Forum Discussion
Problem with log queries
When using the Azure Log Analytics with the AIP Data Discovery reports, i'm getting a lot of fields with red squiggles indicating that they are not being recognized as valid field names, has anyone e...
Dean_Gross - do you mean when you click the "Log Analytics" button on the Data Discovery report under "Analytics" section of the AIP blade?
When I click that, I see this view in Log Analytics:
Note the red underlines that appear after the line with "hint.strategy".
To me, that looks like a malformed query, given that there is also a line space that stops the second half being executed by default.
If you remove the line space, and also these lines:
| extend uniqeId = iff(Location_s =~ "Endpoint", strcat(MachineName_s, ObjectId_s), ObjectId_s)
| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by uniqeId
then the red underlines all disappear and the query appears to work much better.
I don't necessarily think it's a bug but I do think the link between the Data Discovery report and Log Analytics hasn't been configured correctly so it initiates the Log Analytics query incorrectly.
Someone with better knowledge of Kusto may want to correct me of course!