hfleitas/iPhoneRaw.kql

## iPhoneRaw.kql
iphone_raw
| take 10

iphone_raw
| summarize count() by component, messageSource

iphone_raw
| where isempty(component)

iphone_raw
| summarize count() by bin(enqueuedTime,1d)

iphone_raw
| where enqueuedTime > ago(24m)
| summarize count() by bin(enqueuedTime,1s)
| summarize avg(count_)

iphone_raw
| project-away applicationId, enrichments, messageProperties, messageSource, templateId, schema
| where  component =='sensors'
| extend telemetry.barometer, telemetry.gyroscope, telemetry.accelerometer, telemetry.magnetometer, toint(telemetry.battery), telemetry.geolocation
| extend telemetry_geolocation.alt, telemetry_geolocation.lat, telemetry_geolocation.lon
| project-away telemetry
| where isnotempty(telemetry_geolocation_lon) and isnotempty(telemetry_geolocation_lat)
| where enqueuedTime >=ago(2m)
| project toreal(telemetry_geolocation_lon), toreal(telemetry_geolocation_lat)
//| getschema
| render scatterchart with (kind=map)


iphone_raw
| where enqueuedTime > ago(1h)
| where  component =='sensors'
| extend toint(telemetry.battery)
| summarize max(telemetry_battery) by enqueuedTime
//| getschema
| render areachart


cluster('help').database('Samples').StormEvents
| take 100
| project BeginLon, BeginLat
| getschema

| render scatterchart with (kind = map)


iphone_raw
| project-away applicationId, enrichments, messageProperties, messageSource, templateId, schema
| where  component =='sensors'
| take 2
| mv-expand telemetry
| extend telemetry[0], telemetry[1]
	iphone_raw
	\| take 10

	iphone_raw
	\| summarize count() by component, messageSource

	iphone_raw
	\| where isempty(component)

	iphone_raw
	\| summarize count() by bin(enqueuedTime,1d)

	iphone_raw
	\| where enqueuedTime > ago(24m)
	\| summarize count() by bin(enqueuedTime,1s)
	\| summarize avg(count_)

	iphone_raw
	\| project-away applicationId, enrichments, messageProperties, messageSource, templateId, schema
	\| where component =='sensors'
	\| extend telemetry.barometer, telemetry.gyroscope, telemetry.accelerometer, telemetry.magnetometer, toint(telemetry.battery), telemetry.geolocation
	\| extend telemetry_geolocation.alt, telemetry_geolocation.lat, telemetry_geolocation.lon
	\| project-away telemetry
	\| where isnotempty(telemetry_geolocation_lon) and isnotempty(telemetry_geolocation_lat)
	\| where enqueuedTime >=ago(2m)
	\| project toreal(telemetry_geolocation_lon), toreal(telemetry_geolocation_lat)
	//\| getschema
	\| render scatterchart with (kind=map)



	iphone_raw
	\| where enqueuedTime > ago(1h)
	\| where component =='sensors'
	\| extend toint(telemetry.battery)
	\| summarize max(telemetry_battery) by enqueuedTime
	//\| getschema
	\| render areachart





	cluster('help').database('Samples').StormEvents
	\| take 100
	\| project BeginLon, BeginLat
	\| getschema

	\| render scatterchart with (kind = map)


	iphone_raw
	\| project-away applicationId, enrichments, messageProperties, messageSource, templateId, schema
	\| where component =='sensors'
	\| take 2
	\| mv-expand telemetry
	\| extend telemetry[0], telemetry[1]