SOLVED
Home

Help with Disk query in Log Analytics

%3CLINGO-SUB%20id%3D%22lingo-sub-160239%22%20slang%3D%22en-US%22%3EHelp%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160239%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20was%20wondering%20if%20I%20could%20get%20some%20help%20with%20Log%20analytics.%20New%20to%20this%20so%20bear%20with%20me.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20trying%20to%20create%20a%20query%20that%20will%20provide%20informtaion%20on%20disk%20utilisation%20in%20Azure.%20I've%20gottwo%20commands%20(below)%2C%20however%20I'm%20not%20able%20to%20merge%20them%20as%20I%20would%20like%20one%20query%20which%20gives%20me%20%25%20free%20space%2C%20overall%20size%20of%20disk%2C%20name%20of%20vm%20and%20name%20of%20disk.%20Anything%20else%20I%20can%20get%20in%20terms%20of%20disk%20usage%20would%20be%20great%2C%20not%20overly%20concerned%20with%20IOPs%20at%20the%20moment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20commands%20are%3A%3C%2FP%3E%0A%3CP%3EThsi%20proivides%20info%20on%20free%20space%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3Esearch%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22%25%20Free%20Space%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20one%20provides%20information%20on%20free%20Mb%20remaining.%3C%2FP%3E%0A%3CP%3Esearch%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22Free%20Megabytes%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20have%20tried%20this%20which%20helps%2C%20but%20again%20information%20is%20quite%20limited%3C%2FP%3E%0A%3CP%3Esearch%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22Free%20Megabytes%22%20and%20TimeGenerated%20%26gt%3B%20ago(1d)%20%3CBR%20%2F%3E%7C%20summarize%20FreeSpace%20%3D%20min(CounterValue)%20by%20Computer%2C%20InstanceName%3CBR%20%2F%3E%7C%20where%20strlen(InstanceName)%20%3D%3D2%20and%20InstanceName%20contains%20%22%3A%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20in%20advance%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-160239%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Insights%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-259714%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-259714%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Satish%2C%3C%2FP%3E%0A%3CP%3EPlease%20try%20to%20post%20new%20questions%20as%20new%20posts%2C%20it%20will%20help%20us%20understand%20the%20real%20subject%2C%20and%20other%20users%20can%20perhaps%20find%20it%20useful%20too.%3C%2FP%3E%0A%3CP%3ETo%20your%20questions%2C%3C%2FP%3E%0A%3CP%3E1.%20Here's%20an%20example%20for%20calculating%20the%20average%20free%20memory%20over%20the%20last%2030%20days.%20Note%20that%20we%20don't%20query%26nbsp%3Ban%20entire%20subscription%2C%20we%20query%20a%20workspace%3A%3C%2FP%3E%0A%3CPRE%3EPerf%0A%7C%20where%20TimeGenerated%20%26gt%3B%20ago(30d)%20%0A%7C%20where%20Computer%20startswith%20%22Contoso%22%0A%7C%20where%20ObjectName%20%3D%3D%20%22Memory%22%20and%20%0A%20%20(CounterName%20%3D%3D%20%22Available%20MBytes%20Memory%22%20or%20%2F%2F%20the%20name%20used%20in%20Linux%20records%0A%20%20CounterName%20%3D%3D%20%22Available%20MBytes%22)%20%20%20%20%20%20%20%20%20%20%2F%2F%20the%20name%20used%20in%20Windows%20records%0A%2F%2F%20calculate%20the%20average%20free%20memory%20for%20each%20computer%0A%7C%20summarize%20avg_free_memory%3Davg(CounterValue)%20by%20Computer%3C%2FPRE%3E%0A%3CP%3E2.