Questions tagged [azure-log-analytics]
Use for Azure Monitor Log Analytics questions (was: OMS)
azure-log-analytics
1,133
questions
45
votes
4
answers
55k
views
Azure application insights or log analytics
What is the use case for Azure application insights or log analytics?
I am using APIM and Azure Functions and want to perform logging for requests. Which one is the best fit, application insights or ...
- 7,859
14
votes
2
answers
23k
views
How to query my Application Insights Logs (Analytics) from Kusto.Explorer?
Update July 13, 2021
The links used below are now partially obsolete. Here is the new section on language differences.
Original post
On Azure Portal, in my App Insights / Logs view, I can query the ...
- 3,376
11
votes
2
answers
4k
views
How many Log Analytics workspaces to use for multiple Application Insights instances?
We have multiple different apps, each deployed in multiple environments, each monitored by a separate Application Insight instance. For example 2 web applications, each deployed in dev, test, prod ...
- 123
11
votes
2
answers
9k
views
Azure log analytics timechart with multiple dimensions
In the Azure new log analytics query platform you can query for performance counters and summarize them to finally create a nice graph.
Following the multiple dimensions documentation example it says
...
- 2,868
10
votes
1
answer
27k
views
How do I write a Kusto query that uses a regex to filter on a where clause
In Azure Log Analytics I'm trying to use Kusto to query requests with a where condition that uses a regex. The query I'm trying is
requests
| where customDimensions.["API Name"] matches regex "\w*-v\...
- 1,381
9
votes
1
answer
5k
views
How to create comments in Azure Log Analytics
I'm trying to create comments in my Azure Log Analytics queries and I'm stumped. Part of my challenge I think is treating this system as if it were SQL, which it is clearly not. using "--" for ...
- 760
9
votes
0
answers
2k
views
Azure Gateway WAF - Diagnostics Issue
I'm trying to setup Azure WAF (v2) on my App Gateway (currently in detection mode first to handle false positive cases), however, I'm seeing this warning:
To view your detection logs, you must have ...
- 1,143
8
votes
3
answers
16k
views
Cost calculation of Azure Log analytics workspace
Is there any way to get the details how the cost of Azure Log analytics service is metered? How do I know why my analytics log service is so expensive? Do you have any tips? I just wish log the ...
- 83
8
votes
1
answer
13k
views
Kusto Query, selecting an interval of 5 minutes and calculate the average
I'm fairly new to the Kusto Query language so perhaps this is something very common, but I really can't find my answer. So here goes.
I've enabled performance gathering with Azure Log Analytics on ...
- 135
8
votes
1
answer
19k
views
How to transform a JSON array of objects to a Kusto table?
I have a JSON schema that I get from the server and I need to transform this JSON into a log analytics query language table and use that table to make a join with another table.
The JSON has the ...
user10691876
8
votes
2
answers
14k
views
Query multiple tables in Azure Log Analytics
I am looking at Azure log analytics for a web app, and I have multiple out-of-the-box "tables" containing data: traces, requests, exceptions, etc.
Can I construct a query that runs on data from ...
- 3,667
8
votes
1
answer
783
views
How to use OMS for Azure web app
I want to explore OMS (especially Service Map) for Azure webApps, but it shows following error, "In order to on-board a server to Service Map, the Microsoft Dependency Agent needs to be installed on a ...
- 3,113
8
votes
1
answer
7k
views
Why does Azure create the 'DefaultResourceGroup-WEU' resource group and the log analytics workspace within?
I am setting up the production environment/resource group for a project. Azure constantly creates a resource group called DefaultResourceGroup-WEU and places a DefaultWorkspace-bfcb05a5-938f-4336-9e3c-...
7
votes
2
answers
5k
views
Export ARM Template for Azure Log analytics Alerts created from Portal
I have created Azure Log Analytics (Monitor) Alert to monitor the Logic App Failures and I have done this using Azure portal.
I would like to know how can we export the Alert created from Azure Portal ...
- 772
7
votes
1
answer
7k
views
Azure Log Analytics query if property exists
I am trying to check if my customDimensions object has a property and then only count the queries that have the property set to something. It is counting queries that don't have the SupportedLanguage ...
- 370
7
votes
1
answer
3k
views
any way to find & change which Log Analytics workspace being used by Application Insights
Trying to find any way to change Log Analytics workspace being used by Application Insights. As of now, all the data being written to the default workspace from all the subscriptions(have more than 1 ...
