SQL - 仅返回匹配的第一行

Question

表dbo.AllApps记录所有已运行的可执行文件，它具有一个名为ApplicationHash的列，该列存储exe的哈希值。
因此，如果exe已经运行了10次，表中将有10个条目具有相同的信息但时间戳不同。
我想生成一个报告，它只会返回10行中的1行（包括所有列时间，名称，desc ...）和一个额外的列，它们将提供执行exe的次数。
有什么建议吗？

`/* !!!!!DEFINE START AND END DATE FOR REPORT HERE!!!!!*/ 
DECLARE @StartDate DATETIME = 2017-01-01 
DECLARE @EndDate DATETIME = 2017-01-02` 

`/* Checks if the temp table #PCount exist and deletes the table if it does */ 
IF OBJECT_ID('tempdb..#PCount') IS NOT NULL 
BEGIN 
DROP TABLE #PCount 
END` 

`/* Performs a COUNT on the ApplicationHash entries */ 
SELECT ApplicationHash, COUNT(ApplicationHash) AS ProcessCount 
INTO #PCount 
FROM dbo.AllApps 
WHERE 
TokenType = 'Elevated' 
AND ApplicationType != 'COM Class' 
AND ApplicationType != 'ActiveX Control' 
AND ProcessStartTime >= @StartDate 
AND ProcessStartTime < @EndDAte 
GROUP BY ApplicationHash` 

`/* Pulls up the actual report and inserts the count value for the ApplicationHash */ 
SELECT #PCount.ProcessCount, 
dbo.AllApps.ApplicationHash, 
dbo.AllApps.ProcessStartTime, 
dbo.AllApps.ApplicationType, 
dbo.AllApps.Description, 
dbo.AllApps.Publisher, 
dbo.AllApps.ProductName, 
dbo.AllApps.ProductVersion, 
dbo.AllApps.EventDescription, 
dbo.AllApps.CommandLine, 
dbo.AllApps.FileName 
FROM #PCount, dbo.AllApps 
WHERE dbo.AllApps.ApplicationHash = #PCount.ApplicationHash 
AND TokenType = 'Elevated' 
AND ApplicationType != 'COM Class' 
AND ApplicationType != 'ActiveX Control' 
AND ProcessStartTime >= @StartDate 
AND ProcessStartTime < @EndDate 
ORDER BY ProcessStartTime DESC` 

Answer 1

使用top with ties和row_number()可以获得最近的ProccessStartTime和count(*) over()的行为ProcessCount。

注意：此解决方案不需要临时表。如果两个查询的where标准不同，那么这将是一个不同的故事。

更新：如果不知道更多的关于数据类型和一个唯一的id的存在下，在此表中的行，我已经添加了一个case表达以包括ProcessStartTime到分区时ApplicationHash = <None>，否则一个常数（@StartDate） 。

declare @StartDate datetime = '20170101'; 
declare @EndDate datetime = '20170102'; 

select top 1 with ties 
    ProcessCount = count(*) over (
     partition by ApplicationHash 
     , case 
      when ApplicationHash = '<None>' 
      then ProcessStartTime 
      else @StartDate 
      end 
     order by ProcessStartTime desc 
    ) 
    , ApplicationHash 
    , ProcessStartTime 
    , ApplicationType 
    , Description 
    , Publisher 
    , ProductName 
    , ProductVersion 
    , EventDescription 
    , CommandLine 
    , FileName 
from dbo.AllApps aa 
where TokenType = 'Elevated' 
    and ApplicationType != 'com Class' 
    and ApplicationType != 'ActiveX Control' 
    and ProcessStartTime >= @StartDate 
    and ProcessStartTime < @EndDate 
order by row_number() over (
    partition by ApplicationHash 
    , case 
     when ApplicationHash = '<None>' 
     then ProcessStartTime 
     else @StartDate 
     end 
    order by ProcessStartTime desc 
) 

Answer 2

最简单的方法是使用一个CTE和ROW_NUMBER：

;with cte as 
(
SELECT ROW_NUMBER() OVER(PARTITION BY ApplicationHash ORDER BY ProcessStartTime) as rn, 
#PCount.ProcessCount, 
dbo.AllApps.ApplicationHash, 
dbo.AllApps.ProcessStartTime, 
dbo.AllApps.ApplicationType, 
dbo.AllApps.Description, 
dbo.AllApps.Publisher, 
dbo.AllApps.ProductName, 
dbo.AllApps.ProductVersion, 
dbo.AllApps.EventDescription, 
dbo.AllApps.CommandLine, 
dbo.AllApps.FileName 
FROM #PCount 
INNER JOIN dbo.AllApps ON dbo.AllApps.ApplicationHash = #PCount.ApplicationHash 
WHERE TokenType = 'Elevated' 
AND ApplicationType != 'COM Class' 
AND ApplicationType != 'ActiveX Control' 
AND ProcessStartTime >= @StartDate 
AND ProcessStartTime < @EndDate 
) 

SELECT ProcessCount, 
     ApplicationHash, 
     ProcessStartTime, 
     ApplicationType, 
     Description, 
     Publisher, 
     ProductName, 
     ProductVersion, 
     EventDescription, 
     CommandLine, 
     FileName 
FROM CTE 
WHERE rn = 1 

请注意，我已经改变了你的隐式连接到一个明确的加入。
阅读Aaron Bertrand的Bad habits to kick : using old-style JOINs找出原因。