Cloud-20Engineering/KQL/shared_logs/availability logging.kql

// Avg Timespan per Name

AppAvailabilityResults 
| order by Name, TimeGenerated desc 
| where TimeGenerated > ago(7d) 
| extend TimeSince = TimeGenerated - next(TimeGenerated)
| extend NextName = next(Name)
| where isnotempty(TimeSince) and NextName == Name 
| summarize avg(TimeSince) by Name

// timespan per name over time

AppAvailabilityResults 
| order by Name, TimeGenerated desc 
| extend TimeSince = TimeGenerated - next(TimeGenerated)
| extend NextName = next(Name)
| where isnotempty(TimeSince) and NextName == Name 
| summarize avg(TimeSince) by bin(TimeGenerated, 10m),  Name
| extend avg_millisecs = avg_TimeSince / time(1s)
| render timechart  


// last recorded item

AppAvailabilityResults 
| extend timeSince= now() - TimeGenerated
| summarize arg_max(TimeGenerated, *) by Name
| order by Name


// Alert?

let latestResults = AppAvailabilityResults 
| extend timeSince= now() - TimeGenerated
| where TimeGenerated > ago(4h) and Success == true
| summarize arg_max(TimeGenerated, *) by Name
| order by Name;
let averageResults = AppAvailabilityResults 
| order by Name, TimeGenerated desc 
| where TimeGenerated > ago(7d) 
| extend TimeSince = TimeGenerated - next(TimeGenerated)
| extend NextName = next(Name)
| where isnotempty(TimeSince) and NextName == Name 
| summarize avg(TimeSince) by Name;
averageResults
| join kind=leftouter latestResults on Name
| where isnull(TimeGenerated) or TimeGenerated < datetime_add('minute', -10, now()) // allow for ingress
| project Name, TimeGenerated, AverageInterval=avg_TimeSince, LastSeenTimeSpan=timeSince

// performance

AppAvailabilityResults 
| summarize avgRequestDuration=avg(DurationMs) by bin(TimeGenerated, 10m), Name
| render timechart