%20Free%20disk%20space%3A%3C%2FP%3E%0A%3CPRE%3EPerf%0A%7C%20where%20TimeGenerated%20%26gt%3B%20ago(30d)%0A%7C%20where%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20or%20%20%2F%2F%20the%20object%20name%20used%20in%20Windows%20records%0A%20%20ObjectName%20%3D%3D%20%22Logical%20Disk%22%20%20%20%20%20%20%20%20%20%20%2F%2F%20the%20object%20name%20used%20in%20Linux%20records%0A%7C%20where%20CounterName%20%3D%3D%20%22Free%20Megabytes%22%0A%7C%20summarize%20avg_free_disk_MB%3Davg(CounterValue)%20by%20Computer%2C%20InstanceName%3C%2FPRE%3E%0A%3CP%3EHTH%2C%3C%2FP%3E%0A%3CP%3ENoa%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-253439%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-253439%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Noa%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20please%20help%20me%20with%20query%20for%20the%20vm%20names%20starting%20with%20%22%20ZEXXXXX0000-%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EMemory%20utilization%20average%20for%20a%20cloud%20environment%2Fsubscriptions%20over%20a%20period%20of%2030%20days.%3C%2FLI%3E%3CLI%3EC%3A%5C%20and%20all%20data%20drives%20utilization%20over%20a%20period%20of%2030%20days.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ESatish%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-175826%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-175826%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Gin%2C%3C%2FP%3E%0A%3CP%3ETry%20%3CA%20href%3D%22https%3A%2F%2Fportal.loganalytics.io%2FDemo%3Fq%3DH4sIAAAAAAAAA72ST0vEMBDF74V8hyGnFlylHpUKoiCCqIjoscyms92s%252BbMkqUXxwztZRNvDXgQ9ZjLv914eMZTg%252FLVvL3V8aZ%252BDTtSI4p7CCkTxAeOaAsGjtnRFjgIm6uAMsPdlva4mG3fLDal0i5agaUDe%252BF4rNJkpAV0HF35wicL3AjseQr6GSOpoZysnuJiCIVdeu5jQKcqyinXHO9Z0Csq7hNpFkCcy6%252BNgLQb9ToD8qDGDW7Zo%252BFR%252BhXhCMzBu%252Bcap7HbgycGMeSoKMy3lgbD7%252F06y619UEpj7i0bmXyRjN147KEUBMK%252BKM1fg3R5UVm6Dz80scMQfx3q%252BV4viE7onBA2aAgAA%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20query%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTH%2C%3C%2FP%3E%0A%3CP%3ENoa%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169103%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169103%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Noa%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESorry%20for%20the%20direct%20approach..%20A%20quick%20question%20again%2C%20if%20I%20may.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20trying%20to%20find%20the%26nbsp%3BAvg.%20Disk%20sec%2FWrite%20and%20Avg.%20Disk%20sec%2FRead%20on%20disks%20in%20azure%20using%20log%20analytics%2C%26nbsp%3Bbut%20I%20keep%20getting%20errors.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20tried%20modifying%20your%20query%20to%20the%20one%20below%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPerf%20%3CBR%20%2F%3E%7C%20where%20TimeGenerated%20%26gt%3B%20ago(7d)%20%3CBR%20%2F%3E%7C%20where%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22Avg.%20Disk%20sec%2FWrite%22%20%3CBR%20%2F%3E%7C%20summarize%20(TimeGenerated%2C%20Avg_Disk_Write)%3Darg_max(TimeGenerated%2C%20CounterValue)%20by%20Computer%2C%20InstanceName%20%3CBR%20%2F%3E%7C%20where%20strlen(InstanceName)%20%3D%3D2%20and%20InstanceName%20contains%20%22%3A%22%3B%3CBR%20%2F%3Elet%20Avg_Disk_Write%3D%3CBR%20%2F%3EPerf%20%3CBR%20%2F%3E%7C%20where%20TimeGenerated%20%26gt%3B%20ago(7d)%20%3CBR%20%2F%3E%7C%20where%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22Avg.%20Disk%20sec%2FRead%22%20%3CBR%20%2F%3E%7C%20summarize%20(TimeGenerated%2C%20Avg_Disk_Read)%3Darg_max(TimeGenerated%2C%20CounterValue)%20by%20Computer%2C%20InstanceName%20%3CBR%20%2F%3E%7C%20where%20strlen(InstanceName)%20%3D%3D2%20and%20InstanceName%20contains%20%22%3A%22%3B%3CBR%20%2F%3EAvg_Disk_Read%3CBR%20%2F%3E%7C%20join%20(%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%20disk_free_MB%20%3CBR%20%2F%3E)%20on%20Computer%2C%20InstanceName%3CBR%20%2F%3E%7C%20project%20Computer%2C%20InstanceName%2C%20Avg_Disk_Write%2C%20Avg_Disk_Read%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20then%20tried%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPerf%20%7C%26nbsp%3Bwhere%26nbsp%3BObjectName%20%3D%3D%26nbsp%3B%22Capacity%20and%20Performance%22%26nbsp%3Band%26nbsp%3B(CounterName%20%3D%3D%26nbsp%3B%22VHD%20Reads%2Fs%22%26nbsp%3Bor%26nbsp%3BCounterName%20%3D%3D%26nbsp%3B%22VHD%20Writes%2Fs%22)%20%7C%26nbsp%3Bsummarize%26nbsp%3BAggregatedValue%20%3D%20avg(CounterValue)%26nbsp%3Bby%26nbsp%3Bbin(TimeGenerated%2C%26nbsp%3B7d)%2C%20CounterName%2C%20InstanceName%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENone%20of%20which%20have%20helped%2C%20I%20was%20hoping%20you%20could%20point%20me%20in%20the%20right%20direction...