Kusto - Group by duration value to show numbers

411 Views Asked by Jeganaak At 05 April 2025 at 07:21

I use the below query to calculate the time diff between 2 events. But I am not sure how to group the duraions. I tried case function but it does not seem to work. Is there a way to group the duration . For example a pie or column chart to show number of items with durations more than 2 hours, more than 5 hours and more than 10 hours. Thanks

| where EventName in ('Handligrequest','Requestcomplete')
| summarize Time_diff = anyif(Timestamp,EventName == "SlackMessagePosted") - anyif(Timestamp,EventName == "ReceivedSlackMessage") by CorrelationId
| where isnotnull(Time_diff)
| extend Duration = format_timespan(Time_diff, 's')
| sort by Duration desc```

Original Q&A

There are 1 best solutions below

David דודו Markovitz On 19 April 2022 at 11:40 BEST ANSWER

// Generate data sample. Not part of the solution
let t = materialize (range i from 1 to 1000 step 1 | extend Time_diff  = 24h*rand());
// Solution Starts here
t
| summarize count() by time_diff_range = case(Time_diff >= 10h, "10h <= x", Time_diff >= 5h, "5h <= x < 10h", Time_diff >= 2h, "2h <= x < 5h", "x < 2h")
| render piechart

time_diff_range	count_
10h <= x	590
5h <= x < 10h	209
x < 2h	89
2h <= x < 5h	112

Fiddle

Kusto - Group by duration value to show numbers

There are 1 best solutions below

Related Questions in AZURE-DATA-EXPLORER

Related Questions in KQL

Related Questions in KUSTO-EXPLORER

Trending Questions

Popular # Hahtags

Popular Questions