cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Home

Analytics Query on Application Gateway Logs

%3CLINGO-SUB%20id%3D%22lingo-sub-242798%22%20slang%3D%22en-US%22%3EAnalytics%20Query%20on%20Application%20Gateway%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-242798%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20all%20my%20Application%20Gateway%20logs%20going%20to%20a%20Log%20Analytics%20work%20space.%20I%20want%20to%20query%20this%20data%20to%20show%20any%20URIs%20with%20a%20specific%20key%20word.%20Can%20someone%20point%20me%20in%20the%20right%20direction%20of%20how%20to%20query%20this%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-242798%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Insights%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-245482%22%20slang%3D%22en-US%22%3ERe%3A%20Analytics%20Query%20on%20Application%20Gateway%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-245482%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-244962%22%20slang%3D%22en-US%22%3ERe%3A%20Analytics%20Query%20on%20Application%20Gateway%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-244962%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20have%20a%20few%20logs%20of%20types%20that%20are%20logged%20in%20Log%20Analytics%20by%20Application%20Gateways.%20Let's%20assume%20you%20are%20talking%20about%20access%20logs.%3C%2FP%3E%0A%3CP%3EExample%20query%20for%20that%20would%20be%3C%2FP%3E%0A%3CPRE%3EAzureDiagnostics%20%0A%7C%20where%20Category%20%3D%3D%20%22ApplicationGatewayAccessLog%22%20%0A%7C%20where%20requestUri_s%20contains%20%22myadmin%22%20%3C%2FPRE%3E%0A%3CP%3Eyou%20can%20replace%20'myadmin%22%20with%20something%20else.%20Here%20is%20the%20documentation%20on%20contains%20and%20the%20other%20string%20operators%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.loganalytics.io%2Fdocs%2FLearn%2FTutorials%2FString-operations%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.loganalytics.io%2Fdocs%2FLearn%2FTutorials%2FString-operations%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Stefanie Cortese
Stefanie Cortese
Occasional Contributor

‎09-06-2018 08:44 AM

‎09-06-2018 08:44 AM

Analytics Query on Application Gateway Logs

I have all my Application Gateway logs going to a Log Analytics work space. I want to query this data to show any URIs with a specific key word. Can someone point me in the right direction of how to query this? 

2,811 Views
0 Likes
2 Replies
Reply
2 Replies
Stanislav Zhelyazkov

‎09-07-2018 07:00 AM

‎09-07-2018 07:00 AM

Solution

Re: Analytics Query on Application Gateway Logs

You have a few logs of types that are logged in Log Analytics by Application Gateways. Let's assume you are talking about access logs.

Example query for that would be

AzureDiagnostics 
| where Category == "ApplicationGatewayAccessLog" 
| where requestUri_s contains "myadmin"

you can replace 'myadmin" with something else. Here is the documentation on contains and the other string operators:

https://docs.loganalytics.io/docs/Learn/Tutorials/String-operations

Best Response confirmed by Stanislav Zhelyazkov (MVP)
1 Like
Reply
Stefanie Cortese

‎09-07-2018 10:31 AM

‎09-07-2018 10:31 AM

Re: Analytics Query on Application Gateway Logs

Thank you!

0 Likes
Reply
Related Conversations
Tabs and Dark Mode
 cjc2112 in Discussions on 09-18-2019
46 Replies
What is Canary ring in Windows insider program? and how do we get them?
 HotCakeX in Windows Insider Program on 09-27-2019
9 Replies
The announcement regarding self-service purchase capabilities for Power Platform products??
 Kelly E in Office 365 on 10-21-2019
64 Replies
Extentions Synchronization
 Deleted in Discussions on 11-13-2019
3 Replies
Stable version of Edge insider browser
 HotCakeX in Discussions on 10-12-2019
35 Replies
flashing a white screen while open new tab
 Deleted in Discussions on 10-05-2019
14 Replies