Forum Discussion
How to group computers based on where they reside: Azure VM or Datacenter
I used this basic query to find several computers that had the word LINK in their name:
Heartbeat | where Computer contains "LINK" | distinct Computer
It worked fine, just as I wanted. My question is where can I find documentation on what the word here, capitalized: Computer is, in the context of the query language? IOW, what is the computer data type? Does it have metadata I can search through? More importantly, where can find a good guide to go and look up these things myself without having to ask here?
I would like to search through not just the list of computers I've installed the MMA on or connected to within Azure, but also list, for example, the above query, but only for those with LINK in the name that are Azure VMs, but not real systems or VMs in the datacenter. Where is that value, if it exists at all, stored?
- Hi Seems like you are just starting with Log Analytics so in this case I suggest to start with going trough the documentation: https://docs.microsoft.com/en-us/azure/log-analytics/ Also good way to learn is the documentation for the query language: https://docs.loganalytics.io/index There is also link to demo environment you can access to try out. There is also free OMS book available which was written when there was only the old search syntax but the concepts are the same: https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 To answer your question shortly: Data in Log Analytics is stored in tables. Those tables have different columns that could be string, integer, etc. The tables are filled with data by different solution by using different data sources. For example data source could be windows agent and performance counter or diagnostic logs from Azure Monitor. That is the short answer for more details you will have to do some readings on the links I've posted to you.
5 Replies
- Hi Seems like you are just starting with Log Analytics so in this case I suggest to start with going trough the documentation: https://docs.microsoft.com/en-us/azure/log-analytics/ Also good way to learn is the documentation for the query language: https://docs.loganalytics.io/index There is also link to demo environment you can access to try out. There is also free OMS book available which was written when there was only the old search syntax but the concepts are the same: https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 To answer your question shortly: Data in Log Analytics is stored in tables. Those tables have different columns that could be string, integer, etc. The tables are filled with data by different solution by using different data sources. For example data source could be windows agent and performance counter or diagnostic logs from Azure Monitor. That is the short answer for more details you will have to do some readings on the links I've posted to you.
Thanks, Stanislav!
Looks like your book was recently updated to version 2.
Appreciate it, but would love to see a complete reference to a terms in the LA query language!
Dave
- Hi At some point we will update the book with the new language as well but we will not be doing full reference of the language in the book like in the current version. This is because you have full reference in the link I've pasted. The documentation site for the new query language contains everything you need for examples to tutorials and full references. We did reference for the old language because we thought that it was not well documented and the documentation was not very well structured.
