How can I convert TimeGenerated to TimeIngested in this KQL query for an Azure Workbook?
I have been modifying an existing Azure Workbook for giving Windows server performance reports. It generally works, but TimeGenerated for Heartbeat is NOT accurate in Azure longterm. For instance, I brought down two test servers for a few hours, and once they came back online, Azure thought the heartbeats arrived every minute with the TimeGenerated column, making the chart inaccurate and displaying 100% uptime.
Now, I've been trying to get ingestion_time() into this query, because that IS accurate. There's a jump between the times the servers went down and up.
The problem is that merely replacing TimeGenerated with TimeIngested(after defining TimeIngested as a variable which is ingestion_time()) gives an empty query result and no errors.
I've been able to learn and solve problems in KQL because of very descriptive errors. But I have no idea why it doesn't like everything here, and I'm looking for at least a hint on how to make this visualization function using TimeIngested/ingestion_time().
Heartbeat
| where TimeGenerated > ago(60m)
| summarize count() by Computer, TimeGenerated, _ResourceId
| make-series HourTrend = count() on TimeGenerated from ago(1h) to now() step 1m by Computer, _ResourceId
| join kind=inner (
Heartbeat
| where TimeGenerated {TimeRange}
| summarize count() by Computer, TimeGenerated, _ResourceId
| make-series DailyTrend = count() on TimeGenerated from {TimeRange:start} to now() step 1d by Computer, _ResourceId
)
on _ResourceId
| join kind=inner (
Heartbeat
| where TimeGenerated {TimeRange}
| summarize heartbeatPerHour = count() by bin_at(TimeGenerated, 1h,{TimeRange:start}), Computer, _ResourceId
| extend availablePerHour = iff(heartbeatPerHour > 0, true, false)
| summarize totalAvailableHours = countif(availablePerHour == true) by Computer, _ResourceId
| extend availabilityRate = totalAvailableHours * 100.0 / (datetime_diff('hour',now(),{TimeRange:start}))
)
on _ResourceId
| sort by Computer asc
| project-away _ResourceId, Computer1, _ResourceId1, Computer2, _ResourceId2
Tried to get visualization from query with TimeIngested and received no errors or results.
The error is caused by the unexpected column name "$IngestionTime" after "summarize".
let TimeIngested = ingestion_time();
Heartbeat
| where TimeGenerated > ago(60m)
| summarize count() by Computer, TimeIngested, _ResourceId
| getschema
A quick fix is: by Computer, TimeIngested = TimeIngested, _ResourceId
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database