Forum Discussion

Rajinder Rahul's avatar
Rajinder Rahul
Copper Contributor
Feb 17, 2018

Help with Disk query in Log Analytics

Hi   I was wondering if I could get some help with Log analytics. New to this so bear with me.   I'm trying to create a query that will provide informtaion on disk utilisation in Azure. I've ...
  • Noa Kuperberg's avatar
    Feb 18, 2018

    Hi Rajinder Rahul,

     

    Your question is very popular, indeed many times users want to get the latest report of a computer performance counter (such as free space). Note that the overall size of the disk is not reported AFAIK but the free percent of it and free MB are.

     

    First, I highly recommend to start with the table name (Perf), to avoid unneeded search of the entire DB.

     

    To get the latest report I suggest using "arg_max", which would be more accurate than "summarize min". "arg_max" is intended exactly to return the the record that has a maximum value, in this case the record with the maximum TimeGenerated (meaning it is the latest record found). For example:

    Perf
    | where TimeGenerated > ago(1d)
    | where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
    | summarize (TimeGenerated, Free_Space_Percent)=arg_max(TimeGenerated, CounterValue) by Computer, InstanceName
    | where strlen(InstanceName) ==2 and InstanceName contains ":"

     

    The above example will returns the maximum free space percent for each computer and instance:

    The same can be done for free MB.

     

    To combine the results of both calculations I recommend using "Join", which lets you match results by computer and instance names. See the join example here.

    The results look like this:

    HTH,

    Noa

     

Resources