Home > Software design >  Group by elements in list in Azure monitor log
Group by elements in list in Azure monitor log

Time:10-10

I have log messages that log a list of IDs as a comma-separated string, and I want to find out whether any of the IDs are mentioned more than once in a particular log output (looking for duplicate operations).

So far I have been able to count by the whole comma-separated string, but I would like to do a count by each value of it.

traces 
| where operation_Name contains "MyOperation"
| where message contains "Trigger Details"
| extend messageIdArray = extract("MessageIdArray: (.*?), ", 1, message)
| extend messageIdList = split(messageIdArray, ",")
| summarize occurences=count() by <I want each element of messageIdList here>
| sort by occurences desc

Is there a way to achieve this?

CodePudding user response:

you could try expanding the array, then summarizing by its elements:

traces 
| where operation_Name has "MyOperation"
| where message has "Trigger Details"
| parse message with * "MessageIdArray: " messageIdArray
| extend messageIdList = split(messageIdArray, ",")
| mv-expand messageIdList to typeof(string)
| summarize occurrences=count() by messageIdList 
| sort by occurrences desc

Page link:https//www.codepudding.com/Softwaredesign/147118.html

Prev:Adding Life Cycle Management Rules for Blob Storage using Bicep Template Azure
Next:How to concat arguments to an existing Dockerfile CMD?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding