Forum Discussion

GouravIN's avatar
GouravIN
Brass Contributor
Aug 31, 2018
Solved

Need Some enhancement in query

Hi Team,   I am using below queries to check data of top 10 CPU, Memory and Disk information from OMS.   let TopComputers = Perf | where ObjectName == 'Processor' and CounterName == '% Processor...
azure monitor
Query Language
  • Billy York's avatar
    Billy York
    Sep 01, 2018

    I get it now, for a single aggregated value, remove bin(TimeGenerated, 1h) and | render timechart

    as the render timechart would be useless in this instance and only give you a single dot per computer.

     

    So you'll need two separate queries for charting that uses the bin(TimeGenerated, 1h) and one without for the single aggregated value over whatever timespan you want. I hope that answers your question.

Billy York's avatar
Billy York
Iron Contributor
Aug 31, 2018

Hi Gourav, 

I do not understand your question(s) in the last two paragraphs. Are you trying to give query to someone and only want to summarize the total aggregated value over a time period?

 

you're queries worked fine in my environment they returned back the top ten, as expected.

GouravIN's avatar
GouravIN
Brass Contributor
Sep 01, 2018

Hi Billy,

 

Query is working fine, have you noticed its in the output servers name appears many time. I want to reduce this as single time with aggregated value.

 

Generally we could say, i am not looking for every sample data. It would be great be if i can query and summarize the computer name once for a time period.

 

I have attached a screenshot where we could see a servers has 4 samples, one has 3 and others has 2 samples so on.

 

So i want result in the form of single aggregated sample.  No server should not be repeat in output.

 

Hope i made it clear now. :)

 

 

  • Billy York's avatar
    Billy York
    Iron Contributor
    Sep 01, 2018

    I get it now, for a single aggregated value, remove bin(TimeGenerated, 1h) and | render timechart

    as the render timechart would be useless in this instance and only give you a single dot per computer.

     

    So you'll need two separate queries for charting that uses the bin(TimeGenerated, 1h) and one without for the single aggregated value over whatever timespan you want. I hope that answers your question.

    • GouravIN's avatar
      GouravIN
      Brass Contributor
      Sep 01, 2018

      Hi Billy,

      Thanks for the prompt answer got your point now.

       

      Could be made the below query in same way:-

      Perf
      | where (ObjectName == "Memory" and CounterName == "% Committed Bytes In Use")
      or (ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total")
      and TimeGenerated < now(24h)
      | summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, ObjectName
      | evaluate pivot(ObjectName, avg(avg_CounterValue))
      | project TimeGenerated, Computer, Processor, Memory

       

       

      I have removed bin(TimeGenerated, 1h) in the above query but then it would not worked. and added bin(TimeGenerated, 1h) by computer as well but no luck :)

       

      • Billy York's avatar
        Billy York
        Iron Contributor
        Sep 01, 2018

        If you removed bin(TimeGenerated, 1h) from that query, you would still need to remove the TimeGenerated after the project.

         

        try this

        Perf
        | where (ObjectName == "Memory" and CounterName == "% Committed Bytes In Use")
        or (ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total")
        and TimeGenerated < now(24h)
        | summarize avg(CounterValue) by Computer, ObjectName
        | evaluate pivot(ObjectName, avg(avg_CounterValue))
        | project Computer, Processor, Memory

Resources