Запросы для таблицы Perf

  • Статья

Действие, отличное от RDMA

Просмотр действий узла в кластере, не относящихся к RDMA.

//Select your log analytics workspace and replace enter nodename with the name of the node within a cluster on which you want to set the alert for Non-RDMA activity
Perf
| where ObjectName == "Network Interface"
| extend Nodename= tostring(split(Computer, ".")[0])
| where Nodename =~'enter nodename'
| summarize NetworkUsage = sum(CounterValue), Nodename = any(Nodename) by TimeGenerated
| summarize arg_max(TimeGenerated, Nodename, NetworkUsage)

Действие RDMA

Просмотр действий RDMA узла в кластере.

//Select log analytics workspace and replace enter nodename with the name of the node within a cluster on which you want to set the alert for RDMA activity
Perf
| where ObjectName == "RDMA Activity"
| extend Nodename= tostring(split(Computer, ".")[0])
| where Nodename =~'enter nodename'
| summarize RdmaUsage = sum(CounterValue), Nodename = any(Nodename) by TimeGenerated
| summarize arg_max(TimeGenerated, Nodename, RdmaUsage)

Какие данные собираются?

Перечисление собранных счетчиков производительности и типов объектов (процесс, память, процессор).

Perf
| summarize by ObjectName, CounterName

Использование памяти и ЦП

Диаграмма использования памяти и ЦП всех компьютеров за последний час.

Perf
| where TimeGenerated > ago(1h)
| where (CounterName == "% Processor Time" and InstanceName == "_Total") or CounterName == "% Used Memory"
| project TimeGenerated, CounterName, CounterValue
| summarize avg(CounterValue) by CounterName, bin(TimeGenerated, 1m)
| render timechart

Вычисление шаблонов использования ЦП на всех компьютерах с диаграммой по процентилям.

Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total"
| summarize percentiles(CounterValue, 50, 90, 99) by bin(TimeGenerated, 1h)
| render timechart

10 основных компьютеров с наибольшим объемом дискового пространства

Показать первые 10 компьютеров с наибольшим объемом доступного места на диске.

Perf
| where CounterName == "Free Megabytes" and InstanceName == "_Total"
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue

Какие данные собираются?

Перечисление собранных счетчиков производительности и типов объектов (процесс, память, процессор...)

Perf
| summarize by ObjectName, CounterName

Доступная память виртуальной машины

Диаграмма доступной памяти виртуальной машины с течением времени.

// To create an alert for this query, click '+ New alert rule'
Perf
| where ObjectName == "Memory" and
(CounterName == "Available MBytes Memory" or // the name used in Linux records
CounterName == "Available MBytes") // the name used in Windows records
|  summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes
| render timechart

Вычислите шаблоны использования ЦП за последний день, диаграмма по процентилям.

// To create an alert for this query, click '+ New alert rule'
Perf
| where CounterName == "% Processor Time"
| where ObjectName == "Processor"
| summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes
| render timechart
// Perf table stores performance counters for Windows and Linux computers
// Counters are specified using ObjectName (performance object), InstanceName and CounterName
// % Processor Time captures CPU activity, ObjectNames can be Processor, Process and Process Information

Свободное место на диске виртуальной машины

Отображение последнего отчета о свободном пространстве на каждом экземпляре.

// To create an alert for this query, click '+ New alert rule'
Perf
| where ObjectName == "LogicalDisk" or // the object name used in Windows records
ObjectName == "Logical Disk" // the object name used in Linux records
| where CounterName == "Free Megabytes"
| summarize arg_max(TimeGenerated, *) by InstanceName // arg_max over TimeGenerated returns the latest record
| project TimeGenerated, InstanceName, CounterValue, Computer, _ResourceId

10 основных Виртуальные машины по загрузке ЦП

Найдите 10 лучших виртуальных машин по загрузке ЦП за последние 7 дней.

Perf
| where TimeGenerated > ago(7d)
| where CounterName == "% Processor Time" and InstanceName == "_Total" 
| project TimeGenerated, Computer, ObjectName, CounterName, InstanceName, round(CounterValue, 2)
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue

10 % свободного места на нижнем диске

10 % свободного места на диске по компьютерам за последние 7 дней.

Perf
| where TimeGenerated > ago(7d)
| where (ObjectName == "Logical Disk" or ObjectName == "LogicalDisk") and CounterName contains "%" and InstanceName != "_Total" and InstanceName != "HarddiskVolume1"
| project TimeGenerated, Computer, ObjectName, CounterName, InstanceName, CounterValue 
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue desc

Ресурсы ЦП контейнера.

Просмотрите все показатели использования ЦП контейнера в среднем более 30 минут.

// To create an alert for this query, click '+ New alert rule'
//Select the Line chart display option: can we calculate percentage?
Perf
| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores"
| summarize AvgCPUUsageNanoCores = avg(CounterValue) by bin(TimeGenerated, 30m), InstanceName, _ResourceId

Память контейнера

Просмотр ЦП контейнера со средним интервалом в 30 минут.

// To create an alert for this query, click '+ New alert rule'
//Select the Line chart display option: can we calculate percentage?
let threshold = 75000000; // choose a threshold 
Perf
| where ObjectName == "K8SContainer" and CounterName == "memoryRssBytes"
| summarize AvgUsedRssMemoryBytes = avg(CounterValue) by bin(TimeGenerated, 30m), InstanceName, _ResourceId
| where AvgUsedRssMemoryBytes > threshold 
| render timechart

Экземпляры— средний рост загрузки ЦП по показателю на прошлой неделе

Показать средний рост ЦП по экземплярам за последнюю неделю по убыванию.

// To create an alert for this query, click '+ New alert rule'
//Show which instances grew CPU usage from last week to current
Perf
| where TimeGenerated > ago(7d) //This week Average CPU Usage Nano Cores
| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores"
| summarize ThisWeekAvgCPU = avg(CounterValue) by InstanceName, _ResourceId
| join kind= leftouter (
    //Previous week Average CPU Usage Nano Cores
    Perf
    | where TimeGenerated > ago(14d) and TimeGenerated <= ago(7d)
    | where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores"
    | summarize PrevWeekAvgCPU = avg(CounterValue) by InstanceName, _ResourceId
) on InstanceName, _ResourceId
| extend InstanceNameParts = split(InstanceName, "/")  //array of the parts of the instance name
| extend ShortInstanceName = InstanceNameParts[(array_length(InstanceNameParts)-1)] //extract the last part of the instance name
| extend ThisWeekAvgCPU = round(ThisWeekAvgCPU,0) 
| extend PrevWeekAvgCPU = round(iff(isempty(PrevWeekAvgCPU),0.0,PrevWeekAvgCPU),0) //When doing join with kind=leftouter, missing matches has empty value. To calculate growth, it should be converted to zero. In this case, empty value means that instance did not exist in the previous week
| extend AvgCPUGrowth = round(ThisWeekAvgCPU - PrevWeekAvgCPU , 0) //Calculate growth
| project-away InstanceName1,InstanceNameParts //Remove redundant fields
| order by AvgCPUGrowth desc

Поиск в производительности

Поиск в Perf для поиска определенного значения в таблице Perf./nПримечание, что этот запрос требует обновления <параметра SeachValue> для получения результатов

// This query requires a parameter to run. Enter value in SearchValue to find in table.
let SearchValue =  "<SearchValue>";//Please update term you would like to find in the table.
Perf
| where * contains tostring(SearchValue)
| take 1000