TechQA.

Kusto: query to group http status codes

4.3k views Asked by At

I'm trying to query some Azure Application Gateway related things from Azure Log Analytics.

I get for a query like this results for every single http status code:

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| summarize count() by httpStatus_d, Resource

Now I need those results grouped for 2xx, 3xx, 4xx and 5xx.

New to Kusto I don't find the right approach to achieve this. Thanks for your hints!

azure azure-data-explorer kql
Original Q&A
3

There are 3 answers

2
Yoni L. On BEST ANSWER

you could try using the bin() function, e.g.:

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| summarize count() by bin(httpStatus_d, 100), Resource
0
MaxiPalle On

Thanks to @yoni who sent me into the right direction.

I solved this like this:

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayAccessLog"
| extend HTTPStatus = case(httpStatus_d between (200 .. 299), "2XX",
                       httpStatus_d between (300 .. 399), "3XX",
                       httpStatus_d between (400 .. 499), "4XX",
                       "5XX")
| summarize count() by HTTPStatus, bin(timeStamp_t, 1h)
| render timechart
0
Randy On

Group by all httpStatus_d values automatically.

AzureDiagnostics 
| where TimeGenerated > ago(30d)
| summarize count=count() by httpStatus_d
| order by httpStatus_d asc

Related Questions in AZURE

Related Questions in AZURE-DATA-EXPLORER

Related Questions in KQL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions