In azure how to concatenate strings in a summarize statement?

Question

I have a statement where I try to concatenate logs (strings) together to a single string.

Something like this

ContainerLog
| where conditions
| summarize strcat(LogEntry)

However I cant figure out how to concatenate strings like this since strcat is not an aggregating function. I need something else but don't know what.

How can I do this?

For example if I have log entries "1","2","3" the final result should be "123"

score 8 · Answer 1 · edited Oct 28 '20 at 22:07

8

This allows a distinct combination in concrete.

requests
| where URL contains "prod"
| summarize count(), code=make_set(resultCode) by name
| sort by count_ desc

Reference: https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/summarizeoperator, https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/makeset-aggfunction

edited Oct 28 '20 at 22:07

francisco neto

797
1
5
13

answered Oct 28 '20 at 15:58

Nirav Gondaliya

81
1
3

To make this answer complete (I assume you wanted to have string as a result) you have to join at the end: ``` requests | where URL contains "prod" | summarize count(), code=make_set(resultCode) by name | extend code=strcat_array(code, ", ") | sort by count_ desc ``` – Max Jul 10 '21 at 22:01

In azure how to concatenate strings in a summarize statement?

1 Answers1