是否可以更好地优化我的Kusto查询

时间:2020-04-16 23:07:25

标签: kusto azure-data-explorer kql

以下是我的Kusto查询,它在镜头仪表盘中需要2分钟以上的时间才能显示数据,我优化了查询以在let语句中包含materialize()并包含has。还有其他方法可以更好地对其进行优化。

let C_masfunteams = materialize(find withsource=source in (cluster(X).database('oci-*').['TextFileLogs'])     where AttemptedIngestTime > ago(7d)
and FileLineContent  has "<li>Build Number:"  | summarize min(AttemptedIngestTime) by source, FileLineContent);//, AttemptedIngestTime
let n = C_masfunteams | extend databaseName = extract(@"""(oci-[^""]*)""", 1, source)
| extend BuildNumber = extract(@"([A-Z]\w*\.[0-9]\d*\.[0-9]\d*\.[0-9]\d*)",1,FileLineContent)
| extend StampVersion = extract(@"([0-9]\d*\.[0-9]\d*\.[0-9]\d*\.[0-9]\d*)",1,FileLineContent)
|extend cluster ='masfunteams'
| project BuildNumber , StampVersion , min_AttemptedIngestTime
|  summarize NumberOfRuns=count() , ingestedtime = min(min_AttemptedIngestTime) by BuildNumber,StampVersion;
let C_masfun= materialize(find withsource=source in (cluster(Y).database('oci-*').['TextFileLogs'])     where AttemptedIngestTime > ago(7d)
and FileLineContent  has "<li>Build Number:"  | summarize min(AttemptedIngestTime) by source, FileLineContent);//, AttemptedIngestTime
let m = C_masfun | extend databaseName = extract(@"""(oci-[^""]*)""", 1, source)
| extend BuildNumber = extract(@"([A-Z]\w*\.[0-9]\d*\.[0-9]\d*\.[0-9]\d*)",1,FileLineContent)
| extend StampVersion = extract(@"([0-9]\d*\.[0-9]\d*\.[0-9]\d*\.[0-9]\d*)",1,FileLineContent)
|extend cluster ='masfunteams'
| project BuildNumber , StampVersion , min_AttemptedIngestTime
|  summarize NumberOfRuns=count() , ingestedtime = min(min_AttemptedIngestTime) by BuildNumber,StampVersion;
let C_masvaas = materialize(find withsource=source in (cluster(z).database('oci-*').['TextFileLogs'])     where AttemptedIngestTime > ago(7d)
and FileLineContent  has "<li>Build Number:"  | summarize min(AttemptedIngestTime) by source, FileLineContent);//, AttemptedIngestTime
let o= C_masvaas | extend databaseName = extract(@"""(oci-[^""]*)""", 1, source)
| extend BuildNumber = extract(@"([A-Z]\w*\.[0-9]\d*\.[0-9]\d*\.[0-9]\d*)",1,FileLineContent)
| extend StampVersion = extract(@"([0-9]\d*\.[0-9]\d*\.[0-9]\d*\.[0-9]\d*)",1,FileLineContent)
|extend cluster ='masfunteams'
| project BuildNumber , StampVersion , min_AttemptedIngestTime
|  summarize NumberOfRuns=count() , ingestedtime = min(min_AttemptedIngestTime) by BuildNumber,StampVersion;
union isfuzzy=true  m,n,o
| summarize Ingestedtime =min(ingestedtime) by BuildNumber,StampVersion

1 个答案:

答案 0 :(得分:1)

您好,查询非常复杂,而且如果没有在实际集群上运行查询,就很难弄清楚预期结果是什么。因此,这里有一些提示:

  1. 考虑使用统一逻辑对联合运算符作为第一个运算符启动,以进行过滤,解析和汇总运算
  2. 如果只使用每个数据集一次,请考虑删除materialize()
  3. 考虑删除“查找”,因为您没有在多列中进行搜索,如果要使用它在输出记录集中获取源表,请考虑在联合声明中添加“ withsource”
  4. 如果可能的话,请考虑使用“ parse”运算符代替正则表达式

希望这会有所帮助!

相关问题
最新问题