是否可以在Kusto中​​使用bag_unpack来解析Azure LogAnalytics中的无边界JSON嵌套?

编程问答 2022-06-06

问题描述

使用以下查询调查Azure中的部署失败

AzureActivity
| where OperationNameValue endswith "XXXXXXXXXXX"
| where ActivityStatus in ("Failed")
| where CorrelationId == "XXXXXXXXXXXX"
| extend p = parse_json(Properties)
| project p
| evaluate bag_unpack(p)

我得到的结果(包含statusMessage列)具有很高的嵌套级别,最重要的消息(显然)位于最内层。

  "status": "Failed","error": {
    "code": "ResourceOperationFailure","message": "The resource operation completed with terminal provisioning state 'Failed'.","details": [
      {
        "code": "ApplianceDeploymentFailed","message": "The operation to create appliance Failed. Please check operations of deployment 'app' under resource group '/subscriptions/xxx/resourceGroups/yyy'. Error message: 'At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.'","details": [
          {
            "code": "Conflict","message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"DeploymentFailed\",\r\n \"message\": \"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\",\r\n \"details\": [\r\n {\r\n \"code\": \"Conflict\",\r\n \"message\": \"{\\r\\n \\\"status\\\": \\\"Failed\\\",\\r\\n \\\"error\\\": {\\r\\n \\\"code\\\": \\\"ResourceDeploymentFailure\\\",\\r\\n \\\"message\\\": \\\"The resource operation completed with terminal provisioning state 'Failed'.\\\",\\r\\n \\\"details\\\": [\\r\\n {\\r\\n \\\"code\\\": \\\"DeploymentFailed\\\",\\r\\n \\\"message\\\": \\\"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\\\",\\r\\n \\\"details\\\": [\\r\\n {\\r\\n \\\"code\\\": \\\"Conflict\\\",\\r\\n \\\"message\\\": \\\"{\\\\r\\\\n \\\\\\\"status\\\\\\\": \\\\\\\"Failed\\\\\\\",\\\\r\\\\n \\\\\\\"error\\\\\\\": {\\\\r\\\\n \\\\\\\"code\\\\\\\": \\\\\\\"ResourceDeploymentFailure\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\": \\\\\\\"The resource operation completed with terminal provisioning state 'Failed'.\\\\\\\",\\\\r\\\\n \\\\\\\"details\\\\\\\": [\\\\r\\\\n {\\\\r\\\\n \\\\\\\"code\\\\\\\": \\\\\\\"DeploymentFailed\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\": \\\\\\\"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\\\\\\\",\\\\r\\\\n \\\\\\\"details\\\\\\\": [\\\\r\\\\n {\\\\r\\\\n \\\\\\\"code\\\\\\\": \\\\\\\"Conflict\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\": \\\\\\\"{\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"status\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"Failed\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"error\\\\\\\\\\\\\\\": {\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"code\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"ResourceDeploymentFailure\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"The resource operation completed with terminal provisioning state 'Failed'.\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"details\\\\\\\\\\\\\\\": [\\\\\\\\r\\\\\\\\n {\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"code\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"OSProvisioningInternalError\\\\\\\\\\\\\\\",\\\\\\\\r\\\\\\\\n \\\\\\\\\\\\\\\"message\\\\\\\\\\\\\\\": \\\\\\\\\\\\\\\"OS Provisioning Failed for VM 'zzz' due to an internal error: [ProvisionError] cloud-init appears to be running,which is not expected,cannot continue.\\\\\\\\\\\\\\\"\\\\\\\\r\\\\\\\\n }\\\\\\\\r\\\\\\\\n ]\\\\\\\\r\\\\\\\\n }\\\\\\\\r\\\\\\\\n}\\\\\\\"\\\\r\\\\n }\\\\r\\\\n ]\\\\r\\\\n }\\\\r\\\\n ]\\\\r\\\\n }\\\\r\\\\n}\\\"\\r\\n }\\r\\n ]\\r\\n }\\r\\n ]\\r\\n }\\r\\n}\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}"
          }
        ]
      }
    ]
  }
}

我显然希望在一个级别上包含所有错误和详细信息,并且响应中没有字符串化的JSON。 bag_unpack()是执行此操作的合适工具吗?我可能缺少哪些设置? 还有其他功能可以帮助解决问题吗?

解决方法

由于嵌套错误的数量是无限的,所以最简单的方法是仅使用正则表达式使用extract_all()提取所有错误消息:

AzureActivity
| where OperationNameValue endswith "XXXXXXXXXXX"
| where ActivityStatus in ("Failed")
| where CorrelationId == "XXXXXXXXXXXX"
| extend Errors = extract_all('"message":"([^"]*)"',tostring(Properties))
azureazureazureazure-log-analyticskqlkustokusto-query-language

相关问答

Selenium Web驱动程序和Java元素在(x,y)点处不可单击其他元素将获得点击?
Selenium Web驱动程序和Java。元素在(x,y)点处不可单击。其...
Python-如何使用点“” 访问字典成员?
Python-如何使用点“。” 访问字典成员?
Java 字符串是不可变的到底是什么意思?
Java 字符串是不可变的。到底是什么意思?
Java中的“ final”关键字如何工作?我仍然可以修改对象
Java中的“ final”关键字如何工作?(我仍然可以修改对象。...
“loop:”在Java代码中这是什么,为什么要编译?
“loop:”在Java代码中。这是什么,为什么要编译?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbcDriver发生异常为什么?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbc...