Azure Log Analytics for Server Uptime

%3CLINGO-SUB%20id%3D%22lingo-sub-906519%22%20slang%3D%22en-US%22%3EAzure%20Log%20Analytics%20for%20Server%20Uptime%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-906519%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EHello%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3EBeen%20working%20on%20this%20Kusto%20query.%20Just%20was%20wondering%20how%20do%20I%20get%20a%20specific%20order%20of%20columns.%20I%20want%20Computer%20as%20first%20column%2C%20Availability%20as%20second%2C%20Total_Hours%20as%20third%2C%20and%20Available_Hours%20as%20fourth.%20It%20just%20jumbles%20the%20order%20on%20me%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Elet%20start_time%3Dstartofmonth(now())%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Elet%20end_time%3Dendofmonth(now())%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EHeartbeat%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20TimeGenerated%20%26gt%3B%20start_time%20%3C%2FSPAN%3E%3CSPAN%3Eand%3C%2FSPAN%3E%3CSPAN%3E%20TimeGenerated%20%26lt%3B%20end_time%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Esummarize%3C%2FSPAN%3E%3CSPAN%3E%20heartbeat_per_hour%3D%3C%2FSPAN%3E%3CSPAN%3Ecount%3C%2FSPAN%3E%3CSPAN%3E()%20%3C%2FSPAN%3E%3CSPAN%3Eby%3C%2FSPAN%3E%3CSPAN%3E%20bin_at(TimeGenerated%2C%20%3C%2FSPAN%3E%3CSPAN%3E1%3C%2FSPAN%3E%3CSPAN%3Eh%2C%20start_time)%2C%20Computer%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%20available_per_hour%3Diff(heartbeat_per_hour%26gt%3B%3C%2FSPAN%3E%3CSPAN%3E0%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%3Etrue%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%3Efalse%3C%2FSPAN%3E%3CSPAN%3E)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Esummarize%3C%2FSPAN%3E%3CSPAN%3E%20Available_Hours%3Dcountif(available_per_hour%3D%3D%3C%2FSPAN%3E%3CSPAN%3Etrue%3C%2FSPAN%3E%3CSPAN%3E)%20%3C%2FSPAN%3E%3CSPAN%3Eby%3C%2FSPAN%3E%3CSPAN%3E%20Computer%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%20Total_Hours%3Dround((end_time-start_time)%2F%3C%2FSPAN%3E%3CSPAN%3E1%3C%2FSPAN%3E%3CSPAN%3Eh)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Eextend%3C%2FSPAN%3E%3CSPAN%3E%20Availability%3DAvailable_Hours*%3C%2FSPAN%3E%3CSPAN%3E100%3C%2FSPAN%3E%3CSPAN%3E%2FTotal_Hours%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-906519%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-908167%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Log%20Analytics%20for%20Server%20Uptime%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908167%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297804%22%20target%3D%22_blank%22%3E%40tmitchel%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20add%20this%20as%20a%20last%20line%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2Fprojectreorderoperator%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Esource%3C%2FA%3E%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%7C%20project-reorder%20%20Availability%2C%20Total_Hours%2C%20Available_Hours%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3EHowever%20that%20will%20leave%20Computer%20as%20the%20final%20column%20(there%20seems%20to%20be%20an%20issue%20with%20Computer%20as%20it%20was%20used%20in%20the%20summarized%20command%20e.g.%20you%20can%20only%20reorder%20columns%20that%20don't%20follow%20a%20'by'%20operator)%3B%20I'll%20ask%20internally%20as%20this%20isn't%20working%20as%20i'd%20expect%20or%20I'm%20not%20understanding%20the%20usage.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fms.portal.azure.com%23%4072f988bf-86f1-41af-91ab-2d7cd011db47%2Fblade%2FMicrosoft_Azure_Monitoring_Logs%2FDemoLogsBlade%2FresourceId%2F%252FDemo%2Fsource%2FLogsBlade.AnalyticsShareLinkToQuery%2Fq%2FH4sIAAAAAAAAA22QzW6DMBCE70i8wx7tylGg15ZIVQ%25252FNA%25252BSOTFhkV8ZGy9I0VR%25252B%25252BJn8FkttKO%25252FPN7Dpk6FkTl2xbLE5jaNrg2QgfDkLKlzRxUYS%25252BPkvicCfYYrRVqDlNfuFgkBB2UfuBHkkz1rCZhID29WL9esOPgH5oW032B8FcuWWHVJowULEPg2choTpCZX2pWcxQCnKjJmFSwXtou4GRRjR%25252Bc0wC%25252FaWt05XDf65tGnEft8kUMA2ooNGuRzmv93bDbKO2P3ezjXiAL0bKqfWDOrvA2l0YFBm1ENd%25252FrCanrHMjJ65LunWWj8WiylOeZesJdrR1FD5xzyvCQDUSzABqWkItLxvtzraW4TlN%25252FgBgPnXWMwIAAA%25253D%25253D%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGo%20to%20Log%20Analytics%20and%20Run%20Query%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CDIV%3E%0A%3CTABLE%20cellspacing%3D%221%22%20cellpadding%3D%225%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTH%3EAvailability%3C%2FTH%3E%0A%3CTH%3ETotal_Hours%3C%2FTH%3E%0A%3CTH%3EAvailable_Hours%3C%2FTH%3E%0A%3CTH%3EComputer%3C%2FTH%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E33.60215053763441%3C%2FTD%3E%0A%3CTD%3E744%3C%2FTD%3E%0A%3CTD%3E250%3C%2FTD%3E%0A%3CTD%3EOn-Premise-16S%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E33.60215053763441%3C%2FTD%3E%0A%3CTD%3E744%3C%2FTD%3E%0A%3CTD%3E250%3C%2FTD%3E%0A%3CTD%3EOnPremise-12S%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-914900%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Log%20Analytics%20for%20Server%20Uptime%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-914900%22%20slang%3D%22en-US%22%3E%3CP%3E%40t%20does%20seems%20like%20this%20is%20actually%20to%20do%20with%20extended%20columns%2C%20I'm%20talking%20to%20the%20Product%20Group%20next%20week%20about%20this%2C%20and%20will%20keep%20you%20updated.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHow%20much%20of%20an%20issue%20is%20it%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297804%22%20target%3D%22_blank%22%3E%40tmitchel%3C%2FA%3E%26nbsp%3B%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Visitor
Hello,
Been working on this Kusto query. Just was wondering how do I get a specific order of columns. I want Computer as first column, Availability as second, Total_Hours as third, and Available_Hours as fourth. It just jumbles the order on me
 
let start_time=startofmonth(now());
let end_time=endofmonth(now());
Heartbeat
| where TimeGenerated > start_time and TimeGenerated < end_time
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, start_time), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize Available_Hours=countif(available_per_hour==true) by Computer
| extend Total_Hours=round((end_time-start_time)/1h)
| extend Availability=Available_Hours*100/Total_Hours
2 Replies
Highlighted

@tmitchel 

 

You can add this as a last line source

| project-reorder  Availability, Total_Hours, Available_Hours

However that will leave Computer as the final column (there seems to be an issue with Computer as it was used in the summarized command e.g. you can only reorder columns that don't follow a 'by' operator); I'll ask internally as this isn't working as i'd expect or I'm not understanding the usage. 

Go to Log Analytics and Run Query

Availability Total_Hours Available_Hours Computer
33.60215053763441 744 250 On-Premise-16S
33.60215053763441 744 250 OnPremise-12S
Highlighted

@t does seems like this is actually to do with extended columns, I'm talking to the Product Group next week about this, and will keep you updated. 

 

How much of an issue is it @tmitchel ?