Home

Azure Log Analytics

74 Conversations

Latest Activity

Custom List Message Item

OMS analytics is create, it would me perfect when I can use information from OMS analytics within powershell. Does any one know's how I can combine powershell scripts and OMS analytics data.

233 Views
3 Replies
Best Response confirmed by Pascal Wenders (Occasional Contributor)

I am trying to work with more complex expressions, and scalar function ago() is not behaving as expected. Specifially, this fails,

print ago( 3 * 5min )

throwing sytax error "ago(): argument #1 must be timespan literal"

This works: 

print ago( 15min )

And this

... Read More
151 Views
3 Replies
This has been fixed now...You should be able to use the expressions with ago() and now()
Best Response confirmed by Tim Curwick (MVP)
There was a limitation on ago() and now() with expression. We are working to remove those limitations. Please stay tuned. For now as a workaround you can use something li... Read More

Hello everyone,

I am new to Azure and currently doing security monitoring in azure security center. I have few questions that i would like to ask.

Currently there are syslogs coming in from machines and i am to create rules to fire an alert if it detects se

... Read More
184 Views
2 Replies

Hi Shiva,

 

There is a new capability in Azure Security Center to turn every log query into security alert. See documentation here: https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert

... Read More

I will forward this to one of the experts in this area

Is there a SPlunk Tstats equivalent in Azure Log Analytics?

128 Views
1 Reply

Hi

 

I am trying to create Computer Groups in OMS using tags associated with my virtual machines. We are planning to put tags on Virtual Machines which will identify under which maintenance cycle, the VMs will be updated.

 

Is there a way to read tags in Log

... Read More
115 Views
1 Reply

Hi and thanks for reporting! @Noa Kuperberg to get the fix in to both the tutorial and the diffpatterns doc page.

 

The synthax has changed to diffpatterns_v2. For exampl

... Read More

Hi,

 

I am trying and I do not find how to execute more than one query in one script. I want to do this in order to parametrize some analysis.

 

Can I execute more than one query in one script?

 

Thank you,

Read More
100 Views
3 Replies
API / Powershell cmdlets information at http://dev.loganalytics.io/
For that I would use API or PowerShell Cmdlets. You can also use saved Functions. Can you elaborate with an example ?

Is anyone at Microsoft or anywhere else working on a custom NLog target for write log messages to the OMS data collector API?

185 Views
1 Reply

At Microsoft we have not considered writing a custom NLog target for the Data Collector API, but if that idea were to gain enough traction on the Log Analytics UserVoice page

... Read More

SLA on indexing log data takes up to 6 hours in Log Analytics and alerting gets triggered only within 5 mins of data arrival. Is there any change in it?

110 Views
1 Reply

There is no change in SLA at this time, but we do get majority of the data within minutes.

Following the multiple dimensions documentation example it says

Multiple expressions in the by clause creates multiple rows, one for each combination of values.

I want to query their sample database for networks bytes Send and Received per each computer. St

... Read More
190 Views
2 Replies

Can you please share how did you achieve this in the v1 version ?

Not as clean as I would like but I have figured out that a string concatenation would do the trick

 

Perf
| where (CounterName == "Bytes Received/sec" or CounterName == "Byt
... Read More

Using the new OMS Log Analytics query language, how do I get a scalar value out of a table?

That is, what is the equivalent of this TSQL query, presuming Table1 has a single row:

Select @ScalarVar = Column1 from Table1

 

163 Views
5 Replies
Hi I am not very familiar with SQL but I think you are probably are looking for let statement: https://docs.loganalytics.io/docs/Language-Reference/Query-statements/Let-statement Read More

The query language needs a unique, searchable name.

We need a way to refer to the query language and to share content with the community.

As my skills with the query language grows, I can write lots of blog articles to help others with their search for help

... Read More
532 Views
2 Replies

Thanks for the recommendation, Tim! Completely agree with your sentiment.