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20trying%20to%20understand%20the%20IOPS%20for%20disks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHope%20you%20don't%20mind%20me%20contacting%20you%20directly%2C%20if%20you'd%20like%20me%20to%20raise%20it%20as%20a%20seperate%20question%2C%20please%20let%20me%20know..%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%3C%2FP%3E%0A%3CP%3EGin%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-161439%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-161439%22%20slang%3D%22en-US%22%3E%3CP%3EHey%2C%3C%2FP%3E%0A%3CP%3EYou%20can%20do%20the%20same%20calculation%20with%20many%20disk%20counters.%3C%2FP%3E%0A%3CP%3EI%20checked%20the%20%3CA%20href%3D%22https%3A%2F%2Fportal.loganalytics.io%2FDemo%3Fq%3DH4sIAAAAAAAAAwtILUrj5apRKM9ILUpVCMnMTXVPzUstSixJTVGwU0hMz9cwTNFEKPBPykpNLvFLzE1VsLVVUPLJT89MTsxxySzOVgIpSsksLsnMSy5RcM4vzStJLQIpBADw1rvHYgAAAA%253D%253D%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ereports%20from%20the%20last%20day%3C%2FA%3E%20to%20evaluate%20that%20(I%20believe%20it%20covers%20all%20or%20most%20of%20the%20possible%20disk%20counters)%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EDisk%20Transfers%2Fsec%3C%2FLI%3E%0A%3CLI%3ECurrent%20Disk%20Queue%20Length%3C%2FLI%3E%0A%3CLI%3EAvg.%20Disk%20sec%2FWrite%3C%2FLI%3E%0A%3CLI%3EAvg.%20Disk%20sec%2FRead%3C%2FLI%3E%0A%3CLI%3EDisk%20Reads%2Fsec%3C%2FLI%3E%0A%3CLI%3E%25%20Free%20Space%3C%2FLI%3E%0A%3CLI%3EFree%20Megabytes%3C%2FLI%3E%0A%3CLI%3EDisk%20Writes%2Fsec%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160501%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160501%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Noa%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat's%20a%20great%20help%2C%20would%20you%20know%20if%20I%20can%20get%20%22%25%20Used%20Space%22%2C%20would%20be%20good%20to%20add%20any%20other%20metrics%20I%20can%20regarding%20logicaldisk%20information%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160454%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160454%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Rajinder%20Rahul%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYour%20question%20is%20very%20popular%2C%20indeed%20many%20times%20users%20want%20to%20get%20the%20latest%20report%20of%20a%20computer%20performance%20counter%20(such%20as%20free%20space).%20Note%20that%20the%20overall%20size%20of%20the%20disk%20is%20not%20reported%20AFAIK%20but%20the%20free%20percent%20of%20it%20and%20free%20MB%20are.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFirst%2C%20%3CU%3EI%20highly%20recommend%20to%20start%20with%20the%20table%20name%20(Perf)%3C%2FU%3E%2C%20to%20avoid%20unneeded%20search%20of%20the%20entire%20DB.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20get%20the%20latest%20report%20I%20suggest%20using%20%22arg_max%22%2C%20which%20would%20be%20more%20accurate%20than%20%22summarize%20min%22.%20%22arg_max%22%20is%20intended%20exactly%20to%20return%20the%20the%20record%20that%20has%20a%20maximum%20value%2C%20in%20this%20case%20the%20record%20with%20the%20maximum%20TimeGenerated%20(meaning%20it%20is%20the%20latest%20record%20found).