sumazure-storageazure-blob-storageazure-log-analyticskql
How to use `sum` within `summarize` in a KQL query?
I'm working at logging an Azure Storage Account. Have a Diagnostic Setting applied and am using Log Analytics to write KQL queries.
My goal is to determine the number of GetBlob requests (OperationName) for a given fileSize (RequestBodySize).
The challenge is that I need to sum the RequestBodySize for all GetBlob operations on each file. I'm not sure how to nest sum in summarize.
Tried so far:
StorageBlobLogs
| where TimeGenerated >= ago(5h)
and AccountName == 'storageAccount'
and OperationName == 'GetBlob'
| summarize count() by Uri, fileSize = format_bytes(RequestBodySize)
| render scatterchart
Results in:
Also tried: fileSize = format_bytes(sum(RequestBodySize)) but this errored out.
Any ideas?
EDIT 1: Testing out @Yoni's solution.
- Here is an example of
RequestBodySizewith no summarization:
- When implementing the summarize query (
| summarize count() by Uri, fileSize = format_bytes(RequestBodySize)), the results are0 bytes. - Though its clear there are multiple calls for a given Uri, the sum doesn't seem to be working.
EDIT 2:
- And yeah... pays to verify the field names! There is no
RequestBodySizefield available, onlyResponseBodySize. Using the correct value worked (imagine that!).
Solution
I need to sum the
RequestBodySizefor allGetBloboperations on each file
If I understood your question correctly, you could try this:
StorageBlobLogs
| where TimeGenerated >= ago(5h)
and AccountName == 'storageAccount'
and OperationName == 'GetBlob'
| summarize count(), total_size = format_bytes(sum(RequestBodySize)) by Uri
Here's an example using a dummy data set:
datatable(Url:string, ResponseBodySize:long)
[
"https://something1", 33554432,
"https://something3", 12341234,
"https://something1", 33554432,
"https://something2", 12345678,
"https://something2", 98765432,
]
| summarize count(), total_size = format_bytes(sum(ResponseBodySize)) by Url
| Url | count_ | total_size |
|---|---|---|
| https://something1 | 2 | 64 MB |
| https://something3 | 1 | 12 MB |
| https://something2 | 2 | 106 MB |
- Laravel Sum of relation
- How can I select rows from a table where the sum of rows in a joined table is greater than a number?
- How to calculate infinite series (or partial sum) with NetLogo?
- COUNT where SUM condition using DQL
- Group an array of objects by one property and sum another property within each group
- Group rows of a 2d array by a column and sum individual columns within each group
- Sum of corresponding values from different arrays of the same size with Python
- SQL - Columns merge and grouping by column name while summation of the other column
- Excel Formula changes values after a day or so
- Better way of calculating sum of even ints
- Fill array with numbers adding up to a nominated total without exceeding item maximum
- Group a 2d array by year-month of a date column, add column of counts and create a subarray from a column of ids in each group
- aggregate sf spatial dataframe values
- Using a reference cell as part of a column in a google sheets query
- Sum across columns of the same name (or "key") in polars dataframe
- How to ignore values when using numpy.sum and numpy.mean in matrices
- Preceding rows sum and subtraction using SQL
- Total and Sum of two columns in a single query
- A PowerShell script to find the file size and file count of a folder with millions of files?
- Performing a query on a result from another query?
- Calculate sum of elements in an array within a function
- Is it possible to speed up a sum() in MySQL?
- How to sum pandas columns across the same record for columns which begins with the same word
- Sum up values in Lists of List
- How to convert duration of MM:SS to seconds in Google Sheets?
- Add total row to polars dataframe (to a subset of columns)
- Access Distinct and Sum Query
- How to SUM duration in Google Sheets?
- sum of digits of an integer
- Summing up filtered html columns takes to much time, how to speed it up?