Forum Discussion
Need to join the Azure diagnostics and Resource specific
Dear Team,
I am looking for getting the result of both tables (Azure diagnostics and Resource specific) in a single query.
we have configured with both options in the log analytics workspace server
I have a query about Azure diagnostics.
1. To get failed backup job
let Events = AzureDiagnostics
| where Category == "AzureBackupReport"; Events
| extend JobOperationSubType_s = columnifexists("JobOperationSubType_s", "")
| where OperationName == "Job" and JobOperation_s == "Backup" and JobStatus_s == "Failed" and JobOperationSubType_s != "Log" and JobOperationSubType_s != "Recovery point_Log"
| distinct JobUniqueId_g, BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s
| project BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s
| join kind=leftouter ( Events
| where OperationName == "BackupItem"
| distinct BackupItemUniqueId_s, BackupItemFriendlyName_s
| project BackupItemUniqueId_s , BackupItemFriendlyName_s ) on BackupItemUniqueId_s
| project BackupItemFriendlyName_s, BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s
| extend Vault= Resource
| extend dt = todatetime(JobStartDateTime_s)
| summarize count() by BackupItemFriendlyName_s, JobStatus_s,JobFailureCode_s, Vault, BackupItemUniqueId_s, NewDateTime=dt, JobStartDateTime_s
2 Backup History for Selected VM
let Events = AzureDiagnostics
| where TimeGenerated > ago(30d)
| where Category == "AzureBackupReport"; Events
| extend JobOperationSubType_s = columnifexists("JobOperationSubType_s", "")
| where OperationName == "Job" and JobOperation_s == "Backup" and JobOperationSubType_s != "Log" and JobOperationSubType_s != "Recovery point_Log"
| distinct JobUniqueId_g, BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s
| project BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s
| join kind=leftouter ( Events
| where OperationName == "BackupItem"
| distinct BackupItemUniqueId_s, BackupItemFriendlyName_s
| project BackupItemUniqueId_s , BackupItemFriendlyName_s ) on BackupItemUniqueId_s
| project BackupItemFriendlyName_s, BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s
| extend Vault= Resource
| extend dt = todatetime(JobStartDateTime_s)
| where BackupItemFriendlyName_s in ("GZ-xxxxxxx","GX-xxxxxxxxx")
| summarize count() by BackupItemFriendlyName_s, JobStatus_s,JobFailureCode_s, Vault, NewDateTime=dt, JobStartDateTime_s
3 Restore History for Selected VM
let Events = AzureDiagnostics
| where TimeGenerated > ago(300d)
| where Category == "AzureBackupReport"; Events
| extend JobOperationSubType_s = columnifexists("JobOperationSubType_s", "")
| where OperationName == "Job"
| where JobOperation_s == "Restore" or JobOperation_s == "Recovery"
| distinct JobUniqueId_g, BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s , JobOperation_s
| project BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s, JobOperation_s
| join kind=leftouter ( Events
| where OperationName == "BackupItem"
| distinct BackupItemUniqueId_s, BackupItemFriendlyName_s
| project BackupItemUniqueId_s , BackupItemFriendlyName_s ) on BackupItemUniqueId_s
| project BackupItemFriendlyName_s, BackupItemUniqueId_s, JobStatus_s, Resource, JobFailureCode_s, JobStartDateTime_s , JobOperation_s
| extend Vault= Resource
| extend dt = todatetime(JobStartDateTime_s)
| where BackupItemFriendlyName_s in ("GZ-xxxxxxxxx","GX-xxxxxxxxxx")
| summarize count() by BackupItemFriendlyName_s, JobStatus_s,JobFailureCode_s, Vault, NewDateTime=dt, JobStartDateTime_s ,JobOperation_s
6 Replies
- Hi,
Have you looked into using workbooks to visualize this information? Even if it is possible to get all this data in one query result, I think it would make more sense to build a workbook that you can use as a backup report.Anders Bengtsson yes, we are using log analytics workspace. It not sure how to build a single query. Can you help with this, please?
- Hi,
Before we start writing new queries, I want to make sure you have looked at Backup Explorer.
If you go into your Backup Vault, there is a link to Backup Explorer. It is in early status but might be what you are looking for. For more information see https://docs.microsoft.com/en-us/azure/backup/monitor-azure-backup-with-backup-explorer#:~:text=Backup%20Explorer%20is%20a%20built,%2C%20resource%20groups%2C%20and%20vaults.
