Log Analytics is an Azure service that collects telemetry and other data from a various sources and provide a query language for advanced analytics. After you post logging data to Log Analytics workspace with HTTP Data Collector API, you are able to query logs for troubleshooting, visualize the data for monitoring, or even create alerts based on log search.
Steps 1: Create Log Analytic Workspace
Work space got created
Step 2: Load the logs from Storage Analytic logs( from $Log) folder to analytical workspace using below script.
Please make sure, you change the following values in the script before executing.
# - $ResourceGroup
# - $StorageAccountName
# - $CustomerId
# - $SharedKey
# - $LogType
# - Please create a file with the name Log.txt in your D drive and update the below path in the script.
$filename = "D:\Log\Log.txt"
You can find more details on this script here
Step 3: |
Once you run the script, you will get below output, which indicates that logs are being posted to Log analytics.
Common Queries
Apsarnewlog_CL | limit 50
Apsarnewlog_CL | sort by request_start_time_t asc //Sorting
//Use Wild cards using "*"
search in (Apsarnewlog_CL ) "*Tiger*" //The search command is typically used to search a specific term. In the following example, all columns in all tables are scanned for the term Tiger:
search in (Apsarnewlog_CL) request_url_s:"*Tiger*" // By default, search will evaluate all columns in the data set. To search only a specific column {request_url_s}, use this syntax:
search in (Apsarnewlog_CL) "container2" and ("Sucess" or "200") //If you have multiple search conditions, you can combine them into the same query using parentheses: | take 100
Apsarnewlog_CL // Use project to select specific columns to include in the results: | top 10 by client_request_id_s | project TimeGenerated, request_url_s , operation_type_s
Apsarnewlog_CL //Summarize: aggregate groups of rows | where TimeGenerated > ago(1h) | summarize count() by operation_type_s
Apsarnewlog_CL | where request_start_time_t > ago(1d) | summarize count() by tostring( requester_ip_address_s), operation_type_s, bin(request_start_time_t, 1h)
|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.