azureloggingazure-data-exploreralerts
How to index a column in kusto query after pivot for azure log alerts
I have the following kusto queury working as a log query in Azure
traces
| where message contains "SWSE"
| extend d=parse_json(message)
| extend Info=tostring(d.message)
| where Info startswith "Borrow Token" or Info startswith "Return Token"
| extend tAction = tostring( split(Info,' ',0)[0])
| summarize count_=count() by tAction, timebox=bin(timestamp, 10m)
| evaluate pivot(tAction,sum(count_))
| extend diff = abs(Borrow-Return)
| where diff>2
resulting in
However, this line is marked as an error when it is imported into log alerts, not when it is run against the Azure logs.
| extend diff = abs(Borrow-Return)
with the error:
The request had some invalid properties
Is there another way to reference these columns?
Solution
the output schema of the pivot() plugin is not deterministic and depends on the input data - you may need to use column_ifexists() for cases in which the column you expect actually don't exist in the output schema.
for example:
| extend diff = abs(column_ifexists("Borrow", 0) - column_ifexists("Return", 0))
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday
- Diagnostic setting not included in Azure Portal ARM template export
- How do I read the original pdf file in set indexer datasource in a custom WebApiSkill after enabling "Allow Skillset to read file data"
- How do I store vectors generated by AzureOpenAIEmbeddingSkill in indexer given my current setup
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- Azure Function App - frequent hang and deadlocks
- Sign Tool for Azure Trusted Service Account Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
- How to convert the premium file share to premium block blob storage account or standard general purpose v2 storage account?
- How to generate an azure blob url with SAS signature in nodejs sdk v12?
- How to Assign Role to New User with Graph API
- Directory disappears from azure cloud shell (home)
- Application Insights Logging Exceptions as Trace
- Issue with Azure key vault and Azure storage account deployment
- AddDataProtection().PersistKeysToAzureBlobStorage().ProtectKeysWithAzureKeyVault() getting httpVerb Error while accessing the blob storage
- temporary_name_for_rotation must be specified when changing any of the following properties: pod_subnet_id
- Native Node.js Metrics in Application Insights
- Azure Key Vault Disabled public access, how to access it through the portal via internet
- Using Google.Cloud.BigQuery.V2 API in Azure Functions
- Azure Functions no job found (python)
- Azure Machine Learning - Online Endpoint Schedule/Cost management
- Is it possible to read File from same folder where Azure function exists
- Make WAF policy to only allow Azure Load Testing or Azure Services
- port 7071 is unavailable. Close the process using that port, or specify another port using --port [-p]
- Azure - RBAC to Management Group
- Why is AVD remove client's maximize to current display option grayed out?