Forum Discussion
Solved
Calculating rate of change in Log Analytics
If I have a counter that increases over time and I want to display how much that counter is changing every minute, how would I do that. In PromQL I would use the rate function but is there a simple ...
CliveWatson you are a scholar and a gent. That would appear to do the trick. I'll adapt as necessary but thank you
How about?
Event
| where TimeGenerated > ago(1h)
| summarize count() by bin(TimeGenerated, 1m)
| sort by TimeGenerated asc
| extend accumulated =row_cumsum(count_)
Go to Log Analytics and Run Query
| TimeGenerated | count_ | accumulated |
|---|---|---|
| 2019-09-12T14:46:00Z | 343 | 343 |
| 2019-09-12T14:47:00Z | 57 | 400 |
| 2019-09-12T14:48:00Z | 49 | 449 |
| 2019-09-12T14:49:00Z | 488 | 937 |
| 2019-09-12T14:50:00Z | 321 | 1258 |
| 2019-09-12T14:51:00Z | 354 | 1612 |
| 2019-09-12T14:52:00Z | 378 | 1990 |
| 2019-09-12T14:53:00Z | 482 | 2472 |
| 2019-09-12T14:54:00Z | 344 | 2816 |
| 2019-09-12T14:55:00Z | 501 | 3317 |
CliveWatson you are a scholar and a gent. That would appear to do the trick. I'll adapt as necessary but thank you
- You can also use the next or prev functions to get the rate
https://docs.microsoft.com/en-us/azure/kusto/query/prevfunctionKetan GhelaniThanks very much for the reply. I'll take a look at that as well
