kql sorting on date only sunday is specific all other days unknown
I think im doing something wrong only sunday is shown in the chart, All other days are unknown, I'm not a kql expert and don't seed what i'm doing wrong...
Hopefully someone can explain, so that I can learn something about it.
union isfuzzy=true
availabilityResults,
requests,
exceptions,
pageViews,
traces,
customEvents,
dependencies
| where * has "Login"
| extend DayOfWeek = dayofweek(timestamp)
| extend DayName = case(
DayOfWeek == 0, "Zondag",
DayOfWeek == 1, "Maandag",
DayOfWeek == 2, "Dinsdag",
DayOfWeek == 3, "Woensdag",
DayOfWeek == 4, "Donderdag",
DayOfWeek == 5, "Vrijdag",
DayOfWeek == 6, "Zaterdag",
"Onbekend"
)
| extend Day = format_datetime(timestamp, 'yyyy-MM-dd')
| summarize Login = count() by Day, DayName
| order by Day asc
| render columnchart kind=stacked
Solution
the function dayofweek returns a timespan since the last sunday, meaning for sunday you get a 0, but for all other dates, you get a timespan in days.
As you compare this timespan with == integer, the comparison fails and all other days are marked as "Onbekend".
To fix this, you can do a toint(DayOfWeek/1d), so your script should look like
union isfuzzy=true
availabilityResults,
requests,
exceptions,
pageViews,
traces,
customEvents,
dependencies
| where * has "Start" and * has "processing" and * has "PortalUserLoggedInEvent"
| extend DayOfWeek = toint(dayofweek(timestamp)/1d)
| extend DayName = case(
DayOfWeek == 0, "Zondag",
DayOfWeek == 1, "Maandag",
DayOfWeek == 2, "Dinsdag",
DayOfWeek == 3, "Woensdag",
DayOfWeek == 4, "Donderdag",
DayOfWeek == 5, "Vrijdag",
DayOfWeek == 6, "Zaterdag",
"Onbekend"
)
| extend Day = format_datetime(timestamp, 'yyyy-MM-dd')
| summarize Login = count() by Day, DayName
| order by Day asc
| render columnchart kind=stacked
See the official documentation for further details: https://learn.microsoft.com/en-us/kusto/query/day-of-week-function?view=microsoft-fabric#convert-timespan-to-integer
- kql sorting on date only sunday is specific all other days unknown
- How to preserve a GUID/Unique Id when passed as Dynamic param to a Kusto function
- How to ingest inline into Azure Data Explorer Table from PowerShell?
- How can I find a specific element in a dynamic array in KQL?
- Azure PowerShell script Add-Type "Kusto.Data.dll" give load exception for System.Runtime.dll
- Converting binary to decimal in Kusto
- Kusto kql remove repeating consecutives in a dynamic array
- Aggregate with make_list without flattening arrays
- How to find Windows version on Virtual Machines through Azure portal
- KQL query to list the secrets and keys in keyvault that are expired or going to expire in 7 days
- azure-kusto-data insert duplicated and corrupted data when some pattern '2_' in it
- ADX Kusto find most recent rows for multiple id tuples
- Logic Apps copy action gives: The managed identity used with this operation no longer exists. To continue, set up an identity or change the connection
- Ingesting data from external table into ADX
- Kusto shuffle strategy behavior with nested summarize/join
- Using Azure graph to query for newly created Azure resources
- Create a permanant table in Azure moniotr KQL enviorment
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- Compare multiple column value and return column name with max value
- trying to find out week of year in kql
- Azure Data Explorer - plot graph per user over time
- Parse array & json to right numbers of column
- Turning off Kusto database cache policy not reflecting in reduced cache as shown by .show cache command
- Kusto query to accumulate values in array
- Kusto command for generating create table & function script
- Get percent value from total sum row in pivot mode
- Using KQL and externaldata() operator to pull infromation from json file
- ADF Copy activity is making double column in adx as "infinity" for 1.7976931348623157E308 value
- Can I send data from Azure monitor / fabric to metabase
- KQL: how to exclude first and last incomplete bin?