Menu
I have clickstream data in Azure monitor logs in this format:
Category StepName Count_ Median_Duration(secs)
A step1 1200 00:00
A step2 1000 24:00
A step3 800 19:00
B step1 4000 00:00
B step2 3800 37:00
I need to pivot the table to get this:
Category Step1_Count Step1_Duration Step2_Count Step2_Duration Step3_Count ...
A 1200 00:00 1000 24:00 800 ...
B 4000 00:00 3800 37:00 0 ...
Right now I am only able to aggregate over one column using evaluate pivot(StepName, sum(Count_)) or evaluate pivot(StepName, sum(Median_Duration)). Is it possible to get the above format without using joins?
Note: Similar formats to the output table are fine, just need the aggregate of the count and duration.
535
asked Oct 24 '25 02:10
you could try something along the following lines:
datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
"A", "step1", 1200, time(00:00:00),
"A", "step2", 1000, time(00:00:24),
"A", "step3", 800, time(00:00:19),
"B", "step1", 4000, time(00:00:00),
"B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName
| project Category, p = pack(strcat(StepName, "_Count"), StepCount, strcat(StepName, "_Duration"), Duration)
| summarize b = make_bag(p) by Category
| evaluate bag_unpack(b)
or, if you're ok with a different output schema:
datatable(Category:string, StepName:string, Count_:long, Median_Duration:timespan)
[
"A", "step1", 1200, time(00:00:00),
"A", "step2", 1000, time(00:00:24),
"A", "step3", 800, time(00:00:19),
"B", "step1", 4000, time(00:00:00),
"B", "step2", 3800, time(00:00:37),
]
| summarize StepCount = sum(Count_), Duration = avg(Median_Duration) by Category, StepName
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