%20For%20example%3A%3C%2FP%3E%0A%3CPRE%3EPerf%0A%7C%20where%20TimeGenerated%20%26gt%3B%20ago(1d)%0A%7C%20where%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22%25%20Free%20Space%22%0A%7C%20summarize%20(TimeGenerated%2C%20Free_Space_Percent)%3Darg_max(TimeGenerated%2C%20CounterValue)%20by%20Computer%2C%20InstanceName%0A%7C%20where%20strlen(InstanceName)%20%3D%3D2%20and%20InstanceName%20contains%20%22%3A%22%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20above%20example%20will%20returns%20the%20maximum%20free%20space%20percent%20for%20each%20computer%20and%20instance%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20940px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F28781i8830BA36F4440460%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22arg_max.png%22%20title%3D%22arg_max.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThe%20same%20can%20be%20done%20for%20free%20MB.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20combine%20the%20results%20of%20both%20calculations%20I%20recommend%20using%20%22Join%22%2C%20which%20lets%20you%20match%20results%20by%20computer%20and%20instance%20names.%20See%20the%20join%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fportal.loganalytics.io%2FDemo%3Fq%3DH4sIAAAAAAAAA82SQUvEMBCF74X%252Bh6EgtLAXPSr1sIoiWF1QvIZpOluzNpOSpOiKP940yroVC57E68x78x4f05GHRrknsbZEwvUoSfRkJbEv02RFdg1p8gbPj2QJ7pWmS2Ky6KmBU8DW5IdNsae4rTck%252FQ1qgrKE7Nq0SmJ3HgIyQG7gzAzsye4EB3ARcuFuzM3iHTdojVa9EuSTuEVUiqgUq4%252BGRYm2FRpfvks%252FYx6wG6iAehsGuh%252FCZAFX7DyypFjhq7jztiPO97dFaHgUW0880rBHxQ6y4%252BwkTboJwGr5F9Qis4parLee3K%252B4Vcv%252FAGvm0%252BLpjVEMeZoATHiGXQGGZ0qNxt6aEd%252BM4qe%252F2TGBd0vqNBX%252FAgAA%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eexample%20here%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EThe%20results%20look%20like%20this%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20838px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F28782i9E42EE4465131AC4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22join.png%22%20title%3D%22join.png%22%20%2F%3E%3C%2FSPAN%3EHTH%2C%3C%2FP%3E%0A%3CP%3ENoa%3C%2FP%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-657982%22%20slang%3D%22en-US%22%3ERe%3A%20Help%20with%20Disk%20query%20in%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-657982%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20to%20check%20the%20disk%20failure%20in%20log%20analytics%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119779%22%20target%3D%22_blank%22%3E%40Rajinder%20Rahul%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20wondering%20if%20I%20could%20get%20some%20help%20with%20Log%20analytics.%20New%20to%20this%20so%20bear%20with%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20create%20a%20query%20that%20will%20provide%20informtaion%20on%20disk%20utilisation%20in%20Azure.%20I've%20gottwo%20commands%20(below)%2C%20however%20I'm%20not%20able%20to%20merge%20them%20as%20I%20would%20like%20one%20query%20which%20gives%20me%20%25%20free%20space%2C%20overall%20size%20of%20disk%2C%20name%20of%20vm%20and%20name%20of%20disk.%20Anything%20else%20I%20can%20get%20in%20terms%20of%20disk%20usage%20would%20be%20great%2C%20not%20overly%20concerned%20with%20IOPs%20at%20the%20moment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20commands%20are%3A%3C%2FP%3E%3CP%3EThsi%20proivides%20info%20on%20free%20space%3A%26nbsp%3B%3C%2FP%3E%3CP%3Esearch%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22%25%20Free%20Space%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20one%20provides%20information%20on%20free%20Mb%20remaining.%3C%2FP%3E%3CP%3Esearch%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22Free%20Megabytes%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tried%20this%20which%20helps%2C%20but%20again%20information%20is%20quite%20limited%3C%2FP%3E%3CP%3Esearch%20ObjectName%20%3D%3D%20%22LogicalDisk%22%20and%20CounterName%20%3D%3D%20%22Free%20Megabytes%22%20and%20TimeGenerated%20%26gt%3B%20ago(1d)%3CBR%20%2F%3E%7C%20summarize%20FreeSpace%20%3D%20min(CounterValue)%20by%20Computer%2C%20InstanceName%3CBR%20%2F%3E%7C%20where%20strlen(InstanceName)%20%3D%3D2%20and%20InstanceName%20contains%20%22%3A%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Rajinder Rahul
New Contributor

