Kusto：将结果集中的每一行与另一个表进行比较

Posted 2023-02-19

技术标签:

【中文标题】Kusto：将结果集中的每一行与另一个表进行比较【英文标题】：Kusto: compare each row in a resultset with another table 【发布时间】：2021-10-26 02:04:55 【问题描述】：

我有两张桌子：事件表

及子类表：

我希望将 EventsTable 中的所有行标记为“dataflow”子类别，因为关键字：cpu、dataflow 和 cpupct 属于子类别 dataflow。

我正在寻找具有如下逻辑的查询：

let Subcategory = datatable(subcategory:string, keywords:dynamic )
[
    'saturacion', dynamic(["saturation","infrastructure"]),
    'slow disk',dynamic(["low","disk","space"]),
    'saturacion',dynamic(["using","win","use"]),
    'saturacion',dynamic(["used","win","utilization","percentage"]),
    'swap memory',dynamic(["swap","memory","usage"]),
    'disk full',dynamic(["disk","free","size","filesystemspace"]),
    'dataflow',dynamic(["cpu","dataflow","cpupct"])
];
let EventsTable = datatable(ID:string, category:string, words:dynamic )
[
    'mcsc1','cpu',dynamic(["swap","memory","usage"]),
    'mcsc2','cpu',dynamic(["disk","free","size","filesystemspace"]),
    'mcsc3','cpu',dynamic(["cpu","dataflow","cpupct"])
];
EventsTable
| mv-apply Subcategory on 
(
   extend subcat=iff(
    array_length(set_intersect(words, Subcategory.keywords)) == array_length(Subcategory.keywords),
    Subcategory.subcategory, 'none')
)

【问题讨论】：

【参考方案1】：

您可以尝试以下方法（尽管我不确定这是解决此问题的最佳方法）：

let Subcategory = datatable(subcategory:string, keywords:dynamic )
[
    'saturacion', dynamic(["saturation","infrastructure"]),
    'slow disk',dynamic(["low","disk","space"]),
    'saturacion',dynamic(["using","win","use"]),
    'saturacion',dynamic(["used","win","utilization","percentage"]),
    'swap memory',dynamic(["swap","memory","usage"]),
    'disk full',dynamic(["disk","free","size","filesystemspace"]),
    'dataflow',dynamic(["cpu","dataflow","cpupct"])
];
let EventsTable = datatable(ID:string, category:string, words:dynamic )
[
    'mcsc1','cpu',dynamic(["swap","memory","usage"]),
    'mcsc2','cpu',dynamic(["disk","free","size","filesystemspace"]),
    'mcsc3','cpu',dynamic(["cpu","dataflow","cpupct"])
];
EventsTable | extend Temp=1
| join kind=inner (Subcategory | extend Temp=1) on Temp
| extend subcat = iff(array_length(set_intersect(words, keywords)) == array_length(keywords), category, 'none')
| project-away Temp, Temp1

【讨论】：

哦！谢谢，比我想象的要容易

以上是关于Kusto：将结果集中的每一行与另一个表进行比较的主要内容，如果未能解决你的问题，请参考以下文章

kusto 如何编写子查询

请教各位，mysql中联结表操作是个啥原理？谢谢。

sqlite学习笔记2

SQL Server-交叉联接内部联接基础回顾

如何将当前行与另一行进行比较

根据另一个表spark sql计算每一行