Develop Reference

Kusto query help for Time chart

I am writing a Kusto query to display ths status of build results in time chart. That is the first column will display the time in 5 mins difference and the remaining columns will have the count for the respective Build status like (sucess, failed, in progress)
Once I do all the filters, I am using the below query
´´´| summarize count= count() by Status ,bin(timestamp(), 1h)
| render timechart´´´
It says unknown function and I am not sure how to display a time chart. So for each status how do I get the count for every 5 mins. Thanks for any inputs.

It seems that the issue is that you are using the function notation when you are telling the "bin" function which column to use, instead of simply provide the name of the column. In other words, remove the parenthesis after the column name timestamp as follows:
T
| summarize count= count() by Status ,bin(timestamp, 1h) | render timechart

Aggregations in Application Insights analytics treated as scalars

I have this query in application insights analytics
let total = exceptions
| where timestamp >= ago(7d)
| where problemId contains "Microsoft.ServiceBus"
| summarize sum(itemCount);
let nullContext = exceptions
| where timestamp >= ago(7d)
| where problemId contains "Microsoft.ServiceBus"
| where customDimensions.["SpecificTelemetry.Message"] == "HttpContext.Current is null"
| summarize sum(itemCount);
let result = iff(total == nullContext, "same", "different");
result
but I get this error
Invalid relational operator
I am surprised as yesterday with the same code (as far as I remember) I was getting a different error saying that both sides of the check would need to be scalar but my understanding was that the aggregation even if it displays a value (under sum_countItem) it's not a scalar. But couldn't find a way to transform it or now to get rid of this work.
Thanks

Couple of issues.
First - the Invalid relational operator is probably due to the empty lines between your let statements. AI Analytics allows you to write several queries in the same window, and uses empty lines to separate those. So in order to run all the statements as a single query you need to eliminate the empty lines.
Regarding the error of "Left and right side of the relational operator must be scalars" - the result of the "summarize" operator is a table and not scalar. It can contain a single line/column or multiple of those (think of what happens if you add a "by" clause to the summarize).
To achieve what you want to do you might want to use a single query as follows:
exceptions
| where timestamp >= ago(7d)
| where problemId contains "Microsoft.ServiceBus"
| extend nullContext = customDimensions.["SpecificTelemetry.Message"] == "HttpContext.Current is null"
| summarize sum(itemCount) by nullContext

How to update entries in a table within a nested dictionary?

I am trying to create an order book data structure where a top level dictionary holds 3 basic order types, each of those types has a bid and ask side and each of the sides has a list of tables, one for each ticker. For example, if I want to retrieve all the ask orders of type1 for Google stock, I'd call book[`orderType1][`ask][`GOOG]. I implemented that using the following:
bookTemplate: ([]orderID:`int$();date:"d"$();time:`time$();sym:`$();side:`$();
orderType:`$();price:`float$();quantity:`int$());
bookDict:(1#`)!enlist`orderID xkey bookTemplate;
book: `orderType1`orderType2`orderType3 ! (3# enlist(`ask`bid!(2# enlist bookDict)));
Data retrieval using book[`orderType1][`ask][`ticker] seems to be working fine. The problem appears when I try to add new order to a specific order book e.g:
testorder:`orderID`date`time`sym`side`orderType`price`quantity!(111111111;.z.D;.z.T;
`GOOG;`ask;`orderType1;100.0f;123);
book[`orderType1][`ask][`GOOG],:testorder;
Executing the last query gives 'assign error. What's the reason? How to solve it?

A couple of issues here. First one being that while you can lookup into dictionaries using a series of in-line repeated keys, i.e.
q)book[`orderType1][`ask][`GOOG]
orderID| date time sym side orderType price quantity
-------| -------------------------------------------
you can't assign values like this (can only assign at one level deep). The better approach is to use dot-indexing (and dot-amend to reassign values). However, the problem is that the value of your book dictionary is getting flattened to a table due to the list of dictionaries being uniform. So this fails:
q)book . `orderType1`ask`GOOG
'rank
You can see how it got flattened by inspecting the terminal
q)book
| ask
----------| -----------------------------------------------------------------
orderType1| (,`)!,(+(,`orderID)!,`int$())!+`date`time`sym`side`orderType`pric
orderType2| (,`)!,(+(,`orderID)!,`int$())!+`date`time`sym`side`orderType`pric
orderType3| (,`)!,(+(,`orderID)!,`int$())!+`date`time`sym`side`orderType`pric
To prevent this flattening you can force the value to be a mixed list by adding a generic null
q)book: ``orderType1`orderType2`orderType3 !(::),(3# enlist(`ask`bid!(2# enlist bookDict)));
Then it looks like this:
q)book
| ::
orderType1| `ask`bid!+(,`)!,((+(,`orderID)!,`int$())!+`date`time`sym`side`ord
orderType2| `ask`bid!+(,`)!,((+(,`orderID)!,`int$())!+`date`time`sym`side`ord
orderType3| `ask`bid!+(,`)!,((+(,`orderID)!,`int$())!+`date`time`sym`side`ord
Dot-indexing now works:
q)book . `orderType1`ask`GOOG
orderID| date time sym side orderType price quantity
-------| -------------------------------------------
which means that dot-amend will now work too
q).[`book;`orderType1`ask`GOOG;,;testorder]
`book
q)book
| ::
orderType1| `ask`bid!+``GOOG!(((+(,`orderID)!,`int$())!+`date`time`sym`side`o
orderType2| `ask`bid!+(,`)!,((+(,`orderID)!,`int$())!+`date`time`sym`side`ord
orderType3| `ask`bid!+(,`)!,((+(,`orderID)!,`int$())!+`date`time`sym`side`ord
Finally, I would recommend reading this FD whitepaper on how to best store book data: http://www.firstderivatives.com/downloads/q_for_Gods_Nov_2012.pdf

