Forum Discussion
KQL Query to summerize session counts over time
Hello folks,
I'm trying to find a "good" way to achieve what I think is a simple task but cannot think of a simple solution.
I have logs with session information, one entry per session
StartTime(datetime), EndTime(datetime), Duration(in seconds), Computer(string)
I want to count how many sessions are active for each 5 minute interval and graph that. Keep in mind, the sessions will overlap. I included a graphic of what I'm trying to do. With the result below
Which should return:
Time + 5, 1
Time + 10, 3
Time + 15, 3
Time + 20, 2
1 Reply
How about this:
let binSize = 5m; Sessions | extend StartBin = bin(StartTime, binSize) | extend EndBin = bin(EndTime, binSize) | mv-expand TimeBin = range(StartBin, EndBin, binSize) | summarize ActiveSessions = count() by TimeBin | order by TimeBin asc
