Forum Discussion
RĂ©gis Baccaro
Microsoft
Jan 23, 2018AzureDiagnostics log management
Hi,
I am running the following query
AzureDiagnostics
| summarize count(CallerIPAddress) by HttpMethod_s , bin(TimeGenerated, 2m)
that gives me the type of request grouped by IP Address for a period of time
But when I look at the documentation there is no "AzureDiagnostics" log management category. the query works fine though.
If I look at the CallerIPAddress column it appears AzureMetrics, AzureActivity and ReservedCommonFields but there is no HttpMethod_s there.
So my question is : Is there a documented to get activity grouped by HttpMethods and CallerIPAddresses ?
Thanks
Regis
Hi
AzureActivity table contains the azure activity log if you have configure it to be send to Log Analytics. This log does contain HTTP methods but only for certain operations so basically your Activity log needs to have such operations. HTTP method in AzureActivity table is located in json object called HTTPRequest. Inside the json object you have a few fields one of which is method. So in your case the query will look like this:
AzureActivity | summarize count(CallerIpAddress) by tostring(parsejson(HTTPRequest).method) , bin(TimeGenerated, 2m)
AzureDiagnostics table can contain diagnostics logs from multiple azure services. For a full list of supported services see here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-diagnostic-logs-schema . Of course with this log you will have to configure the resources you have to send the logs to Log Analytics.
The situation is the same with AzureMetrics table. See https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics
So both of these tables will depend on what services you've configured to send logs to Log Analytics. If any of the services does not have HttpMethod field than such will not be present in Log Analytics.
Hi
AzureActivity table contains the azure activity log if you have configure it to be send to Log Analytics. This log does contain HTTP methods but only for certain operations so basically your Activity log needs to have such operations. HTTP method in AzureActivity table is located in json object called HTTPRequest. Inside the json object you have a few fields one of which is method. So in your case the query will look like this:
AzureActivity | summarize count(CallerIpAddress) by tostring(parsejson(HTTPRequest).method) , bin(TimeGenerated, 2m)
AzureDiagnostics table can contain diagnostics logs from multiple azure services. For a full list of supported services see here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-diagnostic-logs-schema . Of course with this log you will have to configure the resources you have to send the logs to Log Analytics.
The situation is the same with AzureMetrics table. See https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics
So both of these tables will depend on what services you've configured to send logs to Log Analytics. If any of the services does not have HttpMethod field than such will not be present in Log Analytics.