1

Summary

Depending on an input parameter I would like to use table1 or table2 for Kusto query.

Background

I've got a Kusto table, e.g. "table_all", with webserver access logs, lots of rows for all customer traffic. Currently I am adding a second table that contains the number of hits per customer per minute or per hour. ("table_aggregated")

To visualise this I am using Grafana with Kusto to plot number of hits per customer over time. The Grafana dashboard contains a query like

table_all
| where $__timeFilter(event_timestamp)
| where customer == "$customer"
| summarize count(), bin(event_timestamp, $__interval)

which works ok to plot the number of hits of a particular customer over time.

Depending on Grafana's time range view I would like to use either table_full or table_aggregated as input into the query.

When a full month or more is selected in Grafana $__interval is set to 1h, and I could leverage the table with aggregated data.

Is there a way to build the input table name from the value of $__interval?

Improve this question
1
  • Same Question I am facing. Any luck? Commented Oct 20, 2020 at 10:17

1 Answer 1

Reset to default
3

you could potentially use union to achieve that: https://learn.microsoft.com/en-us/azure/kusto/query/unionoperator

for example:

let T1 = range x from 1 to 3 step 1;
let T2 = range x from 11 to 13 step 1;
let _interval = 7h;
union
(T1 | where _interval < 5h),
(T2 | where _interval >= 5h)

Will return the numbers 11,12,13.

And if you replace 7h with, say, 3h, it'll return the numbers 1,2,3

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.