Forum Discussion
Need Some enhancement in query
I get it now, for a single aggregated value, remove bin(TimeGenerated, 1h) and | render timechart
as the render timechart would be useless in this instance and only give you a single dot per computer.
So you'll need two separate queries for charting that uses the bin(TimeGenerated, 1h) and one without for the single aggregated value over whatever timespan you want. I hope that answers your question.
I get it now, for a single aggregated value, remove bin(TimeGenerated, 1h) and | render timechart
as the render timechart would be useless in this instance and only give you a single dot per computer.
So you'll need two separate queries for charting that uses the bin(TimeGenerated, 1h) and one without for the single aggregated value over whatever timespan you want. I hope that answers your question.
Hi Billy,
Thanks for the prompt answer got your point now.
Could be made the below query in same way:-
Perf
| where (ObjectName == "Memory" and CounterName == "% Committed Bytes In Use")
or (ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total")
and TimeGenerated < now(24h)
| summarize avg(CounterValue) by bin(TimeGenerated, 1h), Computer, ObjectName
| evaluate pivot(ObjectName, avg(avg_CounterValue))
| project TimeGenerated, Computer, Processor, Memory
I have removed bin(TimeGenerated, 1h) in the above query but then it would not worked. and added bin(TimeGenerated, 1h) by computer as well but no luck :)
If you removed bin(TimeGenerated, 1h) from that query, you would still need to remove the TimeGenerated after the project.
try this
Perf
| where (ObjectName == "Memory" and CounterName == "% Committed Bytes In Use")
or (ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total")
and TimeGenerated < now(24h)
| summarize avg(CounterValue) by Computer, ObjectName
| evaluate pivot(ObjectName, avg(avg_CounterValue))
| project Computer, Processor, Memory