A Fine Slice Of SQL Server
Robert Cain continues a series on KQL:
There are versions of these which are case sensitive. We’ll see a few here, focusing on the
containskeyword. In addition there are not versions, which will also be demonstrated.There is another operator we’ll discuss here,
in. It is a bit of an odd duck, in that it is case sensitive by default. We’ll see it and its variants later in this post.
Case sensitivity in search is a curse.
Comments closedJose Manuel Jurado Diaz tracks timeouts:
Today, I worked on a service request when our customer needs to know several details about the command timeout captured (attention event) and sent to Log Analytics from Azure Diagnostic settings. In this article I would like to share my findings.
Read on to see how you can use Log Analytics and a little bit of KQL to track timeouts.
Comments closedRobert Cain continues a series on KQL:
In my previous post, Fun With KQL – DCountIf, we saw how you could apply a filter to the data directly within the
dcountiffunction.You may have been thinking gosh, it sure would be nice if we could do that within the
countfunction! (Note, you can read more about count in my Fun With KQL – Count blog post.)Well fear not intrepid Kusto coder, there is just such a function to fit your needs:
countif.
As always, Robert has examples for us, so check those out.
Comments closedRobert Cain continues a series on KQL:
In the previous post of this series, Fun With KQL – DCount, we saw how to use the
dcountfunction to get an estimated count of rows for an incoming dataset.It’s common though to want to filter out certain rows from the count. While you could do the filtering before getting to the
dcount, there’s an alternative function that allows you to do the filtering right within it:dcountif.
Read on to learn more about how this function works, as well as several useful examples.
Comments closedRobert Cain continues a series on KQL:
In an earlier post in this series, Fun With KQL – Count, you saw how to use the
countoperator to count the number of rows in a dataset.Then we learned about another operator,
distinct, in the post Fun With KQL – Distinct. This showed how to get a list of distinct values from a table.While we could combine these, it would be logical to have a single command that returns a distinct count in one operation. As you may have guessed by the title of this post, such an operator exists:
dcount.
Read on to see how you can use dcount in queries, including how you can perform speed versus accuracy trade-offs.
Adi Eldar shows off multivariate anomaly detection in Azure Data Explorer:
Azure Data Explorer (ADX) is commonly used for monitoring cloud resources and IoT devices performance and health. This is done by continuous collection of multiple metrics emitted by these sources, and on-going analysis of the collected data to detect anomalies. The analysis is applied over time series of the relevant metrics in order to locate significant deviations of the metrics values relative to their typical normal baseline pattern.
Click through for a nice overview of the topic, including two different scenarios: one which emphasizes time series data and the other, which does not.
Comments closedChango Valtchev reminds us of Gantt charts:
This is the scenario: We have a job scheduler and a related job deployment manager, both implemented based on a state machines framework. One of the scheduler features is preemptable jobs: Jobs of that class can be suspended when a high-priority job needs to be scheduled and there is no available capacity. Effecting preemption requires some involved orchestration between the scheduler and the deployment manager, and we’ve had reliability issues in some cases – both due to incorrectly handled races and latency spikes in the cleanup of the suspended jobs from the cluster. Debugging such issues based on the raw logs has been very tedious – a typical log is 10-30K lines. This gets much worse with the number of dependencies. Given the concurrent processing of the suspensions, tracking the interactions with the new job’s deployment can be mentally taxing. The timeline visualization brought a breakthrough to our debugging ability and productivity. The following sample is a purposefully simplified case. In this scenario, things worked well. It shows the ‘Main’ job, at high priority, waiting on its dependencies to be suspended (while waiting, “Skipped schedule processing” is logged). Shortly after all the suspensions complete, the main job gets to Running state.
Read on to see the scenario in action.
Comments closedRobert Cain continues a series on KQL:
Often we want to get data that is relative to other data. For example, we want a list of computers that have free space that is greater than the free space of other computers. We need to set a threshold, for example we want to return results where the free space is greater than 95% of the free space on other computers.
To do this, Kusto provides the
percentileoperator, along with its variantspercentilesandpercentiles_array.
Read on to see how it works. I do like the way that KQL handles percentile operations.
Comments closedRobert Cain continues a series on learning KQL:
In the previous article, Fun With KQL – Make_Set and Make_List, we saw how to get a list of items and return them in a JSON array. In this article we’ll see how to break that JSON array into individual rows of data using the
mv-expandoperator.
Read on to learn more about mv-expand.
Robert Cain is making a list and checking it twice:
In previous posts, I’ve mentioned using certain functions and operators to investigate conditions in your system. Naturally you’ll need to create lists of those items, based on certain conditions.
For example, you may want to get a list of the counters associated with an object. Or, you may want to get a list of computer where a certain condition is met.
In this article we’ll see how to get those lists using the Kusto
make_setandmake_listfunctions.
Read on to see how these two functions work, as well as their conditional brethren.
Comments closed