Azure Monitor 日志查询中的有用运算符Useful operators in Azure Monitor log queries

下表提供了一些常用函数,可用于 Azure Monitor 日志查询中的不同方案。The table below provides some common functions to use for different scenarios in Azure Monitor log queries.

有用的运算符Useful operators

CategoryCategory 相关分析函数Relevant Analytics Function
所选内容和列别名Selection and Column aliases projectproject-awayextendproject, project-away, extend
临时表和常量Temporary tables and constants let scalar_alias_name = …;
let table_alias_name = … … … ;
比较运算符和字符串运算符Comparison and String Operators startswith!startswithhas!hasstartswith, !startswith, has, !has
contains!containscontainscscontains, !contains, containscs
hasprefix!hasprefixhassuffix!hassuffixin!inhasprefix, !hasprefix, hassuffix, !hassuffix, in, !in
matches regex
===~!=!~==, =~, !=, !~
常用字符串函数Common string functions strcat()replace()tolower()toupper()substring()strlen()strcat(), replace(), tolower(), toupper(), substring(), strlen()
常用数学函数Common math functions sqrt(), abs()sqrt(), abs()
exp()exp2()exp10()log()log2()log10()pow()exp(), exp2(), exp10(), log(), log2(), log10(), pow()
gamma(), gammaln()gamma(), gammaln()
分析文本Parsing text extract()extractjson()parsesplit()extract(), extractjson(), parse, split()
限制输出Limiting output takelimittopsampletake, limit, top, sample
日期函数Date functions now(), ago()now(), ago()
datetime()datepart()timespandatetime(), datepart(), timespan
startofday()startofweek()startofmonth()startofyear()startofday(), startofweek(), startofmonth(), startofyear()
endofday()endofweek()endofmonth()endofyear()endofday(), endofweek(), endofmonth(), endofyear()
dayofweek()dayofmonth()dayofyear()dayofweek(), dayofmonth(), dayofyear()
getmonth()getyear()weekofyear()monthofyear()getmonth(), getyear(), weekofyear(), monthofyear()
分组和聚合Grouping and aggregation summarize by
max()min()count()dcount()avg()sum()max(), min(), count(), dcount(), avg(), sum()
stddev()countif()dcountif()argmax()argmin()stddev(), countif(), dcountif(), argmax(), argmin()
percentiles(), percentile_array()percentiles(), percentile_array()
联接和联合Joins and Unions join kind=leftouterinnerrightouterfullouterleftantijoin kind=leftouter, inner, rightouter, fullouter, leftanti
union
排序、顺序Sort, order sort, ordersort, order
动态对象(JSON 和数组)Dynamic object (JSON and array) parsejson()
makeset(), makelist()makeset(), makelist()
split(), arraylength()split(), arraylength()
zip(), pack()zip(), pack()
逻辑运算符Logical operators andoriff(condition, value_t, value_f)and, or, iff(condition, value_t, value_f)
binary_and()binary_or()binary_not()binary_xor()binary_and(), binary_or(), binary_not(), binary_xor()
evaluate autoclusterbasketdiffpatternsextractcolumnsevaluate autocluster, basket, diffpatterns, extractcolumns

后续步骤Next steps