Below query returns OperationID, EndToEnd and external Processing times. Is there any way to return only those operationID and their times whose message contains Module1.
Appreciate if anyone can help on this.
let x= datatable(timestamp:datetime,OperationID: string,Message: string)[
"2022-06-30 04:10:00.460" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","Work flow Started"
,"2022-06-30 04:12:00.091" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","External Work Flow1 Started"
,"2022-06-30 04:10:00.460" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","External Work Flow2 Started"
,"2022-06-30 04:10:00.460" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","Workflow in progress"
,"2022-06-30 04:10:00.460" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","Workflow in progress for Module1"
,"2022-06-30 04:14:10.791" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","External Work Flow1 Ended"
,"2022-06-30 04:15:10.460" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","External Work Flow2 Ended"
,"2022-06-30 04:20:04.343" ,"fbf759a0-d4be-4d07-adfb-7090a207e667","Work flow Ended"
];
let t1=x
|summarize EndtoEndTimings=round((max(timestamp) - min(timestamp)) / 1s) by OperationID;
let t2=x
|where Message contains "External Work Flow1 Started" or Message contains "External Work Flow1 Ended"
|summarize ExternalWorkflow1Timings=round((max(timestamp) - min(timestamp)) / 1s) by OperationID;
let t3=x
|where Message contains "External Work Flow2 Started" or Message contains "External Work Flow2 Ended"
|summarize ExternalWorkflow2Timings=round((max(timestamp) - min(timestamp)) / 1s) by OperationID;
let t4=t1
|join kind=inner t2 on OperationID;
t4
| join kind=inner t3 on OperationID
| project-away OperationID1,OperationID2
Query:
x
| where Message contains "Module1"
| project OperationID, timestamp
you can filter the rows whose message contains Module1 using where operator and contains operator only.
Check this fiddle.
Refer the MS document for more details on contains operator.