Forum Discussion

Rajinder Rahul's avatar
Rajinder Rahul
Copper Contributor
Feb 17, 2018
Solved

Help with Disk query in Log Analytics

Hi   I was wondering if I could get some help with Log analytics. New to this so bear with me.   I'm trying to create a query that will provide informtaion on disk utilisation in Azure. I've ...
azure monitor
Query Language
  • Noa Kuperberg's avatar
    Noa Kuperberg
    Feb 18, 2018

    Hi Rajinder Rahul,

     

    Your question is very popular, indeed many times users want to get the latest report of a computer performance counter (such as free space). Note that the overall size of the disk is not reported AFAIK but the free percent of it and free MB are.

     

    First, I highly recommend to start with the table name (Perf), to avoid unneeded search of the entire DB.

     

    To get the latest report I suggest using "arg_max", which would be more accurate than "summarize min". "arg_max" is intended exactly to return the the record that has a maximum value, in this case the record with the maximum TimeGenerated (meaning it is the latest record found). For example:

    Perf
| where TimeGenerated > ago(1d)
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| summarize (TimeGenerated, Free_Space_Percent)=arg_max(TimeGenerated, CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":"

     

    The above example will returns the maximum free space percent for each computer and instance:

    The same can be done for free MB.

     

    To combine the results of both calculations I recommend using "Join", which lets you match results by computer and instance names. See the join example here.

    The results look like this:

    HTH,

    Noa

     
Noa Kuperberg's avatar
Noa Kuperberg
Icon for Microsoft rankMicrosoft
Feb 18, 2018

Hi Rajinder Rahul,

 

Your question is very popular, indeed many times users want to get the latest report of a computer performance counter (such as free space). Note that the overall size of the disk is not reported AFAIK but the free percent of it and free MB are.

 

First, I highly recommend to start with the table name (Perf), to avoid unneeded search of the entire DB.

 

To get the latest report I suggest using "arg_max", which would be more accurate than "summarize min". "arg_max" is intended exactly to return the the record that has a maximum value, in this case the record with the maximum TimeGenerated (meaning it is the latest record found). For example:

Perf
| where TimeGenerated > ago(1d)
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| summarize (TimeGenerated, Free_Space_Percent)=arg_max(TimeGenerated, CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":"

 

The above example will returns the maximum free space percent for each computer and instance:

The same can be done for free MB.

 

To combine the results of both calculations I recommend using "Join", which lets you match results by computer and instance names. See the join example here.

The results look like this:

HTH,

Noa

 
Pratyusha1609's avatar
Pratyusha1609
Copper Contributor
Apr 19, 2021

Noa Kuperberg 

Hi Noa, the "% Free Space" query somehow does not show any data for me.
I have a log analytics workspace with 2 VMs connected. 

Any idea why they dont show? What setting am I missing here ?

Resources