Hi

 

I was wondering if I could get some help with Log analytics. New to this so bear with me.

 

I'm trying to create a query that will provide informtaion on disk utilisation in Azure. I've gottwo commands (below), however I'm not able to merge them as I would like one query which gives me % free space, overall size of disk, name of vm and name of disk. Anything else I can get in terms of disk usage would be great, not overly concerned with IOPs at the moment.

 

The commands are:

Thsi proivides info on free space: 

search ObjectName == "LogicalDisk" and CounterName == "% Free Space"

 

This one provides information on free Mb remaining.

search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes"

 

I have tried this which helps, but again information is quite limited

search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes" and TimeGenerated > ago(1d)
| summarize FreeSpace = min(CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":"

 

Thanks in advance :)

 

8 Replies
Solution

Hi Rajinder Rahul,

 

Your question is very popular, indeed many times users want to get the latest report of a computer performance counter (such as free space). Note that the overall size of the disk is not reported AFAIK but the free percent of it and free MB are.

 

First, I highly recommend to start with the table name (Perf), to avoid unneeded search of the entire DB.

 

To get the latest report I suggest using "arg_max", which would be more accurate than "summarize min". "arg_max" is intended exactly to return the the record that has a maximum value, in this case the record with the maximum TimeGenerated (meaning it is the latest record found). For example:

Perf
| where TimeGenerated > ago(1d)
| where ObjectName == "LogicalDisk" and CounterName == "% Free Space"
| summarize (TimeGenerated, Free_Space_Percent)=arg_max(TimeGenerated, CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":"

 

The above example will returns the maximum free space percent for each computer and instance:

arg_max.png

The same can be done for free MB.

 

To combine the results of both calculations I recommend using "Join", which lets you match results by computer and instance names. See the join example here.

The results look like this:

join.pngHTH,

Noa

 

Thanks Noa

 

That's a great help, would you know if I can get "% Used Space", would be good to add any other metrics I can regarding logicaldisk information

 

Thanks 

Hey,

You can do the same calculation with many disk counters.

