Let 语句Let statement

• 08/06/2020
• • 
  • 

Let 语句将名称绑定到表达式。Let statements bind names to expressions. 对于作用域中出现了 let 语句的其余部分（全局作用域或在函数正文作用域中），可以使用名称来引用其绑定值。For the rest of the scope in which the let statement appears (global scope or in a function body scope), the name can be used to refer to its bound value. 如果该名称以前绑定到另一个值，则使用“innermost”let 语句绑定。If that name was previously bound to another value, the "innermost" let statement binding is used.

Let 语句改进了模块化和重用，因为它们允许将可能复杂的表达式分解为多个部分（每个部分都通过 let 语句绑定到一个名称），然后将它们组合在一起。Let statements improve modularity and reuse, as they allow one to break a potentially complex expression into multiple parts, each bound to a name through the let statement, and compose them together. 还可以使用它们创建用户定义的函数和视图（基于表的表达式，其结果看起来像新表）。They can also be used to create user-defined functions and views (expressions over tables whose results look like a new table).

Let 语句绑定的名称必须是有效的实体名称。Names bound by let statements must be valid entity names.

Let 语句绑定的表达式可以是：Expressions bound by let statements can be:

• 标量类型的Of scalar type
• 表格类型的Of tabular type
• 用户定义的函数 (lambda)User-defined functions (lambdas)

语法Syntax

let Name = ScalarExpression | TabularExpression | FunctionDefinitionExpressionlet Name = ScalarExpression | TabularExpression | FunctionDefinitionExpression

• 名称：要绑定的名称。Name: The name to bind. 该名称必须是有效的实体名称，并且实体名称转义（例如 ["Name with spaces"]）是允许的。The name must be a valid entity name, and entity name escaping (e.g., ["Name with spaces"]) is allowed.
• ScalarExpression：具有标量结果的表达式，其值将绑定到名称。ScalarExpression: An expression with a scalar result whose value will be bound to the name. 例如：let one=1;。For example: let one=1;.
• TabularExpression：具有表格结果的表达式，其值将绑定到名称。TabularExpression: An expression with a tabular result whose value will be bound to the name. 例如：Logs | where Timestamp > ago(1h)。For example: Logs | where Timestamp > ago(1h).
• FunctionDefinitionExpression：一个表达式，该表达式生成将绑定到名称的 lambda （匿名函数声明）。FunctionDefinitionExpression: An expression that yields a lambda (an anonymous function declaration) which is to be bound to the name. 例如：let f=(a:int, b:string) { strcat(b, ":", a) }。For example: let f=(a:int, b:string) { strcat(b, ":", a) }.

Lambda 表达式使用以下语法：Lambda expressions have the following syntax:

[view] ([TabularArguments][,][ScalarArguments]) { FunctionBody }[view] ([TabularArguments][,][ScalarArguments]) { FunctionBody }

TabularArguments - [TabularArgName : ([AtrName : AtrType] [, ... ])] [, ... ][,]TabularArguments - [TabularArgName : ([AtrName : AtrType] [, ... ])] [, ... ][,]

或者： - [TabularArgName : ( * )]or: - [TabularArgName : ( * )]

ScalarArguments - [ArgName : ArgType] [, ... ]ScalarArguments - [ArgName : ArgType] [, ... ]

