求 50分位值,90分位值,95分位值
* |
select
k, v from(
select map(array [0.5,0.9,0.95], p) as m from(
select approx_percentile(request_time, array [0.5,0.9,0.95]) as p from log
)
), unnest(m) as t(k, v)
参考:
https://help.aliyun.com/document_detail/63447.html?spm=5176.2020520112.0.0.301a34c0eq2BtK
https://help.aliyun.com/document_detail/63446.html?spm=5176.2020520112.0.0.301a34c0eq2BtK
https://help.aliyun.com/document_detail/84586.html?spm=5176.2020520112.0.0.301a34c0mlPQxz
网站请求时间(request_time)统计
* |
select time_series(__time__, '1h', '%H:%i:%s', '0') as stamp, avg(request_time) as rt, count(*) as num
from log group by stamp order by stamp LIMIT 10000
网站请求时间(request_time)两天对比
* |
select t, diff[1] as current, diff[2] as yestoday, diff[3] as percentage from(
select t, compare( rt , 86400) as diff from (
select avg(request_time) as rt, date_format(from_unixtime(__time__), '%H:%i') as t from log group by t
) group by t order by t
) LIMIT 10000
使用 regexp_extract 函数提取访问的 ip 地址
日志格式:
参考:https://help.aliyun.com/document_detail/63453.html?spm=5176.2020520112.0.dexternal.4aa734c0bqvqYk
_container_name_: xxx |
SELECT regexp_extract(message, '\[(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\]', 1) as ip,
COUNT(*) as cnt from log GROUP by ip ORDER by cnt
统计结果:
把查看 ip 属于哪个省份城市
_container_name_: gc-xxx |
select ip,ip_to_province(ip), ip_to_city(ip) from (
SELECT regexp_extract(message, '\[(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\]', 1) as ip from log GROUP by ip
)
结果:
日志记录合并
把两条日志记录合并起来显示,相同的值只显示一次,不同的值全部显示出来。
附件中红色框为不同的值,能合并成一条展示吗?相同的值只展示一次,不同的值就全部展示。
app_key:25955418 and message_id: "2924233330282496" | select
app_key, app_version, brand, client_ip, device_id, device_type,
event_channel, array_agg(event_time) as event_time, array_agg(event_type) as event_type, isp, last_active_time, message_id, network_type, os, os_version, owner_id, vendor_message_id
from log GROUP by device_id, app_key, app_version, brand, client_ip, device_type, event_channel, isp, last_active_time, message_id, network_type, os, os_version, owner_id, vendor_message_id limit 1000