I checked the reports from the last day to evaluate that (I believe it covers all or most of the possible disk counters)

  • Disk Transfers/sec
  • Current Disk Queue Length
  • Avg. Disk sec/Write
  • Avg. Disk sec/Read
  • Disk Reads/sec
  • % Free Space
  • Free Megabytes
  • Disk Writes/sec

Hi Noa

 

Sorry for the direct approach.. A quick question again, if I may.

 

I'm trying to find the Avg. Disk sec/Write and Avg. Disk sec/Read on disks in azure using log analytics, but I keep getting errors. 

 

I tried modifying your query to the one below:

 

Perf
| where TimeGenerated > ago(7d)
| where ObjectName == "LogicalDisk" and CounterName == "Avg. Disk sec/Write"
| summarize (TimeGenerated, Avg_Disk_Write)=arg_max(TimeGenerated, CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":";
let Avg_Disk_Write=
Perf
| where TimeGenerated > ago(7d)
| where ObjectName == "LogicalDisk" and CounterName == "Avg. Disk sec/Read"
| summarize (TimeGenerated, Avg_Disk_Read)=arg_max(TimeGenerated, CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":";
Avg_Disk_Read
| join (
   disk_free_MB
) on Computer, InstanceName
| project Computer, InstanceName, Avg_Disk_Write, Avg_Disk_Read

 

I then tried

 

Perf | where ObjectName == "Capacity and Performance" and (CounterName == "VHD Reads/s" or CounterName == "VHD Writes/s") | summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 7d), CounterName, InstanceName

 

None of which have helped, I was hoping you could point me in the right direction...

 

I'm trying to understand the IOPS for disks.

 

Hope you don't mind me contacting you directly, if you'd like me to raise it as a seperate question, please let me know..

 

Thanks

Gin

 

 

 

Hey Gin,

Try this query.

 

HTH,

Noa

Hi Noa

 

Can you please help me with query for the vm names starting with " ZEXXXXX0000- 

  1. Memory utilization average for a cloud environment/subscriptions over a period of 30 days.
  2. C:\ and all data drives utilization over a period of 30 days.

Thanks

Satish

Hi Satish,

Please try to post new questions as new posts, it will help us understand the real subject, and other users can perhaps find it useful too.

To your questions,

1. Here's an example for calculating the average free memory over the last 30 days. Note that we don't query an entire subscription, we query a workspace:

Perf
| where TimeGenerated > ago(30d) 
| where Computer startswith "Contoso"
| where ObjectName == "Memory" and 
  (CounterName == "Available MBytes Memory" or // the name used in Linux records
  CounterName == "Available MBytes")          // the name used in Windows records
// calculate the average free memory for each computer
| summarize avg_free_memory=avg(CounterValue) by Computer

2. Free disk space:

Perf
| where TimeGenerated > ago(30d)
| where ObjectName == "LogicalDisk" or  // the object name used in Windows records
  ObjectName == "Logical Disk"          // the object name used in Linux records
| where CounterName == "Free Megabytes"
| summarize avg_free_disk_MB=avg(CounterValue) by Computer, InstanceName

HTH,

Noa

How to check the disk failure in log analytics


@Rajinder Rahul wrote:

Hi

 

I was wondering if I could get some help with Log analytics. New to this so bear with me.

 

I'm trying to create a query that will provide informtaion on disk utilisation in Azure. I've gottwo commands (below), however I'm not able to merge them as I would like one query which gives me % free space, overall size of disk, name of vm and name of disk. Anything else I can get in terms of disk usage would be great, not overly concerned with IOPs at the moment.

 

The commands are:

Thsi proivides info on free space: 

search ObjectName == "LogicalDisk" and CounterName == "% Free Space"

 

This one provides information on free Mb remaining.

search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes"

 

I have tried this which helps, but again information is quite limited

search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes" and TimeGenerated > ago(1d)
| summarize FreeSpace = min(CounterValue) by Computer, InstanceName
| where strlen(InstanceName) ==2 and InstanceName contains ":"

 

Thanks in advance :)