Kusto - How does bin() summarize timestamp

4
votes

Learning Kusto and don't understand how bin() function groups timestamps:

StormEvents
| where StartTime > datetime(2007-02-14) and StartTime < datetime(2007-03-21)
| summarize event_count = count() by bin(StartTime, 7d)

Results are:

StartTime                           | event_count
**2007-02-12** 00:00:00.0000000     | 535
2007-02-19 00:00:00.0000000         | 1652
2007-02-26 00:00:00.0000000         | 1688
2007-03-05 00:00:00.0000000         | 442
2007-03-12 00:00:00.0000000         | 796
2007-03-19 00:00:00.0000000         | 54

Question: why are the results' first date starts from 2-12, rather than 2-14 as my code indicated?

Thank you in advance

2
azure-data-explorer

2 Answers

4
votes

When you write by bin(StartTime, 7d) all the results will be binned into buckets of 7 days, and the first bucket starts from 01/01/0001 (Jan 1st of the year 1).

2
votes

If you wish to control bin()'s starting point, you can use bin_at(): https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/binatfunction