Stack Overflow
Stack Overflow

Questions tagged [azure-log-analytics]

Use for Azure Monitor Log Analytics questions (was: OMS)

Azure Monitor Log Analytics is a service in Azure that monitors your cloud and on-premises environments to maintain their availability and performance (used to be known as Operations Management Suite - OMS). It collects data generated by resources in your cloud and on-premises environments and from other monitoring tools to provide analysis across multiple sources. This article provides a brief discussion of the value that Log Analytics provides, an overview of how it operates, and links to more detailed content so you can dig further.

1047 questions
2
votes
2 answers

Is there a way to check if substring in field for Log Analytics?

I have a column full of Computers in Log Analytics. An example is, "window432, linus909, windows322, linux432". I am filtering my disk utilization but I also want to filter by the specific word "window" or "lin". Is that possible? I am using Kusto…
Colorful Codes
  • 577
  • 4
  • 16
2
votes
1 answer

Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription

Here is my Azure setup: subscription1: virtualmachine01 --> linked to log_analytics_workspace01 in subscription01 virtualmachine02 --> linke to log_analytics_workspace02 in subscription02 log_analytics_workspace01 …
autobot
  • 131
  • 1
  • 14
2
votes
1 answer

Get log data from LogAnalytics Workspace using Rest API

I am trying to fetch log data from Azure Log Analytics workspace with the queries that I have saved inside the workspace. I have started developing a Web API to fetch the results of the query and I registered this Web API to an Azure Active…
Sormita Chakraborty
  • 1,015
  • 2
  • 19
  • 36
2
votes
1 answer

Kusto - Grouping by week, Week-ending

I come up against this quite often and haven't figured it out yet. Take the below query. I am trying to group into 7 day buckets, however the first and last bucket are always less than 7 days. The middle buckets are whole weeks ( or 6.23 days…
Devin Gleason Lambert
  • 1,516
  • 1
  • 13
  • 22
2
votes
1 answer

How to get dropdown parameter with included "All" in where clause to work?

I'm using Application Insight Workbook to design graphs over IIS logs. I want to add a parameter where users can filter on Computer. This is all well and working. This dropdown allows multiple selections and looks like this: I want to include a…
smarty
  • 378
  • 3
  • 18
2
votes
1 answer

Azure Kubernetes Service (AKS) - Pod restart alert

I want to create an alert rule when a pod has restarted. i.e. if the pod restarts twice in a 30 min window I have the following log analytics query: KubePodInventory | where ServiceName == "xxxx" | project PodRestartCount, TimeGenerated,…
user2342643
  • 35
  • 2
  • 6
2
votes
1 answer

Using KQL to search on subnets

I want to search something for IP's coming from a specific set of subnets. Some query languages are smart enough to know a /24 is a subnet, but KQL is not. Is there an alternative to this? This is not what I'll be searching on, but for the sake of…
C. Lozach
  • 31
  • 1
  • 2
2
votes
1 answer

Passing colum as function parameter in Kusto Azure Log Analytics doesn't works

I want to calculate in Kusto (Azure Log Analytics), based on a date, the number of days without weekends in a month. This works (using now() as paremeter in the daysOfMonthNoWeekends function call): let daysOfMonthNoWeekends=(_event_date_t:datetime)…
dcalap
  • 1,048
  • 2
  • 13
  • 37
2
votes
1 answer

How to convert JSON to key value table in Kusto

I have a table that consists of one row and number of columns. One of the columns is named EventProperties which is a JSON of properties of this format: { "Success":true, "Counters":{ "Counter1":1, "Counter2":-1, …
mhabib
  • 35
  • 2
  • 6
2
votes
2 answers

How to send Azure costs and usage data to log analytics workspace or directly to azure metrics?

I need to build a dashboard which will visuallize the usage and cost of many azure subscriptions. accounts, departments. My plan was: Send the data that is 'behind' the Azure Cost Analysis view, to the log analytics workspace. In the log analytics…
Shahar Do
  • 29
  • 3
2
votes
1 answer

How to connect existing Automation Account and Log Analytics workspace in Azure?

I have one Log Analytics workspace "demo-law-sea" and one Automation Account "demo-aa-sea" in the same region of Azure. I want to create "Start/Stop VMs during off-hours". It requests a Log Analytics workspace and an Automation Account. I simply…
Huodong
  • 523
  • 8
  • 23
2
votes
1 answer

Setting date to local variable from data query - "No tabular expression statement found"

I am unable to set a scalar date value from a query to a local variable. I get the following error: SYNTAX ERROR No tabular expression statement found Query: let startTime = toscalar(customMetrics | where timestamp > ago(1d) | summarize…
Dave New
  • 38,496
  • 59
  • 215
  • 394
2
votes
1 answer

Using shared user-defined Kusto functions in Log Analytics

I have a number of queries in Log Analytics that share a few common parts that I have expressed in functions that I defined. There is a way to save them, but there is a problem invoking them from queries. Specifically, I can save and invoke a…
Dmitriy B
  • 21
  • 2
2
votes
2 answers

Azure Alert off of Log Analytics Table Schema

I am trying to trigger an alert when the columns in the AzureDiagnostic Table in Log Analytics is >400 since there is a 500 column limit to the table where records will start dropping. The issue is Alerts expects and AggregatedValue and a…
DreadedFrost
  • 2,602
  • 1
  • 11
  • 29
2
votes
1 answer

Azure log analytics with Serilog stopped logging (MVC Core)

I have a pretty simple MVC Core 2.2 application that is utilizing Serilog and serilog-sinks-azure-analytics (https://github.com/saleem-mirza/serilog-sinks-azure-analytics) to pipe application logs to an Azure log analytics workspace. The…
jamesamuir
  • 1,397
  • 3
  • 19
  • 41
1 2 3
69 70