File: kusto_examples.md

package info (click to toggle)
azure-cli 2.83.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,346,000 kB
  • sloc: python: 1,930,197; sh: 1,344; makefile: 407; cs: 145; javascript: 74; sql: 37; xml: 21
file content (92 lines) | stat: -rw-r--r-- 2,801 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# Samples for kusto query

## Query for new schema
CLI telemetry has different schema after version 2.0.28

```
RawEventsAzCli
| where split(ProductVersion, '.')[0] == 'azurecli@2'
| where toint(split(ProductVersion, '.')[1]) > 0 or toint(split(ProductVersion, '.')[2]) > 28
| take 5
```

## Query for specific command
e.g. `az account show` command

```
RawEventsAzCli
| where EventTimestamp > ago(1h)
| where RawCommand == 'account show'
| take 10
```

## Query for specific command group
e.g. `az storage account` command group

```
RawEventsAzCli
| where EventTimestamp > ago(1h)
| where RawCommand startswith "storage account"
| take 10
```

## Query for specific command with specific CLI version
e.g. `az account show` command with CLI version `2.35.0`

```
RawEventsAzCli
| where EventTimestamp > ago(1h)
| where RawCommand == 'account show'
| where ProductVersion == 'azurecli@2.35.0'
| take 10
```

## Query for specific command with specific CLI extension version
e.g. `az connectedk8s connect` command with version `1.2.8` of extension `connectedk8s`

```
RawEventsAzCli
| where EventTimestamp > ago(1h)
| extend ExtensionName = tostring(Properties["context.default.azurecli.extensionname"])
| where RawCommand == 'connectedk8s connect'
| where ExtensionName == 'connectedk8s@1.2.8'
| take 10
```

## Count specific command calls by date
e.g. `az account show` usage by date

```
RawEventsAzCli
| where EventTimestamp > ago(7d)
| where RawCommand == 'account show'
| summarize cnt=count() by ts=bin(EventTimestamp, 1d)
| order by ts desc 
```

## Calculate success rate for specific command
e.g. `az group create` command

```
RawEventsAzCli
| where EventTimestamp > ago(7d)
| where RawCommand == 'group create'
| where EventName == 'azurecli/command'
| summarize count() by ActionResult
```
Note: `where EventName == 'azurecli/command'` is necessary because in some cases one record will have additional records whose `EventName` could be `azurecli/extension` or `azurecli/fault`. If you count these additional records, some calls might be calculated twice or more times.

## Query failure details for specific command
e.g. `az group create` command

```
RawEventsAzCli
| where EventTimestamp > ago(1d)
| where RawCommand == 'group create'
| where ActionResult != 'Success'
| extend  ErrorType = tostring(Properties['context.default.azurecli.error_type'])
| extend ExceptionName = tostring(Properties['context.default.azurecli.exception_name'])
| extend FaultDescription = tostring(Properties['reserved.datamodel.fault.description'])
| project EventName, RawCommand, Params, ActionResult, ErrorType, ExceptionName, FaultDescription, ResultSummary, ExceptionMessage, Properties
```
Notes: `ResultSummary` and `ExceptionMessage` might be suppressed to meet security & privacy requirements.