在查询中查看大字段 [英] View Big Fields in Query
问题描述
嗨!
我使用查询来分析Loganalytics中的事件并且如果信息确实是Hugh就会出现问题!
b $ b所以我必须扩展整个领域,看看里面是什么!
是否有可能有自动换行,在多行中显示该特定字段的信息?
非常感谢您
吉米
JimmyMahoni 您可以使用 mvexpand 运营商。
为了说明用法,我们假设你有一个如下所示的查询。
xxxxxxx | yyyy ==" yyyy" |其中zzzz ==" zzzz" |扩展aaaa = parsejson(tostring(BIGFIELDSCOLUMN))| mvexpand aaaa
。如果命名BIGFIELDSCOLUMN柱是具有大量的内容,就像这样如下所示在输出列中的一个
{"。bbbbbbbbbbbbbbbbbbbb" ;:" ccccccccccccccccccccc" ," ddddddddddddddddddd" ;:" eeeeeeeeeeeeeeeeeeeee"," fffffffffffffffffff" ;:" gggggggggggggggggggggg"然后如果你在查询中使用mvexpand运算符如上所示,那么你将有另一个名为aaaa的列,它会将那长输出内容扩展为某种东西如下所示
{" bbbbbbbbbbbbbbbbbbbb" ;:" ccccccccccccccccccccc"}。
{" ddddddddddddddddddd" ;:" eeeeeeeeeeeeeeeeeeeee"}
{" fffffffffffffffffff" ;:" gggggggggggggggggggggg"}
和注意,在上面的例子中,因为我们具有3键值对长输出内容因此在扩展之后我们将为实际的单行输出提供3行输出,即
希望这会有所帮助!!干杯!!
注意:如果您认为您的问题已被解答,请点击"标记为答案",如果只是帮助点击"投票为有用"。
这对阅读此论坛帖子的其他社区成员有益。
Hi!
I use queries to analyze Events in Loganalytics and have a Problem, if the Information is really Hugh!
So I have to expand the whole field, to see what is in it!
Is there a possibility to have a word wrap, which Displays the Information for that particular field in more than one row?
Thank you very much
Jimmy
Hi JimmyMahoni, You may use mvexpand operator.
To illustrate the usage, lets say you have a query something like shown below.
xxxxxxx| where yyyy == "yyyy"| where zzzz == "zzzz"| extend aaaa=parsejson(tostring(BIGFIELDSCOLUMN))| mvexpand aaaa
If column named BIGFIELDSCOLUMN is one of the column in the output which has lot of content as something like shown below.
{ "bbbbbbbbbbbbbbbbbbbb": "ccccccccccccccccccccc", "ddddddddddddddddddd": "eeeeeeeeeeeeeeeeeeeee", "fffffffffffffffffff": "gggggggggggggggggggggg" }
Then if you use mvexpand operator in your query as something like shown above then you would have another column named as aaaa which will expand that long content of output as something like shown below.
{"bbbbbbbbbbbbbbbbbbbb": "ccccccccccccccccccccc"}
{"ddddddddddddddddddd": "eeeeeeeeeeeeeeeeeeeee"}
{"fffffffffffffffffff": "gggggggggggggggggggggg"}
And note that in the above example as we have 3 key value pairs of long content of output so after expansion we would have 3 rows of output for the actual single row of output i.e.,Hope this helps!! Cheers!!
Note: If you think your question has been answered click "Mark as Answer", if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.
这篇关于在查询中查看大字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
