Azure log analytics Query
The following are prerequisites before using the log analytics
- Create workspace
It is a data repository configured to store data For collecting resource logs in a workspace, to analyzing logs with queries and filters.
Go to the workspace, by default no logs then start configuring log sources
You can choose logs from VM or storage accounts or subscription or resources to connect what event you want
The following are prerequisites before we use log analytics queries
Example for the VM
For other resources go to the resource you need then diagnostic settings
Then send the log to analytics
Now let’s go to the log analytics workspace and start a simple query and filter
Choose the data source, you will have a list of data sources
The queries are using a version of KUSTO query Language
https://docs.microsoft.com/en-us/azure/kusto/query/
you don’t have to know the language I will show you how to query with just filtering
start typing the source and it will continue for example this is for azure activities logs
then the condition will start as a menu
And the rest of the query by pressing the tab
You don’t even have to do that you can just filter start choose by anything by resources or resource group or subscription 
if you don’t see something in the Filter you can press the select filters icon
After choosing the filter and apply it
The query will be ready
