求 50分位值,90分位值,95分位值
* |
select
k, v from(
select map(array [0.5,0.9,0.95], p) as m from(
select approx_percentile(request_time, array [0.5,0.9,0.95]) as p from log
)
), unnest(m) as t(k, v)
參考:
https://help.aliyun.com/document_detail/63447.html?spm=5176.2020520112.0.0.301a34c0eq2BtK
https://help.aliyun.com/document_detail/63446.html?spm=5176.2020520112.0.0.301a34c0eq2BtK
https://help.aliyun.com/document_detail/84586.html?spm=5176.2020520112.0.0.301a34c0mlPQxz
網站請求時間(request_time)統計
* |
select time_series(__time__, '1h', '%H:%i:%s', '0') as stamp, avg(request_time) as rt, count(*) as num
from log group by stamp order by stamp LIMIT 10000
網站請求時間(request_time)兩天對比
* |
select t, diff[1] as current, diff[2] as yestoday, diff[3] as percentage from(
select t, compare( rt , 86400) as diff from (
select avg(request_time) as rt, date_format(from_unixtime(__time__), '%H:%i') as t from log group by t
) group by t order by t
) LIMIT 10000
使用 regexp_extract 函數提取訪問的 ip 地址
日志格式:
參考:https://help.aliyun.com/document_detail/63453.html?spm=5176.2020520112.0.dexternal.4aa734c0bqvqYk
_container_name_: xxx |
SELECT regexp_extract(message, '\[(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\]', 1) as ip,
COUNT(*) as cnt from log GROUP by ip ORDER by cnt
統計結果:
把查看 ip 屬於哪個省份城市
_container_name_: gc-xxx |
select ip,ip_to_province(ip), ip_to_city(ip) from (
SELECT regexp_extract(message, '\[(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\]', 1) as ip from log GROUP by ip
)
結果:
日志記錄合並
把兩條日志記錄合並起來顯示,相同的值只顯示一次,不同的值全部顯示出來。
附件中紅色框為不同的值,能合並成一條展示嗎?相同的值只展示一次,不同的值就全部展示。
app_key:25955418 and message_id: "2924233330282496" | select
app_key, app_version, brand, client_ip, device_id, device_type,
event_channel, array_agg(event_time) as event_time, array_agg(event_type) as event_type, isp, last_active_time, message_id, network_type, os, os_version, owner_id, vendor_message_id
from log GROUP by device_id, app_key, app_version, brand, client_ip, device_type, event_channel, isp, last_active_time, message_id, network_type, os, os_version, owner_id, vendor_message_id limit 1000