Azure log analytics timechart with multiple dimensions

Question

In the Azure new log analytics query platform you can query for performance counters and summarize them to finally create a nice graph.

Following the multiple dimensions documentation example it says

Multiple expressions in the by clause creates multiple rows, one for each combination of values.

I want to query their sample database for networks bytes Send and Received per each computer. Starting with this query it should be something like

Perf | where TimeGenerated > ago(1d) | where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") | summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, CounterName | extend Threshold = 20 | render timechart

The problem is that Send and Received bytes gets grouped in the graph at computer level.

How can multiple dimensions be represented as stated in the documentation so that I have Computer X Bytes Send and Computer X Bytes Received instead of them grouped together witch doesn't make any sense?

Not to mention that in the previous version this was working as expected.

Answer 1

I though that if multiple dimensions are not really accepted a string concatenation would do the trick. A bit hackish in my opinion but it did.

Perf
| where (CounterName == "Bytes Received/sec" or CounterName == "Bytes Sent/sec") and InstanceName matches regex "^Microsoft Hyper-V Network Adapter.*$"
| summarize avg(CounterValue) by strcat(Computer, " ", CounterName), bin(TimeGenerated, 10s)
| render timechart

Answer 2

Another option is this

let RuntimeID = CosmosThroughput_CL 
| where MetricName_s == "ProvisionedThroughput" and TimeGenerated between (ago(2h) .. ago(1h))
| order by TimeGenerated desc  
| top 1 by TimeGenerated
| distinct RuntimeID_g;
CosmosThroughput_CL 
| where MetricName_s == "ProvisionedThroughput" and RuntimeID_g in (RuntimeID)
| project Resource = toupper(Resource), Value = Throughput_d, Container = Container_s, Database = Database_s, MetricName = "Provisioned"
| union 
    (
        AzureDiagnostics 
        | where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
        | where TimeGenerated between (ago(1d) .. ago(1d-1h))
        | summarize Value = sum(todouble(requestCharge_s)) by Resource, databaseName_s, collectionName_s
        | project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "HourlyUsage"
    ) 
| union 
    ( 
        AzureDiagnostics 
        | where ResourceProvider == "MICROSOFT.DOCUMENTDB" and Category == "PartitionKeyRUConsumption"
        | where TimeGenerated between (ago(1d) .. ago(1d-1h))
        | summarize Value = sum(todouble(requestCharge_s)/3600) by Resource, databaseName_s, collectionName_s
        | project Resource, Container = collectionName_s, Database = databaseName_s, Value, MetricName = "RUs"
    )
| project Resource, Database, Container, Value, MetricName

The important part is to project the same column names. Value holds the different values from each table. Second union helps me project another value from the same table.