- 83
7
votes
4
answers
19k
views
Convert UTC 'TimeGenerated' to local time in Azure monitor/log/analytics, when using "summarize by"
I have this simple query
MyLog
| summarize avg(executionTimeInMS_d) by bin(TimeGenerated, 5min)
I'd like the summary to be in my local time zone, not UTC. This does not work :
MyLog
| summarize ...
- 3,753
7
votes
1
answer
17k
views
How to parse json array in kusto query language
How to parse json array in kusto query language.
I have an output column which is having value in JSON array format as shown below. I Need to parse it to get values in form of two columns.
{"...
- 97
7
votes
1
answer
3k
views
Kusto Custom Sort Order?
How do I perform a custom sort order in Kusto?
Example query:
//==================================================//
// Assign variables
//==================================================//
let ...
- 1,788
7
votes
1
answer
2k
views
Add a row with total in Log Analytics Kusto query
I query a request log for a summary of status codes. However I would like to add a row at the end of the results, showing the total number of requests. How do I add such a row?
Current query (...
- 158
6
votes
1
answer
12k
views
Kusto\KQL - Render timechart for simple count value
I have a kql-query which calculates number of uploaded BLOBS in Azure storage since last 24 hours.
The query blow returns a number as expected when run in Azure log analytics.
StorageBlobLogs
| where ...
- 206
6
votes
1
answer
3k
views
What's the difference between transfer-response and forward-request errors in API management?
A large number requests over our Azure API Management result in the ClientConnectionFailure exception.
By querying the logs I see two variants of the error:
exceptions
| where cloud_RoleName == "......
- 63
6
votes
2
answers
24k
views
KQL group by with same result as the drag and drop group feature
When using the Monitor, Log feature in Azure Portal you can group rows by dragging and dropping a column header into a certain box, the problem is that this is not saved when pressing the save button. ...
6
votes
1
answer
2k
views
Show Kusto query plan like EXPLAIN
I find myself using the Kusto query language (KQL) via Azure Log Analytics, and I'm struggling to find a way to get any sort of detailed execution report or query plan.
In PostgreSQL I'd use EXPLAIN ...
- 315k
6
votes
2
answers
4k
views
How to do percentiles on custom metrics in Azure AppInsights?
I've used Prometheus to store performance metrics and query the results as percentiles (ex. 95th percentile response timing). I used prometheus-net to emit them.
What is the equivalent in Azure ...
- 398
5
votes
1
answer
1k
views
How to make an Application Insights kusto query sort correctly on performanceBucket?
Is there a way to make an Application Insights kusto query sort on performanceBucket 'correctly', i.e. on bucket duration? When I summarize or sort using performanceBucket and don't specify a sort I ...
- 41.1k
5
votes
1
answer
2k
views
Should Azure Log Analytics and Application Insights be used per app or per environment?
We have a Azure based system which is growing in complexity, and we need to monitor chains of events and ensure they arrive where we expect them to arrive.
We have a on-prem Java application, which ...
- 2,043
5
votes
3
answers
3k
views
Method to put alerts on long running azure data factory pipeline
I have some data factory pipelines which may sometimes run beyond 2 hours when copying data from blob into SQL. The time period is variable, but I'd like to be notified/alerted when any pipeline runs ...
- 17.1k
5
votes
2
answers
1k
views
Access dashboard's time range and granularity from KQL
I've added a chart using KQL and logs from Azure Log Analytics to a dashboard. I'm using make-series which works great but the catch is the following:
The logs I'm getting might not extend to the ...
- 1,889
5
votes
1
answer
1k
views
Unable to authorize Azure LogAnalytics Workspace
I am trying to connect to my workspace in the Azure Portal. I am getting the error as
Operation returned an invalid status code 'Unauthorized'.
The creds object has fetched the Authentication ...
- 124
5
votes
1
answer
411
views
OMS Logical disk performance counters not existing disk instancename
We use Azure OMS to monitor many of our on premise servers.
When using the LogicalDisk(*)\% Free Space performance counter there are some non existing instanceNames for example HarddiskVolume170, ...
- 170
4
votes
2
answers
5k
views
Check if a table exists in Kusto language?
Is there a way to programmatically check if a table is existent in log analytics using the kusto language?
For example, let's suppose I want to check if a workspace contains the VMConnection table ...
- 974
4
votes
2
answers
12k
views
How to write a Kusto query to select only the rows that have unique values in one field
Having this input:
let t1 = datatable(id:string, col1:string, col2:string)
[
'1', 'col1_1', 'col2_1',
'2', 'col1_2', 'col2_2',
'3', 'col1_3', 'col2_3',
'4', 'col1_4', 'col2_4',
'1'...