• view 只能出现在无参数 lambda 中（没有任何参数），指示当“所有表”都是查询时（例如，使用 union * 时）将包括绑定名称。view may appear only in a parameterless lambda (one that has no arguments) and indicates that the bound name will be included when "all tables" are queries (for example, when using union *).
• TabularArguments 是正式表格表达式参数的列表。TabularArguments are the list of the formal tabular expression arguments. 每个参数都有：Each argument has:
  • TabularArgName - 正式表格参数的名称。TabularArgName - the name of the formal tabular argument. 该名称然后可以出现在 FunctionBody 中，并在调用 lambda 时绑定到特定值。The name then may appear in the FunctionBody and is bound to a particular value when the lambda is invoked.
  • 表架构定义 - 属性及其类型的列表（AtrName：AtrType）。Table schema definition - a list of attributes with their types (AtrName : AtrType). 在 lambda 调用中使用的表格表达式必须包含类型匹配的所有这些属性，但不限于它们。The tabular expression that is used in the lambda invocation must have all these attributes with the matching types, but is not limited to them. “(*)”可用作表格表达式。'(*)' can be used as the tabular expression. 在这种情况下，任何表格表达式都可以用在 lambda 调用中，但其列都不能在 lambda 表达式中访问。In this case any tabular expression can be used in the lambda invocation and none of its columns can be accessed in the lambda expression. 所有表格参数都应位于标量参数之前。All tabular arguments should appear before the scalar arguments.
• ScalarArguments 是正式标量参数的列表。ScalarArguments are the list of the formal scalar arguments. 每个参数都有：Each argument has:
  • ArgName - 正式标量参数的名称。ArgName - the name of the formal scalar argument. 该名称然后可以出现在 FunctionBody 中，并在调用 lambda 时绑定到特定值。The name then may appear in the FunctionBody and is bound to a particular value when the lambda is invoked.
  • ArgType - 正式标量参数的类型。ArgType - the type of the formal scalar argument. 目前仅支持使用以下类型作为 lambda 参数类型：bool、string、long、datetime、timespan、real 和 dynamic（以及这些类型的别名）。Currently only the following types are supported as a lambda argument type: bool, string, long, datetime, timespan, real, and dynamic (and aliases to these types).

多个嵌套的 let 语句Multiple and nested let statements

多个 let 语句可以一起使用，以 ; 作为分隔符，如以下示例所示。Multiple let statements can be used with ; delimiter between them as shown in the following example. 最后一个语句必须是有效的查询表达式：The last statement must be a valid query expression:

let start = ago(5h); 
let period = 2h; 
T | where Time > start and Time < start + period | ...

允许使用嵌套的 let 语句，并可将其用在 lambda 表达式中。Nested let statements are allowed and can be used inside a lambda expression. Let 语句和参数在函数正文的当前作用域和内部作用域中可见。Let statements and Arguments are visible in the current and inner scope of the Function body.

let start_time = ago(5h); 
let end_time = start_time + 2h; 
T | where Time > start_time and Time < end_time | ...

示例Examples

使用 let 来定义常量Using let to define constants

下面的示例将名称 x 绑定到标量文本 1，然后在表格表达式语句中使用它：The following example binds the name x to the scalar literal 1, and then uses it in a tabular expression statement:

let x = 1;
range y from x to x step x

同一个示例，但在本例中，将使用 ['name'] 表示法提供 let 语句的名称：Same example, but in this case - the name of the let statement is given using ['name'] notion:

let ['x'] = 1;
range y from x to x step x

将 let 用于标量值的另一个示例：Yet another example that uses let for scalar values:

let n = 10;  // number
let place = "Dallas";  // string
let cutoff = ago(62d); // datetime
Events 
| where timestamp > cutoff 
    and city == place 
| take n

使用多个 let 语句Using multiple let statements

下面的示例定义了两个 let 语句，其中一个语句 (foo2) 使用另一个语句 (foo1)。The following example defines two let statements where one statement (foo2) uses another (foo1).

let foo1 = (_start:long, _end:long, _step:long) { range x from _start to _end step _step};
let foo2 = (_step:long) { foo1(1, 100, _step)};
foo2(2) | count
// Result: 50

使用 materialize 函数Using materialize function

materialize 函数允许在执行查询时缓存子查询结果。materialize function allows caching sub-query results during the time of query execution.

let totalPagesPerDay = PageViews
| summarize by Page, Day = startofday(Timestamp)
| summarize count() by Day;
let materializedScope = PageViews
| summarize by Page, Day = startofday(Timestamp);
let cachedResult = materialize(materializedScope);
cachedResult
| project Page, Day1 = Day
| join kind = inner
(
    cachedResult
    | project Page, Day2 = Day
)
on Page
| where Day2 > Day1
| summarize count() by Day1, Day2
| join kind = inner
    totalPagesPerDay
on $left.Day1 == $right.Day
| project Day1, Day2, Percentage = count_*100.0/count_1