Forum Discussion
KQL Query to summerize session counts vertically
I'm trying to find a "good" way to achieve what I think is a simple task but cannot think of a simple solution.
I have logs with session information, one entry per session
StartTime(datetime), EndTime(datetime), Duration(in seconds), Computer(string)
I want to count how many sessions are active for each 5 minute interval and graph that. Keep in mind, the sessions will overlap. I included a graphic of what I'm trying to do. With the result below. The black boxes represent an entry with a starttime and an endtime.
Which should return:
Time + 5, 1
Time + 10, 3
Time + 15, 3
Time + 20, 2
I have found many similar examples but they all depend on the the thing I'm trying to bin, or group, to be a single point in time, but my problem is each entry has an active range, a start time and an end time per record.
2 Replies
- GarySteereCopper ContributorAre you still in search of an answer to this question?- Joe_LaneCopper ContributorI actually found a solution. I could link it?