 

For those who aren't aware, "Kusto" is the internal-MS codename for the data platform on which

... Read More

Hi, we are exporting all Activity Logs (from all subscriptions) to a separate storage account. There they are stored as json files. How can I query the files for special events with powershell? Are there any apps in the store for this? Can I query it with

... Read More
137 Views
1 Reply
Hi You can configure you Azure Activity Logs to be send directly to Log Analytics (part of OMS). From there using the new query language you can perform many functions to... Read More
Best Response confirmed by Stanislav Zhelyazkov (MVP)

Hello,

Is it possible to authenticate with client credentials to access the log analytics API?
I've been following the steps on https://dev.loganalytics.io/documentation/Authorization and both the explicit and the implicit flow is working fine to retrieve a

... Read More
363 Views
5 Replies

(original reply replaced with resolution)

 

Hi Johan, 

 

For the direct URL https://api.loganalytics.io, we will not currently be able to   we now support client credenti

... Read More

I'm currently getting "Disk Reads/sec" and "Disk Writes/sec" from the windows performance counters and pulling them into OMS.

 

If I use the Advanced Editor, the timechart I generate looks great as it begins at the start of my data. When I take the same que

... Read More
425 Views
7 Replies

1) When you say "pulling into OMS" - Do you mean the Log Search page in OMS or the View Designer or overview tile.

2) By Advanced Editor do you mean Advanced Analytics po

... Read More

My guess is you're overloading your chart with too much data.  I just tried it out, and increasing the bin size seems to correct it.  1sec is pretty extreme anyway for a

... Read More
Best Response confirmed by Ketan Ghelani (Microsoft)

I'm trying out the Application Insights Connector in OMS and noticed that queries that worked in the Application Insights Analytics searches don't seem to work in OMS. These queries involve summarizing over custom fields of custom events.

 

What I think I'm

... Read More
328 Views
4 Replies

Hi,

I haven't used the connector myself, but indeed the data structure is not equivalent to that used in Application Insights. Summarizng the data should still be possibl

... Read More

We have a requirement where we should be able to lookup data from an external text file and use it in our filter conditions in the queries.

 

Since we did not see an option to do a lookup, we decided to attach a text file to one of the VMs and create a cust

... Read More
230 Views
6 Replies

For your query specifically it seems like this should work, assuming you have ingested using Custom Logs functioanlity data from Custom Logs into the table User4_CL.

//As

... Read More

Hi,
you can do it quite like you show above. For example, here's how you can query Event logs of computers that also have security events from the last hour:
let computers_

... Read More
Check out the latest version on the one and only free OMS book - Inside the Microsoft Operations Management Suite https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 Read More
186 Views
2 Replies

Looks fantastic Stas, wow! I hope we'll see a new version next year with the new language! I'd be happy to help, let me know if I can contribute in any way.

Hello!
I need to collect memory usage data on several VMs
One way to do so is to enable Guest Monitoring in each VM.
I wanted to know if enabling it would add costs to the subscription.
I also wanted to know if there's any easier way than enabling one by one

... Read More
139 Views
1 Reply

I can't comment on the Guest Monitoring portion (I'll have to research it), but as for OMS...

If you are using the Free Tier of OMS, then there is no cost. You are just li

... Read More

Where's the best place to request suggestions and improvements?

110 Views
2 Replies
Suggestions for the language can be requested here, or in our Log Analytics user voice: https://feedback.azure.com/forums/267889-log-analytics Read More

I'm not able to login to the Andvanced Analytics Portal - stuck at 'Hold on authentication is in progress'. Tried with a several different Log Analytics resources, even ones in different subscriptions. Any ideas?

212 Views
3 Replies
Best Response confirmed by Noa Kuperberg (Microsoft)
Hi Felix, I am not able to reproduce the issue, do you still experience it? One idea is related to permissions (although you should have seen 403 error in that case). Do ... Read More

Docker container is an emerging technology to help developers and devops with easy provisioning and continuous delivery in modern infrastructure. As containers can be ubiquitous in an environment, monitoring is essential. We've developed a monitoring solu

... Read More
298 Views
0 Reply

Azure Log Analytics has been enhanced substantially and now offers an improved search and analytics experience. This includes interactive query language and an advanced analytics portal, both powered by a highly scalable and powerful data store.

 

The que

... Read More
1,051 Views
4 Replies
The links have been fixed.

None of the links seem to work

 

Announcing the new and improved Azure Log Analytics

The Azure Log Analytics service is rolling out an upgrade to existing customers today offering powerful search, smart analytics, and even deeper insights.

Read more here

 

 

Read More
167 Views
0 Reply