Azure log analytics Query


The following are prerequisites before using the log analytics

  • Create workspace

It is a data repository configured to store data For collecting resource logs in a workspace, to analyzing logs with queries and filters.

Go to the workspace, by default no logs then start configuring log sources

You can choose logs from VM or storage accounts or subscription or resources to connect what event you want

The following are prerequisites before we use log analytics queries

Example for the VM

For other resources go to the resource you need then diagnostic settings

Then send the log to analytics

Now let’s go to the log analytics workspace and start a simple query and filter

Choose the data source, you will have a list of data sources

The queries are using a version of KUSTO query Language

https://docs.microsoft.com/en-us/azure/kusto/query/

you don’t have to know the language I will show you how to query with just filtering

start typing the source and it will continue for example this is for azure activities logs

then the condition will start as a menu

And the rest of the query by pressing the tab

You don’t even have to do that you can just filter start choose by anything by resources or resource group or subscription

if you don’t see something in the Filter you can press the select filters icon

After choosing the filter and apply it

The query will be ready

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: