Forum Discussion

Simon_y_lee's avatar
Simon_y_lee
Copper Contributor
Feb 15, 2020

Log analytics customisation

Hi All,   I am pretty new to azure log analytics and would appreciate if anyone would help me with below questions.    The setting on my subscription is that all the Azure firewall logs are sent ...
Azure Log Analytics
azure monitor
Noa Kuperberg's avatar
Noa Kuperberg
Icon for Microsoft rankMicrosoft
Feb 19, 2020

Simon_y_lee 

A1 - The example provided below is great, because if parses the relevant fields and you'll only need to add a "where" clause to the query:

...
| where SourceIP == "1.2.3.4"

 A2 - the 10K limit is a UI limit, which you currently can't bypass.

What you can do is:

- Run your queries through the LA API instead, which will return the full resultset

- Run your queries through PowerBI

- Scope your query to a specific time frame (last hour, last 6 hours etc.) which may produce smaller resultsets and not reach the 10K limit.

A3 - After running the query, select Export from the action bar (top area) and export to CSV.

Resources