Forum Discussion
How to group computers based on where they reside: Azure VM or Datacenter
- Hi Seems like you are just starting with Log Analytics so in this case I suggest to start with going trough the documentation: https://docs.microsoft.com/en-us/azure/log-analytics/ Also good way to learn is the documentation for the query language: https://docs.loganalytics.io/index There is also link to demo environment you can access to try out. There is also free OMS book available which was written when there was only the old search syntax but the concepts are the same: https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 To answer your question shortly: Data in Log Analytics is stored in tables. Those tables have different columns that could be string, integer, etc. The tables are filled with data by different solution by using different data sources. For example data source could be windows agent and performance counter or diagnostic logs from Azure Monitor. That is the short answer for more details you will have to do some readings on the links I've posted to you.
Thanks, Stanislav!
Looks like your book was recently updated to version 2.
Appreciate it, but would love to see a complete reference to a terms in the LA query language!
Dave
- Hi At some point we will update the book with the new language as well but we will not be doing full reference of the language in the book like in the current version. This is because you have full reference in the link I've pasted. The documentation site for the new query language contains everything you need for examples to tutorials and full references. We did reference for the old language because we thought that it was not well documented and the documentation was not very well structured.
Thanks for that reply. I should tell you, as we're both MVPs, I have a lot less experience on data manipulation than infrastructure, but I am fascinated by this subject!
Also, I should have entitled my question here as HOW DO I group computers on where they reside: Azure or Datacenter? <-- with that important question mark!
So, how do I? In other words, I have a number of Azure VMs, all connected to Log Analytics, and also a number of VMs running on physical hosts in my datacenter, that are all running the MMA. How can I find without already knowing aspects like names or domain, which are in Azure and which are in the datacenter? I thought there might be a single point of data that this information is kept.
If the answer is there is no such data point, then fine, I just can't find one, but that sure doesn't mean there isn't one. I suppose I could use a subnet address or ensure a naming convention that would keep some distinction.
Dave
