Forum Discussion

Dave Franklyn's avatar
Dave Franklyn
MCT
Nov 30, 2017
Solved

How to group computers based on where they reside: Azure VM or Datacenter

I used this basic query to find several computers that had the word LINK in their name:   Heartbeat | where Computer contains "LINK" | distinct Computer   It worked fine, just as I wanted.  M...
azure monitor
Query Language
  • Stanislav_Zhelyazkov's avatar
    Stanislav_Zhelyazkov
    Nov 30, 2017
    Hi Seems like you are just starting with Log Analytics so in this case I suggest to start with going trough the documentation: https://docs.microsoft.com/en-us/azure/log-analytics/ Also good way to learn is the documentation for the query language: https://docs.loganalytics.io/index There is also link to demo environment you can access to try out. There is also free OMS book available which was written when there was only the old search syntax but the concepts are the same: https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 To answer your question shortly: Data in Log Analytics is stored in tables. Those tables have different columns that could be string, integer, etc. The tables are filled with data by different solution by using different data sources. For example data source could be windows agent and performance counter or diagnostic logs from Azure Monitor. That is the short answer for more details you will have to do some readings on the links I've posted to you.
Dave Franklyn's avatar
Dave Franklyn
MCT
Dec 01, 2017

Thanks, Stanislav!

 

Looks like your book was recently updated to version 2.

 

Appreciate it, but would love to see a complete reference to a terms in the LA query language!

 

Dave

Stanislav_Zhelyazkov's avatar
Stanislav_Zhelyazkov
MVP
Dec 01, 2017
Hi At some point we will update the book with the new language as well but we will not be doing full reference of the language in the book like in the current version. This is because you have full reference in the link I've pasted. The documentation site for the new query language contains everything you need for examples to tutorials and full references. We did reference for the old language because we thought that it was not well documented and the documentation was not very well structured.
  • Dave Franklyn's avatar
    Dave Franklyn
    MCT
    Dec 04, 2017

    Thanks for that reply.  I should tell you, as we're both MVPs, I have a lot less experience on data manipulation than infrastructure, but I am fascinated by this subject!

     

    Also, I should have entitled my question here as HOW DO I group computers on where they reside: Azure or Datacenter? <-- with that important question mark!

     

    So, how do I?  In other words, I have a number of Azure VMs, all connected to Log Analytics, and also a number of VMs running on physical hosts in my datacenter, that are all running the MMA.  How can I find without already knowing aspects like names or domain, which are in Azure and which are in the datacenter?  I thought there might be a single point of data that this information is kept. 

     

    If the answer is there is no such data point, then fine, I just can't find one, but that sure doesn't mean there isn't one.   I suppose I could use a subnet address or ensure a naming convention that would keep some distinction. 

     

    Dave

     

     

    • Stanislav_Zhelyazkov's avatar
      Stanislav_Zhelyazkov
      MVP
      Dec 04, 2017

      Hi

      Log Analytics knows which Computers are Azure and which are not.

      Azure Computers

       

      Heartbeat |  where ComputerEnvironment == 'Azure' | distinct Computer

      Non-Azure Computers

      Heartbeat |  where ComputerEnvironment != 'Azure' | distinct Computer

      Hope this helps. ComputerEnvironment field is present in other tables as well.