How can I convert TimeGenerated to TimeIngested in this KQL query for an Azure Workbook?
I have been modifying an existing Azure Workbook for giving Windows server performance reports. It generally works, but TimeGenerated for Heartbeat is NOT accurate in Azure longterm. For instance, I brought down two test servers for a few hours, and once they came back online, Azure thought the heartbeats arrived every minute with the TimeGenerated column, making the chart inaccurate and displaying 100% uptime.
Now, I've been trying to get ingestion_time() into this query, because that IS accurate. There's a jump between the times the servers went down and up.
The problem is that merely replacing TimeGenerated with TimeIngested(after defining TimeIngested as a variable which is ingestion_time()) gives an empty query result and no errors.
I've been able to learn and solve problems in KQL because of very descriptive errors. But I have no idea why it doesn't like everything here, and I'm looking for at least a hint on how to make this visualization function using TimeIngested/ingestion_time().
Heartbeat
| where TimeGenerated > ago(60m)
| summarize count() by Computer, TimeGenerated, _ResourceId
| make-series HourTrend = count() on TimeGenerated from ago(1h) to now() step 1m by Computer, _ResourceId
| join kind=inner (
Heartbeat
| where TimeGenerated {TimeRange}
| summarize count() by Computer, TimeGenerated, _ResourceId
| make-series DailyTrend = count() on TimeGenerated from {TimeRange:start} to now() step 1d by Computer, _ResourceId
)
on _ResourceId
| join kind=inner (
Heartbeat
| where TimeGenerated {TimeRange}
| summarize heartbeatPerHour = count() by bin_at(TimeGenerated, 1h,{TimeRange:start}), Computer, _ResourceId
| extend availablePerHour = iff(heartbeatPerHour > 0, true, false)
| summarize totalAvailableHours = countif(availablePerHour == true) by Computer, _ResourceId
| extend availabilityRate = totalAvailableHours * 100.0 / (datetime_diff('hour',now(),{TimeRange:start}))
)
on _ResourceId
| sort by Computer asc
| project-away _ResourceId, Computer1, _ResourceId1, Computer2, _ResourceId2
Tried to get visualization from query with TimeIngested and received no errors or results.
The error is caused by the unexpected column name "$IngestionTime" after "summarize".
let TimeIngested = ingestion_time();
Heartbeat
| where TimeGenerated > ago(60m)
| summarize count() by Computer, TimeIngested, _ResourceId
| getschema
A quick fix is: by Computer, TimeIngested = TimeIngested, _ResourceId
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs