英文:
Strange result querying Azure Sentinel Costs
问题
我正在为一些按使用付费的 Azure Sentinel 产品部署成本分析工具,但我发现我找到的查询似乎不反映实际情况。
我在 Microsoft 页面 这里 找到了一些查询,最终得出以下 KQL 查询:
let t1 = Usage
| where StartTime >= startofday(ago(2d)) and EndTime < endofday(ago(2d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 2d), Solution
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d1 = bin(sum(sumsenti), 0.01);
let t2 = Usage
| where StartTime >= startofday(ago(1d)) and EndTime < endofday(ago(1d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 1d), Solution
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d2 = bin(sum(sumsenti), 0.01);
union t1,t2
| summarize day1 = sum(d1), day2 = sum(d2)
其中这三行
| summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 2d), Solution
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
用于获取可计费数据量,并将其乘以 5.59。我需要将其乘以 5.59,因为这是 Azure 每 GB 的价值,正如 Microsoft 页面所述 这里。
此查询的输出与 Azure 成本分析工具显示的内容差异太大。
我对查询有相当好的理解,但出于某种原因,其输出显示最近两天的费用接近 3000 美元,而 Azure 成本分析工具表示 Sentinel 的最近几天只有 200 美元,这毫无道理,我不确定查询是否正确,或者查询是否寻找了一些成本分析没有的资源。
有没有人知道为什么在成本分析和查询中得到如此不同的价值的原因?
英文:
I am deploying a cost analysis tool for some Azure Sentinel Pay as you Go products, but the query I found doesn´t seem to reflect reality.
I found some queries on Microsoft page here
And ended with this KQL query:
let t1 = Usage
| where StartTime >= startofday(ago(2d)) and EndTime < endofday(ago(2d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 2d), Solution
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d1 = bin(sum(sumsenti), 0.01);
let t2 = Usage
| where StartTime >= startofday(ago(1d)) and EndTime < endofday(ago(1d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 1d), Solution
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d2 = bin(sum(sumsenti), 0.01);
union t1,t2
| summarize day1 = sum(d1), day2 = sum(d2)
Where this three lines
| summarize BillableDataGB = sum(Quantity) / 1000. by bin(StartTime, 2d), Solution
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
gets the amount of billable Data and multiply it by 5.59 I need to multiply it by 5.59 since its the value per GB for Azure, as Microsoft page says here
The output of this query and what I see on Azure cost analysis is too different
I understand the query pretty well, but for some reason its output shows near 3000$ for the last two days, while the Azure Cost Analysis tool says that the last days was only 200 for Sentinel, that makes no sense and I am not sure if the query is OK, or if the query seeks for some resources that Cost analysis doesn`t
Anyone have any idea of the reason I get so different values in cost analysis and in the query?
答案1
得分: 1
以下是您要翻译的部分:
在“bin”函数的查询语句中可能存在一个错误。以下是您可以遵循的正确查询:
let t1 = Usage
| where StartTime >= startofday(ago(2d)) and EndTime < endofday(ago(2d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by Solution, bin(StartTime, 2d)
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d1 = bin(sum(sumsenti), 0.01);
let t2 = Usage
| where StartTime >= startofday(ago(1d)) and EndTime < endofday(ago(1d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by Solution, bin(StartTime, 1d)
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d2 = bin(sum(sumsenti), 0.01);
union t1, t2
| summarize day1 = sum(d1), day2 = sum(d2)
可能导致输出成本不匹配的另一个原因是,成本分析工具的值与Microsoft Sentinel定价中显示的值之间可能存在差异。在估算成本时,使用最新的定价非常重要,因为Azure Sentinel的定价可能会更改。
正如这里显示的不同值。https://azure.microsoft.com/en-us/pricing/details/microsoft-sentinel/
请注意,代码部分已被排除在外,只翻译了文本部分。
英文:
It could be possible that there is one error in your query in the statement for “bin” Function. Below is the correct query which you can follow:
let t1 = Usage
| where StartTime >= startofday(ago(2d)) and EndTime < endofday(ago(2d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by Solution, bin(StartTime, 2d)
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d1 = bin(sum(sumsenti), 0.01);
let t2 = Usage
| where StartTime >= startofday(ago(1d)) and EndTime < endofday(ago(1d))
| where IsBillable == true
| summarize BillableDataGB = sum(Quantity) / 1000. by Solution, bin(StartTime, 1d)
| extend Solution = iif(Solution == "SecurityInsights", "AzureSentinel", Solution)
| project sumsenti = (BillableDataGB * 5.59)
| summarize d2 = bin(sum(sumsenti), 0.01);
union t1,t2
| summarize day1 = sum(d1), day2 = sum(d2)
Other reason which could be possible for mismatch of output cost. There might be difference between the Value of cost analysis tool and the value shown in Microsoft Sentinel pricing. It's critical to utilise the most recent pricing when estimating costs because Azure Sentinel's pricing is subject to change.
As here it shown different value. https://azure.microsoft.com/en-us/pricing/details/microsoft-sentinel/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论