jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 10:45:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Availability logging kql

Browse Source
This commit is contained in:
Jurjen Ladenius
2023-10-31 15:00:41 +01:00
parent 54d5dfee16
commit ceeee5a420
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,3 @@
{
"dotnet.defaultSolution": "disable"
}

54
KQL/shared_logs/availability logging.kql Normal file
View File

@@ -0,0 +1,54 @@
// Avg Timespan per Name
AppAvailabilityResults
| order by Name, TimeGenerated desc
| where TimeGenerated > ago(7d)
| extend TimeSince = TimeGenerated - next(TimeGenerated)
| extend NextName = next(Name)
| where isnotempty(TimeSince) and NextName == Name
| summarize avg(TimeSince) by Name
// timespan per name over time
AppAvailabilityResults
| order by Name, TimeGenerated desc
| extend TimeSince = TimeGenerated - next(TimeGenerated)
| extend NextName = next(Name)
| where isnotempty(TimeSince) and NextName == Name
| summarize avg(TimeSince) by bin(TimeGenerated, 10m), Name
| extend avg_millisecs = avg_TimeSince / time(1s)
| render timechart
// last recorded item
AppAvailabilityResults
| extend timeSince= now() - TimeGenerated
| summarize arg_max(TimeGenerated, *) by Name
| order by Name
// Alert?
let latestResults = AppAvailabilityResults
| extend timeSince= now() - TimeGenerated
| where TimeGenerated > ago(4h) and Success == true
| summarize arg_max(TimeGenerated, *) by Name
| order by Name;
let averageResults = AppAvailabilityResults
| order by Name, TimeGenerated desc
| where TimeGenerated > ago(7d)
| extend TimeSince = TimeGenerated - next(TimeGenerated)
| extend NextName = next(Name)
| where isnotempty(TimeSince) and NextName == Name
| summarize avg(TimeSince) by Name;
averageResults
| join kind=leftouter latestResults on Name
| where isnull(TimeGenerated) or TimeGenerated < datetime_add('minute', -10, now()) // allow for ingress
| project Name, TimeGenerated, AverageInterval=avg_TimeSince, LastSeenTimeSpan=timeSince
// performance
AppAvailabilityResults
| summarize avgRequestDuration=avg(DurationMs) by bin(TimeGenerated, 10m), Name
| render timechart