Forum Discussion
Calculating rate of change in Log Analytics
CliveWatson you are a scholar and a gent. That would appear to do the trick. I'll adapt as necessary but thank you
CliveWatson Thanks for the reply. I have looked at that. It's not the number of new entries per minute I am trying to ascertain, but the change in the sum of all previous entries per minute, if that makes sense.
ie in the above query, you'll see system mode cpu usage for computer aks-agentpool-31816283-2 goes from 264552.21 to 264560.83 in the minute, so i want the difference between those 2 on an on-going basis. In fact, I actually want it for all modes but one step at a time.
How about?
Event
| where TimeGenerated > ago(1h)
| summarize count() by bin(TimeGenerated, 1m)
| sort by TimeGenerated asc
| extend accumulated =row_cumsum(count_)
Go to Log Analytics and Run Query
| TimeGenerated | count_ | accumulated |
|---|---|---|
| 2019-09-12T14:46:00Z | 343 | 343 |
| 2019-09-12T14:47:00Z | 57 | 400 |
| 2019-09-12T14:48:00Z | 49 | 449 |
| 2019-09-12T14:49:00Z | 488 | 937 |
| 2019-09-12T14:50:00Z | 321 | 1258 |
| 2019-09-12T14:51:00Z | 354 | 1612 |
| 2019-09-12T14:52:00Z | 378 | 1990 |
| 2019-09-12T14:53:00Z | 482 | 2472 |
| 2019-09-12T14:54:00Z | 344 | 2816 |
| 2019-09-12T14:55:00Z | 501 | 3317 |
CliveWatson you are a scholar and a gent. That would appear to do the trick. I'll adapt as necessary but thank you
- You can also use the next or prev functions to get the rate
https://docs.microsoft.com/en-us/azure/kusto/query/prevfunctionKetan GhelaniThanks very much for the reply. I'll take a look at that as well
