Azure Log Analytics

91 Conversations

Latest Activity

Custom List Message Item

SLA on indexing log data takes up to 6 hours in Log Analytics and alerting gets triggered only within 5 mins of data arrival. Is there any change in it?

1 Reply

There is no change in SLA at this time, but we do get majority of the data within minutes.

Following the multiple dimensions documentation example it says

Multiple expressions in the by clause creates multiple rows, one for each combination of values.

I want to query their sample database for networks bytes Send and Received per each computer. St

... Read More
2 Replies

Can you please share how did you achieve this in the v1 version ?

Not as clean as I would like but I have figured out that a string concatenation would do the trick


| where (CounterName == "Bytes Received/sec" or CounterName == "Byt
... Read More

Using the new OMS Log Analytics query language, how do I get a scalar value out of a table?

That is, what is the equivalent of this TSQL query, presuming Table1 has a single row:

Select @ScalarVar = Column1 from Table1


5 Replies
Hi I am not very familiar with SQL but I think you are probably are looking for let statement: https://docs.loganalytics.io/docs/Language-Reference/Query-statements/Let-statement Read More

The query language needs a unique, searchable name.

We need a way to refer to the query language and to share content with the community.

As my skills with the query language grows, I can write lots of blog articles to help others with their search for help

... Read More
2 Replies

Thanks for the recommendation, Tim! Completely agree with your sentiment.


For those who aren't aware, "Kusto" is the internal-MS codename for the data platform on which

... Read More

Hi, we are exporting all Activity Logs (from all subscriptions) to a separate storage account. There they are stored as json files. How can I query the files for special events with powershell? Are there any apps in the store for this? Can I query it with

... Read More
1 Reply
Hi You can configure you Azure Activity Logs to be send directly to Log Analytics (part of OMS). From there using the new query language you can perform many functions to... Read More
Best Response confirmed by Stanislav Zhelyazkov (MVP)


Is it possible to authenticate with client credentials to access the log analytics API?
I've been following the steps on https://dev.loganalytics.io/documentation/Authorization and both the explicit and the implicit flow is working fine to retrieve a

... Read More
5 Replies

(original reply replaced with resolution)


Hi Johan, 


For the direct URL https://api.loganalytics.io, we will not currently be able to   we now support client credenti

... Read More

I'm currently getting "Disk Reads/sec" and "Disk Writes/sec" from the windows performance counters and pulling them into OMS.


If I use the Advanced Editor, the timechart I generate looks great as it begins at the start of my data. When I take the same que

... Read More
7 Replies

1) When you say "pulling into OMS" - Do you mean the Log Search page in OMS or the View Designer or overview tile.

2) By Advanced Editor do you mean Advanced Analytics po

... Read More

My guess is you're overloading your chart with too much data.  I just tried it out, and increasing the bin size seems to correct it.  1sec is pretty extreme anyway for a

... Read More
Best Response confirmed by Ketan Ghelani (Microsoft)

I'm trying out the Application Insights Connector in OMS and noticed that queries that worked in the Application Insights Analytics searches don't seem to work in OMS. These queries involve summarizing over custom fields of custom events.


What I think I'm

... Read More
4 Replies


I haven't used the connector myself, but indeed the data structure is not equivalent to that used in Application Insights. Summarizng the data should still be possibl

... Read More

We have a requirement where we should be able to lookup data from an external text file and use it in our filter conditions in the queries.


Since we did not see an option to do a lookup, we decided to attach a text file to one of the VMs and create a cust

... Read More
6 Replies

For your query specifically it seems like this should work, assuming you have ingested using Custom Logs functioanlity data from Custom Logs into the table User4_CL.


... Read More

you can do it quite like you show above. For example, here's how you can query Event logs of computers that also have security events from the last hour:
let computers_

... Read More
Check out the latest version on the one and only free OMS book - Inside the Microsoft Operations Management Suite https://gallery.technet.microsoft.com/Inside-the-Operations-2928e342 Read More
2 Replies

Looks fantastic Stas, wow! I hope we'll see a new version next year with the new language! I'd be happy to help, let me know if I can contribute in any way.

I need to collect memory usage data on several VMs
One way to do so is to enable Guest Monitoring in each VM.
I wanted to know if enabling it would add costs to the subscription.
I also wanted to know if there's any easier way than enabling one by one

... Read More
1 Reply

I can't comment on the Guest Monitoring portion (I'll have to research it), but as for OMS...

If you are using the Free Tier of OMS, then there is no cost. You are just li

... Read More

Where's the best place to request suggestions and improvements?

2 Replies
Suggestions for the language can be requested here, or in our Log Analytics user voice: https://feedback.azure.com/forums/267889-log-analytics Read More

I'm not able to login to the Andvanced Analytics Portal - stuck at 'Hold on authentication is in progress'. Tried with a several different Log Analytics resources, even ones in different subscriptions. Any ideas?

3 Replies
Best Response confirmed by Noa Kuperberg (Microsoft)
Hi Felix, I am not able to reproduce the issue, do you still experience it? One idea is related to permissions (although you should have seen 403 error in that case). Do ... Read More

Docker container is an emerging technology to help developers and devops with easy provisioning and continuous delivery in modern infrastructure. As containers can be ubiquitous in an environment, monitoring is essential. We've developed a monitoring solu

... Read More
0 Reply

Azure Log Analytics has been enhanced substantially and now offers an improved search and analytics experience. This includes interactive query language and an advanced analytics portal, both powered by a highly scalable and powerful data store.


The que

... Read More
4 Replies
The links have been fixed.

None of the links seem to work


Announcing the new and improved Azure Log Analytics

The Azure Log Analytics service is rolling out an upgrade to existing customers today offering powerful search, smart analytics, and even deeper insights.

Read more here



Read More
0 Reply