- 1,095
4
votes
1
answer
17k
views
How to get sum() by Column by Date in Kusto
I want to have a report with a metrics of sum by count by some column by date in LogAnalytics.
So far I could use -
Perf
| summarize sum(CounterValue) by TimeGenerated, Computer
which gives me ...
- 5,662
4
votes
1
answer
5k
views
In azure how to concatenate strings in a summarize statement?
I have a statement where I try to concatenate logs (strings) together to a single string.
Something like this
ContainerLog
| where conditions
| summarize strcat(LogEntry)
However I cant figure out ...
- 1,891
4
votes
1
answer
6k
views
How to write a Kusto query to find two consecutive rows that have the same value in a field
I need to write a Kusto query for Azure Log Analysis that finds consecutive events that have the same value in a field (same error code). We basically need to find if the requests fail twice in a row. ...
- 1,095
4
votes
1
answer
2k
views
Azure Log Analytics switch statement / pattern matching
I'm trying to process my Application Insights data using Application Insights Analytics and Log Analytics Query Language. What I'd like to have is something like switch statement in C# or pattern ...
- 49.3k
4
votes
2
answers
2k
views
Show a value only in a dashboard in azure?
I have following query:
AppMetrics | where Name=="ReportImported"| summarize Value=count()
I would like to show the value in a dashboard, and it looks like this:
Is there anyway to only ...
- 4,877
4
votes
2
answers
1k
views
logs not appearing in Application Insights for Azure Functions v4 with .NET 8
I have functions being called, and I do logging as such:
_logger.LogInformation(...);
These do show in the live Log Stream on the portal.
However, when querying the logs in Application Insights (...
- 539
4
votes
1
answer
3k
views
Stop ingesting AppDependencies data into Log Analytics Workspace
I have an application that ingests lot of data into Log Analytics Workspace in Azure. I tried to run below Kusto query to figure out which piece is generating and ingesting more data in Log Analytics ...
- 169
4
votes
1
answer
1k
views
Reference external data source from AI/Kusto query?
tl;dr: I want to reference an external data source from a Kusto query in Application Insights.
My application is writing logs to Application Insights, and we're querying it using Kusto in the Azure ...
- 108
4
votes
2
answers
7k
views
How to set color for Columnchart in Azure Data Explorer
I want to render specific requests from my Application Insights as a columnchart using Log Analytics query language:
My Query:
requests
| where operation_Name == "MyOperationName"
| render ...
- 3,953
4
votes
1
answer
10k
views
Difference between Microsoft Monitoring Agent (MMA) and OMS Agent
There are two types of monitoring agents used for Azure virtual machine: Microsoft Monitoring Agent (MMA) and Operation Management Suite (OMS). These can be used to connect to Azure Log Analytics ...
- 1,805
4
votes
3
answers
2k
views
Creating Azure Monitor Log Search Alert Rules via Powershell
I'm trying to create some azure monitor rules for the output of log searches, doing this through the web UI is simple enough but I want to automate this through the CLI.
Looking through the ...
- 43
4
votes
2
answers
3k
views
Azure Application Insights with Azure Function. Log Debug not showing up
My Azure function is currently logging to Application Insights.
While Logs generated by logger.logInformation line is showing up on Application Insights, logs generated by logger.logDebug line is not ...
- 538
4
votes
2
answers
3k
views
Getting logs for Azure Container Instance that freezes
We have an Azure Container instance that seems to be freezing under heavy load. And we are able to cause this through a load test. I am not looking for the exact solution to that right now, but what I ...
- 667
4
votes
2
answers
3k
views
How to determine cause of Azure EventGrid message delivery failure?
How do I determine the cause of an EventGrid message delivery failure?
Tried so far:
Set a Diagnostic Setting on the EventGrid System Topic
Open Log Analytics and query the AEGDeliveryFailureLogs ...
- 1,788
4
votes
1
answer
1k
views
How to monitor Application Event Logs in Azure App Service?
We'd like to monitor the Application Event Logs (the Event Viewer - Application Log in a traditional Windows machine) in Azure App Service. The reason is if our app throws an unhandled exception and ...
- 733
4
votes
1
answer
3k
views
Is Azure Log Analytics and App Insights Resilient to DataCenter Failure within an Azure Region
Is app insights and log analytics redundant within a given Azure region (i.e. East US)? In other words, if a single DC within East US goes down, will App Insights and Log Analytics continue to ...
- 1,118
3
votes
1
answer
18k
views
Azure AKS application logs for the application running in Pod from Azure Portal?
We can access pod related logs from Log Analytics Workspace but there are no app logs (similar to what we see in kubectl get events).
I was referring the Azure documentation but I am still unable to ...
- 311