Notitie
Voor toegang tot deze pagina is autorisatie vereist. U kunt proberen u aan te melden of de directory te wijzigen.
Voor toegang tot deze pagina is autorisatie vereist. U kunt proberen de mappen te wijzigen.
Zie de zelfstudie over Log Analytics voor meer informatie over het gebruik van deze query's in Azure Portal. Zie Query voor de REST API.
Beste Sprekers ophalen
Lijst de 10 Top Talkers tijdens een gedefinieerde tijdsperiode.
let startTime = ago(2h);
let endTime = ago(1h);
let num_toptalkers = 10; // Amount of top talker 5Tuples. Change this value to display a different number of items
let tuple = "5";
let ipfixData = ATCExpressRouteCircuitIpfix
| where FlowRecordTime >= startTime and FlowRecordTime <= endTime
| extend 3tuple = strcat("SrcIP:", SourceIp, " DestIP:", DestinationIp, " Protocol:", Protocol),
5tuple = strcat("SrcIP:", SourceIp, " SourcePort:", SourcePort, " DestIP:", DestinationIp, " DestPort:", DestinationPort, " Protocol:", Protocol),
TotalBytes = (NumberOfBytes + (14 * NumberOfPackets)) * 4096 // Calculation to determine amount of circuit bandwidth used. This adds the number of payload bytes to the number of header bytes, then multiplies by 4096, the sampling rate used by ERTC
| summarize hint.strategy=shuffle arg_max(FlowRecordTime, *) by 5tuple, TotalBytes, 3tuple, Flowsequence
| extend tuple = iff(tuple == "3", 3tuple, 5tuple);
let topTalkersBy3Tuple = ipfixData
| summarize sum(TotalBytes) by tuple
| order by sum_TotalBytes desc
| take num_toptalkers; // 10 top talkers
topTalkersBy3Tuple
| join kind=inner (
ipfixData
| summarize sum(TotalBytes) by bin(FlowRecordTime, 5m), tuple
) on $left.tuple == $right.tuple
| extend TotalBytes = sum_TotalBytes1
| project-away sum_TotalBytes, sum_TotalBytes1, tuple1
| render columnchart with(kind=unstacked)
Toptalkers verkrijgen per bron- en doelpoort
Lijst 10 TopTalkers op basis van bron- en doelpoort gedurende een gedefinieerde periode.
let startTime = ago(2h);
let endTime = ago(1h);
let num_toptalkers = 10;
let portType = "Source"; // Change to "Dest" for destination port based query
let data = ATCExpressRouteCircuitIpfix
| where FlowRecordTime >= startTime and FlowRecordTime <= endTime
| extend 5tuple = strcat("SrcIP:", SourceIp, " SourcePort:", SourcePort, " DestIP:", DestinationIp, " DestPort:", DestinationPort, " Protocol:", Protocol),
TotalBytes = (NumberOfBytes + (14 * NumberOfPackets)) * 4096 // Calculation to determine amount of circuit bandwidth used. This adds the number of payload bytes to the number of header bytes, then multiplies by 4096, the sampling rate used by ERTC
| summarize hint.strategy=shuffle arg_max(FlowRecordTime, *) by 5tuple, TotalBytes, SourcePort, DestinationPort, Flowsequence
| extend port = iff(portType == "Source", SourcePort, DestinationPort);
let topTalkers = data
| summarize sum(TotalBytes) by port // Find top talkers port
| order by sum_TotalBytes desc
| take num_toptalkers; // 10 top talkers
topTalkers
| join kind=inner (
data
| summarize sum(TotalBytes) by bin(FlowRecordTime, 5m), port
) on $left.port == $right.port
| extend TotalBytes = sum_TotalBytes1, Port = strcat("Port:", port1)
| project-away sum_TotalBytes, sum_TotalBytes1, port, port1
| render columnchart with(kind=unstacked)
Totale bandbreedtegebruik opvragen
Haal een rapport op van de totale bandbreedte die tijdens een opgegeven tijdsbereik wordt gebruikt.
let startTime = ago(2h);
let endTime = ago(1h);
ATCExpressRouteCircuitIpfix
| where FlowRecordTime >= startTime and FlowRecordTime <= endTime
| extend 5tuple = strcat("SrcIP:", SourceIp, " SourcePort:", SourcePort, " DestIP:", DestinationIp, " DestPort:", DestinationPort, " Protocol:", Protocol),
TotalBytes = (NumberOfBytes + (14 * NumberOfPackets)) * 4096
| summarize hint.strategy=shuffle arg_max(FlowRecordTime, *) by 5tuple, TotalBytes, Flowsequence
| summarize sum(TotalBytes) by bin(FlowRecordTime, 1m)
| extend TotalGB = toint(sum_TotalBytes / 1024 / 1024 / 1024) // Converting bytes to gigabytes
| project-away sum_TotalBytes
| render columnchart