Timechart x-axis time is printed in UTC-2h, while it should be printed in UTC. Other chars, such us Columnchart, work fine (time is shown in UTC).
Is this an issue?
Is it possible to format time in charts? For instance, printing x-axis time in local time...
Timechart column in Azure Data Explorer is stored in UTC (Local time -2h in my location).
When printing a columnchart, time in X-axis is printed in UTC (local time -2h) -> OK
columnchart output
When printing a timechart, time in x-axis is printed in UTC-2h (local time-4)-> KO
timechartoutput
Azure Data Explorer query:
let min_t = toscalar (<tablename> | summarize min(Timestamp));
let max_t = toscalar (<tablename> | summarize max(Timestamp));
<tablename>
| make-series sum(TrxCount) on Timestamp in range(min_t, max_t, 30m )
| render columnchart
This is indeed a bug.
It happens specifically after make-series so doing something like
<tablename> | summarize sum(TrxCount) by bin(Timestamp, 30m) | render timechart
should work (although it won't fill empty data like make-series does.
Related
I would like to accumulate values by timestamp in a ever growing manner.
The following query
ContainerLog
| extend logsize = string_size(LogEntry)
| summarize sum(logsize) by bin(TimeGenerated, 1m)
| render timechart
generates a graph that goes up and down:
I would like to add the previous value with the current value, this way generating an always growing graph symbolizing the total amount of requests up to that moment.
// Sample data generation. Not part of the solution.
let ContainerLog = materialize(range i from 1 to 15 step 1 | extend TimeGenerated = ago(7d*rand()), logsize = rand(1000));
// Solution starts here.
ContainerLog
| summarize sum(logsize) by bin(TimeGenerated, 1m)
| order by TimeGenerated asc
| extend accumulated_sum_logsize = row_cumsum(sum_logsize)
| render timechart
Fiddle
P.S.
I kept sum_logsize for learning purposes.
In your scenario it can be removed.
I am newer to KQL and I am trying to write a query against configuration changes made to files with an extension of ".config" and would like to remove results that are generated under the "TimeGenerated [UTC]" column. The results should exclude Thursday's from midnight- 2am EST. Understanding that TimeGenerated is in UTC, the query should be offsetting that to return EST.
Would someone be able to assist me in writing this? Not sure how to write it up as to have it return the results that exclude the specific time frame. Below is what I have so far:
ConfigurationChange
| where dayofweek(datetime_add('hour', -5, TimeGenerated)) != 4d and hourofday(datetime_add('hour', -5, TimeGenerated)) !in(0, 1) // <---
| where ConfigChangeType in ("Files")
| where FileSystemPath endswith ".config"
| sort by TimeGenerated
| render table
Replace 4d with 4, because dayofweek() returns the number of day (between 0 and 6).
I am newer to KQL and I am trying to write a query against configuration changes made to files with an extension of ".config" and would like to remove results that are generated under the "TimeGenerated [UTC]" column. The results should exclude Thursday's from midnight- 2am EST. Would someone be able to assist me in writing this? Not sure how to write it up as to have it return the results that exclude the specific time frame. Below is what I have so far:
ConfigurationChange
| where ConfigChangeType in("Files")
| where FileSystemPath contains ".config"
| sort by TimeGenerated
| render table
Try adding the following filter, using dayofweek() and hourofday().
Note: The example below works in UTC. You can add the current offset of UTC -> EST to TimeGenerated as part of the filter
ConfigurationChange
| where dayofweek(TimeGenerated) != 6d and hourofday(TimeGenerated) !in(0, 1) // <---
| where ConfigChangeType in ("Files")
| where FileSystemPath contains ".config"
| sort by TimeGenerated
| render table
In my angular application I am tracking filters that users utilize on one of the pages. What I can later see in Logs, is the following (query for last 24 hours)
What I am interested in, is the count of filters groupped by its name. So I created the following query:
However the problem as you can see, is that my y-axis starts from 1 instead of 0. To users this looks like the last two filters don't have any values, where in reality they both have count of 1.
I have tried to use ymin=0 together with render function, however it did not work (chart still starts from 1). Then I have read I need to use make-series() function and so I tried:
customEvents
| where timestamp >= ago(24h)
| where customDimensions.pageName == 'product'
| make-series Count=count(name) default=0 on timestamp from datetime(2019-10-10) to datetime(2019-10-11) step 1d by name
| project name, Count
However the result is some weird matrix instead of a regular table:
I have just started with application insights thus any help in respect to this matter would be more than appreciated. Thank you
in Workbooks in application insights you could do almost this query (see below for a simplification?), then use the chart settings and set the axis min/max explicitly:
but why are you using make-series but then summarizing to just one series?
in this specific case is summarize simpler:
customEvents
| where timestamp between(datetime(2019-10-10) .. datetime(2019-10-11))
| where customDimensions.pageName == 'product'
| summarize Count=count(name) by name
| render barchart
in the logs blade (where you are), you could do this query, and I believe you can use
render barchart title="blah" ymin=0
(at some point workbooks will be able to "see" all the rendeer options like ymin/ymax/xmin/xmax/title/etc, but right now they're all stripped out at service layer)
A bit late to the party, but the correct syntax to pass in ymin and ymax when using a query is this:
| ...
| render barchart with (ymin=0, ymax=100)
See https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/renderoperator?pivots=azuremonitor
I would like my conky system monitor to show a time series of rain forecast probabilities as a graph. I request the forecast data via the darksky API and format it to csv with jq like this
curl "https://api.darksky.net/forecast/<myapikey>/<mylat>,<mylon>" |
jq '.minutely.data | map([.time, .precipProbability] | join(",")) | join("\n") ' |
sed 's/"//g' | sed 's/\\n/\n/g'
which produces output like this
1552253100,0
1552253160,0
1552253220,0
1552253280,0
1552253340,0
1552253400,0.01
1552253460,0.03
...
Is there a way to display this data in conky with ${execgraph ...} or similar? As far as I understand, you can only pass a single value at a time to update execgraph, but I want to display an entire time series at once.
At the moment I pass the data to gnuplot, produce a graph and include it in conky as an ${image ...} which works alright, but perhaps there is a native conky solution.
If displaying the probabilities from when conky starts and thereafter is sufficient, you could use ${execgraph ...} and just pass the latest value in the series each time conky updates.