Azure Monitor 视图中的筛选器Filters in Azure Monitor views

Azure Monitor 视图中的 筛选器 使得用户可以在不修改视图本身的情况下,以特定属性的值筛选视图中的数据。A filter in an Azure Monitor view allows users to filter the data in the view by the value of a particular property without modifying the view itself. 例如,可以允许视图的用户在视图中筛选仅来自特定计算机或特定计算器组的数据。For example, you could allow users of your view to filter the view for data only from a particular computer or set of computers. 可以在单个视图上创建多个筛选器,以便用户按多个属性筛选数据。You can create multiple filters on a single view to allow users to filter by multiple properties. 本文介绍如何使用筛选器并添加一个筛选器到自定义视图。This article describes how to use a filter and add one to a custom view.

使用筛选器Using a filter

单击视图顶部的日期时间范围以打开下拉列表,可以在其中更改视图的日期时间范围。Click the date time range at the top of a view to open the drop down where you can change the date time range for the view.

Azure Monitor 中视图的“时间范围”下拉菜单的屏幕截图,其中显示了已选中“过去 7 天”单选按钮。

单击 + 以添加为视图定义的使用自定义筛选器的筛选器。Click the + to add a filter using custom filters that are defined for the view. 从下拉列表中为筛选器选择一个值或键入一个值。Either select a value for the filter from the dropdown or type in a value. 通过单击 + 来继续添加筛选器。Continue to add filters by clicking the +.

用于在 Azure Monitor 中添加自定义筛选器的对话框的屏幕截图。

如果移除筛选器的所有值,则将不再应用该筛选器。If you remove all of the values for a filter, then that filter will no longer be applied.

创建筛选器Creating a filter

编辑视图时,从“筛选器”选项卡创建筛选器。Create a filter from the Filters tab when editing a view. 筛选器适用于视图全局并应用于视图的所有部分。The filter is global for the view and applies to all parts in the view.

筛选器设置

下表描述了筛选器的设置。The following table describes the settings for a filter.

设置Setting 说明Description
字段名称Field Name 用于筛选的字段的名称。Name of the field used for filtering. 此字段必须与“查询值”中的汇总字段匹配。This field must match the summarize field in Query for Values.
查询值Query for Values 运行查询以填充用户的筛选器下拉列表。Query to run to populate filter dropdown for the user. 此查询必须使用 summarizedistinct 提供特定字段的唯一值,且它必须与“字段名称”匹配。This query must use either summarize or distinct to provide unique values for a particular field, and it must match the Field Name. 可以使用 sort 对显示给用户的值进行排序。You can use sort to sort the values that are displayed to the user.
标记Tag 在支持筛选器的查询中使用同时向用户显示的字段的名称。Name for the field that's used in queries supporting the filter and is also displayed to the user.

示例Examples

下表包括一些常用筛选器示例。The following table includes a few examples of common filters.

字段名称Field Name 查询值Query for Values 标记Tag
ComputerComputer Heartbeat | distinct Computer | sort by Computer ascHeartbeat | distinct Computer | sort by Computer asc 计算机Computers
EventLevelNameEventLevelName Event | distinct EventLevelNameEvent | distinct EventLevelName severitySeverity
SeverityLevelSeverityLevel Syslog | distinct SeverityLevelSyslog | distinct SeverityLevel severitySeverity
SvcChangeTypeSvcChangeType ConfigurationChange | distinct svcChangeTypeConfigurationChange | distinct svcChangeType ChangeTypeChangeType

修改视图查询Modify view queries

为使筛选器发挥作用,必须修改视图中的任何查询,以按选定制进行筛选。For a filter to have any effect, you must modify any queries in the view to filter on the selected values. 如果不修改视图中的任何查询,则用户选择的任何值都将不起作用。If you don't modify any queries in the view, then any values the user selects will have no effect.

在查询中使用筛选器值的语法是:The syntax for using a filter value in a query is:

where ${filter name}

例如,如果视图具有返回事件的查询并使用名为 Computers 的筛选器,则可以使用以下查询。For example, if your view has a query that returns events and uses a filter called Computers, you could use the following query.

Event | where ${Computers} | summarize count() by EventLevelName

如果添加另一个名为 Severity 的筛选器,则可以利用以下查询同时使用两个筛选器。If you added another filter called Severity, you could use the following query to use both filters.

Event | where ${Computers} | where ${Severity} | summarize count() by EventLevelName

后续步骤Next steps