什么是 Azure 数据资源管理器?What is Azure Data Explorer?

Azure 数据资源管理器是一项快速且高度可缩放的数据探索服务,适用于日志和遥测数据。Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. 它可以帮助你处理现代软件发出的许多数据流,以便收集、存储和分析数据。It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure 数据资源管理器非常适合用于分析来自任何数据源(例如网站、应用程序、IoT 设备等)的大量不同数据。Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more. 此数据用于诊断、监视、报告、机器学习和其他分析功能。This data is used for diagnostics, monitoring, reporting, machine learning, and additional analytics capabilities. Azure 数据资源管理器可以轻松地引入此数据,并使你能够在几秒钟内对数据进行复杂的即席查询。Azure Data Explorer makes it simple to ingest this data and enables you to do complex ad hoc queries on the data in seconds.

是什么让 Azure 数据资源管理器与众不同?What makes Azure Data Explorer unique?

  • 在几分钟内快速扩展到数 TB 的数据,可以快速迭代数据探索以发现相关见解。Scales quickly to terabytes of data, in minutes, allowing rapid iterations of data exploration to discover relevant insights.

  • 提供创新的查询语言,针对高性能数据分析进行了优化。Offers an innovative query language, optimized for high-performance data analytics.

  • 支持分析大量异类数据(结构化和非结构化)。Supports analysis of high volumes of heterogeneous data (structured and unstructured).

  • 通过与其他服务相结合,提供一个包罗万象、功能强大的交互式数据分析解决方案,让你能够生成和部署所需内容。Provides the ability to build and deploy exactly what you need by combining with other services to supply an encompassing, powerful, and interactive data analytics solution.

数据仓库工作流Data warehousing workflow

Azure 数据资源管理器与其他主要服务相集成,提供数据收集、引入、存储、索引、查询和可视化等端到端解决方案。Azure Data Explorer integrates with other major services to provide an end-to-end solution that includes data collection, ingestion, storage, indexing, querying, and visualization. 它通过对数 TB 的各种原始数据上执行流的“探索”步骤,在数据仓库流中发挥着关键作用 。It has a pivotal role in the data warehousing flow by executing the EXPLORE step of the flow on terabytes of diverse raw data.

数据仓库图

Azure 数据资源管理器支持多个引入方法,包括连接到常见服务(如事件中心)、使用 SDK 以编程方式引入(例如 .NET 和 Python),以及出于探索目的直接访问引擎。Azure Data Explorer supports several ingestion methods, including connectors to common services like Event Hub, programmatic ingestion using SDKs, such as .NET and Python, and direct access to the engine for exploration purposes. Azure 数据资源管理器与分析和建模服务集成,对数据进行其他分析和可视化操作。Azure Data Explorer integrates with analytics and modeling services for additional analysis and visualization of data.

Azure 数据资源管理器流Azure Data Explorer flow

下图显示了使用 Azure 数据资源管理器的不同方面。The following diagram shows the different aspects of working with Azure Data Explorer.

Azure 数据资源管理器流

Azure 数据资源管理器中的工作通常遵循以下模式:Work in Azure Data Explorer generally follows this pattern:

  1. 创建数据库:创建群集,然后在该群集中创建一个或多个数据库 。Create database: Create a cluster and then create one or more databases in that cluster. 快速入门:创建 Azure 数据资源管理器群集和数据库Quickstart: Create an Azure Data Explorer cluster and database

  2. 引入数据:将数据加载到数据库表,以便你可以对其运行查询。Ingest data: Load data into database tables so that you can run queries against it. 快速入门:将数据从事件中心引入到 Azure 数据资源管理器Quickstart: Ingest data from Event Hub into Azure Data Explorer

  3. 查询数据库:使用 Web 应用程序来运行、查看以及共享查询和结果。Query database: Use our web application to run, review, and share queries and results. 它可在 Azure 门户中使用,也可作为独立的应用程序使用。It's available in the Azure portal and as a stand-alone application. 可以通过编程方式(使用 SDK)发送查询,或向 REST API 终结点发送查询。You can also send queries programmatically (using an SDK) or to a REST API endpoint. 快速入门:在 Azure 数据资源管理器中查询数据Quickstart: Query data in Azure Data Explorer

查询体验Query experience

Azure 数据资源管理器中的查询是只读的请求,用于处理数据并返回此处理的结果,而无需修改数据或元数据。A query in Azure Data Explorer is a read-only request to process data and return the results of this processing, without modifying the data or metadata. 继续完善查询,直到完成分析。You continue refining your queries until you've completed your analysis. Azure 数据资源管理器因其快速的即席查询体验而使此过程变得简单。Azure Data Explorer makes this process easy because of its fast ad hoc query experience.

Azure 数据资源管理器同样可以处理大量的结构化、半结构化(类似于 JSON 的嵌套类型)和非结构化(自由文本)数据。Azure Data Explorer handles large amounts of structured, semi-structured (JSON-like nested types) and unstructured (free-text) data equally well. 这允许你搜索特定文本术语、查找特定事件,以及对结构化数据执行指标式的计算。It allows you to search for specific text terms, locate particular events, and perform metric-style calculations on structured data. Azure 数据资源管理器通过从自由格式文本字段中提取运行时中的值,来桥接非结构化文本日志和结构化数字以及维度。Azure Data Explorer bridges the worlds of unstructured text logs and structured numbers and dimensions by extracting values in runtime from free-form text fields. 通过将快速文本索引、列存储和时间序列操作相结合,简化了数据探索。Data exploration is simplified by combining fast text indexing, column store, and time series operations.

依托 Azure 数据资源管理器强大的查询语言,构建了一系列其他服务,包括 Azure Monitor 日志Application Insights时序见解以及 Windows Defender 高级威胁防护,从而进一步扩展了其功能。Azure Data Explorer capabilities are extended by other services built on its powerful query language, including Azure Monitor logs, Application Insights, Time Series Insights, and Windows Defender Advanced Threat Protection.

反馈Feedback

我们很乐意收到你关于 Azure 数据资源管理器及其查询语言的反馈:We would be thrilled to hear your feedback about Azure Data Explorer and its query language at:

后续步骤Next steps

快速入门:创建 Azure 数据资源管理器群集和数据库Quickstart: Create an Azure Data Explorer cluster and database

快速入门:将数据从事件中心引入到 Azure 数据资源管理器Quickstart: Ingest data from Event Hub into Azure Data Explorer

快速入门:在 Azure 数据资源管理器中查询数据Quickstart: Query data in Azure Data Explorer