operations
| where Operation == "DatabaseCreate" and Database contains "oci-"| where State =='Completed'
and StartedOn between (datetime(2020-04-07) .. 3d)
| distinct Database , StartedOn
| order by StartedOn desc
Output of my query1 is list of databases , now I have to pass each db value into query2 to get buildnumber
Query2:
set query_take_max_records=5000;
let view=datatable(Property:string,Value:dynamic)[];
let viewFile=datatable(FileName:string)[];
alias database db = cluster(x).database('y');
let latestInfoFile = toscalar((
union isfuzzy=true viewFile,database('db').['TextFileLogs']
| where FileName contains "AzureStackStampInformation"
| distinct FileName
| order by FileName
| take 1));
union isfuzzy=true view,(
database('db').['TextFileLogs']
| where FileName == latestInfoFile
| distinct LineNumber,FileLineContent
| order by LineNumber asc
| summarize StampInfo=(toobject(strcat_array(makelist(FileLineContent,100000), "\r\n")))
| mvexpand bagexpansion=array StampInfo
| project Property=tostring(StampInfo[0]), Value=StampInfo[1]
)|where Property contains "StampVersion" | project BuildNumber = Value;
database() function: is a special scoping function, and it does not support non-constant arguments due to security consideration.
As a result - you cannot use sub-query to fetch list of databases and then operate on this list as input for database() function.
This behavior is described at:
https://learn.microsoft.com/en-us/azure/kusto/query/databasefunction?pivots=azuredataexplorer
Syntax
database(stringConstant)
Arguments
stringConstant: Name of the database that is referenced. Database identified can be either DatabaseName or PrettyName. Argument has to be constant prior of query execution, i.e. cannot come from sub-query evaluation.
I have 2 KQL queries and I want to combine them in order to display two rows as one result. Not just result of first query, then result of second query:
R_CL
| where isnotempty(SrcIP_s)
| project Message
| take 1;
R_CL
| where isempty(SrcIP_s)
| project Message
| take 1
See sample R_L below.I would like to see 2 rows as result, one with SrcIP_s not empty, and the second with SrcIP_s empty (in this case it will be always same one)
let R_CL = datatable ( SrcIP_s:string, Message:string)
["1.1.1.1" ,"one",
"" ,"two",
"2.2.2.2","three",
"3.3.3.3","four"];
R_CL
| project SrcIP_s, Message
A simple solution for this would be to use the union operator like this:
let query1 = R_CL
| where isnotempty(SrcIP_s)
| project Message
| take 1;
let query2 = R_CL
| where isempty(SrcIP_s)
| project Message
| take 1;
query1
| union query2;
I know this is an old request - but here's a sample query using views and a union for your single query:
Your two separate queries...
R_CL
| where isnotempty(SrcIP_s)
| project Message
| take 1;
R_CL
| where isempty(SrcIP_s)
| project Message
| take 1
would become:
let Query1 = view () {
R_CL
| where isnotempty(SrcIP_s)
| project Message
| take 1;
};
let Query2 = view () {
R_CL
| where isempty(SrcIP_s)
| project Message
| take 1
};
union withsource="TempTableName" Query1, Query2
I use this query to display exceptions:
exceptions
| where application_Version == "xyz"
| summarize count_=count(itemCount), impactedUsers=dcount(user_Id) by problemId, type, method, outerMessage, innermostMessage
| order by impactedUsers
How to query what percent of users are impacted by specific exception?
I would check all users by this query:
customEvents
| where application_Version == "xyz"
| summarize dcount(user_Id)
You're almost there with what you have, you just need to connect the two:
use let + toscalar to define the results of a query as a number
reference that in your query (i used *1.0 to force it to be a float, otherwise you get 0, and used round to get 2 decimals, adjust that however you need)
making your query:
let totalUsers = toscalar(customEvents
| where application_Version == "xyz"
| summarize dcount(user_Id));
exceptions
| where application_Version == "xyz"
| summarize count_=count(itemCount),
impactedUsers=dcount(user_Id),
percent=round(dcount(user_Id)*1.0/totalUsers*100.0,2)
by problemId, type, method, outerMessage, innermostMessage
| order by impactedUsers