I have a list of events, each event has a type. I want to create a timechart that shows me the events by type per day but also the total number of events per day.
So for example if have
5/15 - Soccer
5/15 - Soccer
5/15 - Golf
5/16 - Golf
The chart I want needs to show on 5/15 a line for soccer at 2, a line for golf at 1, and a line for ALL at 3 (2+1)
The following query gives me the events by eventtype per day, how do I add the aggregate to it?
MyEvents
| summarize count() by bin(TIMESTAMP, 1d), EventType
| render timechart
you could try either of the following options, using the union operator:
MyEvents
| summarize count() by bin(TIMESTAMP, 1d), EventType
| union (
MyEvents
| summarize count() by bin(TIMESTAMP, 1d), EventType = "All"
)
| render timechart
MyEvents
| summarize count() by bin(TIMESTAMP, 10m), EventType
| as hint.materialized = true T
| union (
T
| summarize count_ = sum(count_) by TIMESTAMP, EventType = "All"
)
| render timechart