0

I'm looking into Azure Monitor queries for the first time, and can't understand why adding this line:

| where timestamp <= ago(1days)

makes the query results "de-aggregated."

Screenshots of the 2 separate queries/results:

Desired Output

Desired output

Undesired Output

Undesired output

Mark C.
  • 6,332
  • 4
  • 35
  • 71
  • Seams that there is no error in your query with where. can you please check if the output(you mean undesired output) is correctly group by type / problemId / innermostMessage? – Ivan Glasenberg Mar 18 '19 at 02:48

1 Answers1

2

The operator you should be using is timestamp >= ago(1d), which should pick the rows which have timestamp for last 24Hrs.

Below is the sample

requests
| where timestamp >= ago(1d)
| summarize C = count() by itemType

Output from Explorer with timestamp with in the query

Output from Explorer with timestamp with in the query

requests
| summarize C = count() by itemType

Output from Explorer with timestamp from Time Range

Output from Explorer with timestamp from Time Range

Documentation reference for using ago()

Hope this helps !

bharathn-msft
  • 877
  • 5
  • 10