MS Access use iif statement select query as alias

I am trying to build a query to get the student results for a specific exam as a table that can be merge to a word document. The following works fine but seems very ineficient since I need to call the same query twice in the same iif statement.
Test1: IIf(Round((SELECT tblMarks.Score FROM tblMarks WHERE tblMarks.Test = 'Test1' AND [tblMarks].[ID] = [tblStudents].ID AND [tblMarks].[Rewrite] = false)*100,0)<70,70,Round((SELECT tblMarks.Score FROM tblMarks WHERE tblMarks.Test = 'Test1' AND [tblMarks].[ID] = [tblStudents].ID AND [tblMarks].[Rewrite] = false)*100,0))
To get rid of the second query call I tried the following but StudentScore is not being recognized by the IIF false condition.
Test1: IIf(Round((SELECT tblMarks.Score AS StudentScore FROM tblMarks WHERE tblMarks.Test = 'Test1' AND [tblMarks].[ID] = [tblStudents].ID AND [tblMarks].[Rewrite] = false)*100,0)<70,70, StudentScore)
I have many of those test field (test2, test3 etc...) so even just removing the extra query per field would probably help speed things up quite a bit.
Does anyone has any idea if what I am trying to do even possible??? Any help appreciated.
Thanks.
UPDATE:
I am trying to create a table/query to be use to merge into an MS Word document with fields. This new query combines many tables into one. Here's and example of the table structure:
tblStudent: StudentID, Name etc... A lot of personal info.
tblScore: StudentID, Test, Score, Rewrite etc...
New Query field are:
DISTINCT tblStudent.StudentID, tblStudent.Name, tblScore.Test(as shown above) AS Test1, tblScore.Test(Same as above but with test2) AS Test2, ... Where CourseName.....
Hope this help people see what I am trying to do; which work fine I am just trying to eliminate the second query in the if statement. Sorry this is the best I can do right now since I am not at work right now and this is where all this stuff is stored.

Does `sqlite3` support loops?

I wrote the little bash script below and it works as intended, but I added couple comments and newlines for readability which breaks the code. Removing comments and newlines should make it a valid script.
### read all measurements from the database and list each value only once
sqlite3 -init /tmp/timeout /tmp/testje.sqlite \
'select distinct measurement from errors order by measurement;' |
### remove the first line of stdout as this is a notification rather than intended output
sed '1d' |
### loop though all found values
while read error; do
### count the number of occurences in the original table and print that
sqlite3 -init /tmp/timeout /tmp/testje.sqlite \
"select $error,count( measurement ) from errors where measurement = '$error' ;"
done
The result is like this:
134 1
136 1
139 2
159 1
Question: Is it possible with sqlite3 to translate the while-loop to SQL statements? In other words, does sqlite3 support some sort of for-loop to loop through results of a previous query?
Now I know sqlite3 is a very limited database and chances are that what I want is just too complex for it. I've been searching, for it but I'm really a database nitwit and the hits I get so far are either on a different database or solving an entirely different problem.
The easiest answer (that I do not hope for BTW) is 'sqlite3 does not support loops'.

SQLite does not support loops. Here is the entire language, you'll notice that structured programming is completely absent.
However, that's not to say that you can't get what you want without loops, using sets or some other SQL construct instead. In your case it might be as simple as:
select measurement, count( measurement ) from errors GROUP BY measurement
That will give you a list of all measurements in the errors table and a count of how often each one occurs.
In general, SQL engines are best utilized by expressing your query in a single (sometimes complex) SQL statement, which is submitted to the engine for optimization. In your example you've already codified some decisions about the strategy used to get the data from the database -- it's a tenet of SQL that the engine is better able to make those decisions than the programmer.