cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Union operator return results out of sequence in Azure Log Analytics Query

Pravin Ohal
New Contributor

‎Jun 21 2018 11:19 PM - last edited on ‎Apr 07 2022 05:12 PM by

‎Jun 21 2018 11:19 PM - last edited on ‎Apr 07 2022 05:12 PM by

Union operator return results out of sequence in Azure Log Analytics Query

Hi,
 
     I'm working on the following query. The union will give me count of the message in out of sequence fashion always for e.g The expected behavior should be that it should return results as count of xyz message first, then abc and then pqr, but the results are always out of sequence. Please help me out on this just wan to know why is this happening and how to obtain result in the same order as the statements are executed. Thanks
 
union
(search in (traces) message : "xyz" and timestamp > ago(1d)
| summarize count()),
(search in (traces) message : "abc" and timestamp > ago(1d)
| summarize count()),
(search in (traces) message : "pqr" and timestamp > ago(1d)
| summarize count())
 
This should output(expected result)
cnt_
13
2
4
 
but the result is
4
13
2
 
This sequence will always change whenever I execute the query.
Labels:
3,868 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Jul 20 2018 02:52 AM

‎Jul 20 2018 02:52 AM

Solution

Re: Union operator return results out of sequence in Azure Log Analytics Query

Hi 

I think probably the easier solution for this is :

 

let result1 = search in (traces) message : "New Request Received" and timestamp > ago(1d)
| summarize count() | extend rank = 1;
let result2 = search in (traces) message : "Listing Customers" and timestamp > ago(1d)
| summarize count()| extend rank = 2;
let result3 = search in (traces) message : "pqr" and timestamp > ago(1d)
| summarize count()| extend rank = 3;
 result1 | union  result2, result3 | sort by rank asc

Seems like union does not care on the order of how you stitch results. Probably this is done due to performance reasons.

1 Like
Reply
Stanislav Zhelyazkov

‎Jul 20 2018 03:05 AM

‎Jul 20 2018 03:05 AM

Re: Union operator return results out of sequence in Azure Log Analytics Query

BTW it is good not to use search as this slows down queries. Query like this is better:

 

traces | where message has "xyz" and  timestamp > ago(1d) | summarize count()
1 Like
Reply