SOLVED

How can I select distinct values in a column rather than distinc column ?

%3CLINGO-SUB%20id%3D%22lingo-sub-977051%22%20slang%3D%22en-US%22%3EHow%20can%20I%20select%20distinct%20values%20in%20a%20column%20rather%20than%20distinc%20column%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-977051%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20get%20the%20count%20of%20unique%20RoleInstance%20per%2010%20min%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMetricsLogs%3CBR%20%2F%3E%7C%20distinct%20RoleInstance%3CBR%20%2F%3E%7C%20summarize%20TimeGenerated%2C%20AggregatedValue%20%3D%20count(RoleInstance)%20by%20bin(TimeGenerated%2C%2010m)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20does%20not%20work%20with%20the%20following%20error%26nbsp%3B'summarize'%20operator%3A%20Failed%20to%20resolve%20scalar%20expression%20named%20'TimeGenerated'%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThen%2C%20I%20tried%20this%2C%20but%20it%20returns%20distinct%20rows.%3C%2FP%3E%3CP%3EMetricsLogs%3CBR%20%2F%3E%7C%20distinct%20RoleInstance%2C%26nbsp%3BTimeGenerated%3CBR%20%2F%3E%7C%20summarize%20TimeGenerated%2C%20AggregatedValue%20%3D%20count(RoleInstance)%20by%20bin(TimeGenerated%2C%2010m)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%2C%20I%20am%20sure%20it%20is%20easy%20to%20fix%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-977051%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-977449%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20I%20select%20distinct%20values%20in%20a%20column%20rather%20than%20distinc%20column%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-977449%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F439731%22%20target%3D%22_blank%22%3E%40Gamleur84%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHow%20about%2C%20either%20of%20these%3F%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EPerf%0A%7C%20where%20CounterName%20%3D%3D%22%25%20Used%20Space%22%0A%7C%20summarize%20AggregatedValue%20%3D%20count(CounterName)%20by%20bin(TimeGenerated%2C%2010m)%2C%20CounterName%0A%0A%2F%2F%20shows%20unique%20ConunterValues%20per%20CounterName%20%0A%2F%2F%20source%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2Fdcount-aggfunction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2Fdcount-aggfunction%3C%2FA%3E%0APerf%0A%7C%20where%20CounterName%20%3D%3D%22%25%20Used%20Space%22%0A%7C%20summarize%20AggregatedValue%20%3D%20dcount(CounterValue)%20by%20bin(TimeGenerated%2C%2010m)%2C%20CounterName%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-982092%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20I%20select%20distinct%20values%20in%20a%20column%20rather%20than%20distinc%20column%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-982092%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3BThanks%20Clive.%20I%20am%20not%20sure%20what%20is%20the%20most%20impressive.%20The%20fact%20that%20you%20understood%20my%20issue%20although%20my%20explanation%20was%20messy%2C%20incomplete%20and%20not%20well%20formatted%20or%20the%20accuracy%20of%20your%20answer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20answer%20you%20provided%20works%20well%20for%20my%20case%2C%20I%20am%20keen%20to%20understand%20the%20explanation.%20Shall%20I%20use%20distinct%20when%20looking%20for%20distinct%20rows%20rather%20than%20values%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20suspect%20the%20key%20is%20dcount()%2C%20i%20read%20about%20it%20but%20I%20was%20reluctant%20to%20use%20it%20because%20of%20this%3A%26nbsp%3B%26nbsp%3B%3CEM%3Ereturns%20an%20estimate%20for%20the%20number.%26nbsp%3BThe%20dcount()%20aggregation%20function%20is%20primarily%20useful%20for%20estimating%20the%20cardinality%20of%20huge%20sets.%20It%20trades%20performance%20for%20accuracy%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20case%2C%20the%20accuracy%20is%20important%2C%20but%20I%20am%20analyzing%20a%20small%20set...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi

 

I am trying to get the count of unique RoleInstance per 10 min

 

MetricsLogs
| distinct RoleInstance
| summarize TimeGenerated, AggregatedValue = count(RoleInstance) by bin(TimeGenerated, 10m)

 

It does not work with the following error 'summarize' operator: Failed to resolve scalar expression named 'TimeGenerated'

 

Then, I tried this, but it returns distinct rows.

MetricsLogs
| distinct RoleInstance, TimeGenerated
| summarize TimeGenerated, AggregatedValue = count(RoleInstance) by bin(TimeGenerated, 10m)

 

Sorry, I am sure it is easy to fix :(

2 Replies
Highlighted
Solution

@Gamleur84 

 

How about, either of these?

Perf
| where CounterName =="% Used Space"
| summarize AggregatedValue = count(CounterName) by bin(TimeGenerated, 10m), CounterName

// shows unique ConunterValues per CounterName 
// source: https://docs.microsoft.com/en-us/azure/kusto/query/dcount-aggfunction
Perf
| where CounterName =="% Used Space"
| summarize AggregatedValue = dcount(CounterValue) by bin(TimeGenerated, 10m), CounterName

 

Highlighted

@Clive Watson Thanks Clive. I am not sure what is the most impressive. The fact that you understood my issue although my explanation was messy, incomplete and not well formatted or the accuracy of your answer.

 

The answer you provided works well for my case, I am keen to understand the explanation. Shall I use distinct when looking for distinct rows rather than values ?

 

I suspect the key is dcount(), i read about it but I was reluctant to use it because of this:  returns an estimate for the number. The dcount() aggregation function is primarily useful for estimating the cardinality of huge sets. It trades performance for accuracy

 

In my case, the accuracy is important, but I am analyzing a small set...