How to query azure load balancer logs

%3CLINGO-SUB%20id%3D%22lingo-sub-203517%22%20slang%3D%22en-US%22%3EHow%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203517%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20an%20Azure%20Load%20Balancer%2C%20I%20have%20gone%20into%20the%20Load%20Balancer%20resource%2C%20Diagnostics%20logs%20and%20ticked%20'Send%20to%20Log%20Analytics'%20and%20set%20to%20my%20Azure%20Log%20Analytics%20OMS%20Workspace.%3C%2FP%3E%3CP%3EBut%20when%20I%20go%20into%20the%20Log%20Analytics%20and%20run%3A%3C%2FP%3E%3CPRE%3EAzureDiagnostics%20%3CBR%20%2F%3E%7C%20where%20Category%20%3D%3D%20%22LoadBalancerProbeHealthStatus%22%20and%20TimeGenerated%20%26gt%3B%20ago(3d)%20%3CBR%20%2F%3E%7C%20project%20ResourceGroup%2C%20Resource%2C%20TimeGenerated%2C%20port_d%2C%20totalDipCount_d%2C%20dipDownCount_d%2C%20healthPercentage_d%3C%2FPRE%3E%3CP%3EI%20don't%20get%20any%20results%2C%20can%20anyone%20help%20my%20understand%20how%20to%20make%20this%20work%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-203517%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-265960%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-265960%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20enabled%20Diagnostics%20for%20a%20public%20load%20balancer%20and%20able%20to%20see%20the%20logs%20of%20the%20probe%20health%20in%20App%20Insights%20and%20get%20email%20notifications%20by%20using%20Monitors.%26nbsp%3B%3CBR%20%2F%3EQuery%20%3A%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EAzureDiagnostics%20%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20Category%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22LoadBalancerProbeHealthStatus%22%3C%2FSPAN%3E%20%3CSPAN%3Eand%3C%2FSPAN%3E%3CSPAN%3E%20TimeGenerated%20%26gt%3B%20ago(%3C%2FSPAN%3E%3CSPAN%3E3%3C%2FSPAN%3E%3CSPAN%3Ed)%20%3C%2FSPAN%3E%3CSPAN%3Eand%3C%2FSPAN%3E%3CSPAN%3E%20healthPercentage_d%20%26lt%3B%20%3C%2FSPAN%3E%3CSPAN%3E100%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Eproject%3C%2FSPAN%3E%3CSPAN%3E%20ResourceGroup%2C%20Resource%2C%20TimeGenerated%2C%20port_d%2C%20totalDipCount_d%2C%20dipDownCount_d%2C%20healthPercentage_d%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E(or)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EAzureDiagnostics%20%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20Category%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E'LoadBalancerProbeHealthStatus'%3C%2FSPAN%3E%3CSPAN%3E%20%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20healthPercentage_d%20!%3D%20(%3C%2FSPAN%3E%3CSPAN%3E100%3C%2FSPAN%3E%3CSPAN%3E)%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EThanks%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EAnuraag%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214883%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214883%22%20slang%3D%22en-US%22%3E%3CP%3ERaise%20a%20case%20with%20azure%2C%20its%20a%20problem%20at%20their%20end%2C%20the%20latest%20update%20I%20got%20from%20them%20on%20Tuesday%2010th%20July%20is%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EFrom%20Azure%20Networking%20there%20are%20no%20logs%20that%20we%20can%20use%20to%20see%20why%20the%20connection%20between%20SLB%20and%20Azure%20Insights%20fails.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EAzure%20Insights%20is%20responsible%20for%20gathering%20the%20logs%20from%20Azure%20SLB.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EWe%20are%20waiting%20for%20Azure%20Insights%20team%20to%20verify%20what%20is%20going%20on%20between%20those%202%20Azure%20modules.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EI%20will%20keep%20you%20posted%20with%20our%20progress.%3C%2FEM%3E%3C%2FP%3E%3CP%3ESo%20if%20you%20could%20also%20raise%20a%20case%2C%20gives%20them%20more%20reason%20to%20get%20it%20fixed%20if%20theres%20more%20customers%20waiting%20for%20it%20to%20be%20fixed...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214854%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214854%22%20slang%3D%22en-US%22%3E%3CP%3ECome%20up%20against%20the%20same%20issue%20this%20morning.%20Did%20you%20get%20anywhere%20with%20yours%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-204195%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-204195%22%20slang%3D%22en-US%22%3E%3CP%3EThats%20odd's%20because%20I%20can%20see%26nbsp%3B%3CSPAN%3Eazurediagnostics%20and%20it%20has%20that%20category%2C%20I%20have%20raised%20a%20case%20with%20Azure%20now%20to%20see%20if%20they%20can%20assist%20and%20will%20update%20this%20post%20as%20things%20progress.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-204157%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-204157%22%20slang%3D%22en-US%22%3E%3CP%3Ewell%20James%20I%20dont%20see%20any%20such%20table%20with%20name%20azurediagnostics%2C%20can%20you%20just%20query%20the%20tables%20one%20by%20one%20and%20check%20which%20one%20contains%20the%20category%20you%20are%20looking%20for%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203755%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203755%22%20slang%3D%22en-US%22%3E%3CP%3ERunning%20the%20following%20does%20not%20return%20any%20results.%3C%2FP%3E%3CP%3EI%20do%20not%20want%20the%20heartbeat%20of%20the%20individual%20VM's%2C%20I%20want%20to%20know%20the%20Health%20Probe%20for%20the%20load%20balancer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CPRE%3E%3CSPAN%3EHeartbeat%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20Category%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22LoadBalancerProbeHealthStatus%22%3C%2FSPAN%3E%3C%2FPRE%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203675%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20query%20azure%20load%20balancer%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203675%22%20slang%3D%22en-US%22%3E%3CP%3Eyou%20should%20run%20the%20query%20against%20heartbeat%20table%20in%20the%20OMS%20workspace%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I have an Azure Load Balancer, I have gone into the Load Balancer resource, Diagnostics logs and ticked 'Send to Log Analytics' and set to my Azure Log Analytics OMS Workspace.

But when I go into the Log Analytics and run:

AzureDiagnostics 
| where Category == "LoadBalancerProbeHealthStatus" and TimeGenerated > ago(3d)
| project ResourceGroup, Resource, TimeGenerated, port_d, totalDipCount_d, dipDownCount_d, healthPercentage_d

I don't get any results, can anyone help my understand how to make this work?

7 Replies
Highlighted

you should run the query against heartbeat table in the OMS workspace

Highlighted

Running the following does not return any results.

I do not want the heartbeat of the individual VM's, I want to know the Health Probe for the load balancer.

 

Heartbeat
| where Category == "LoadBalancerProbeHealthStatus"
Highlighted

well James I dont see any such table with name azurediagnostics, can you just query the tables one by one and check which one contains the category you are looking for

Highlighted

Thats odd's because I can see azurediagnostics and it has that category, I have raised a case with Azure now to see if they can assist and will update this post as things progress.

Highlighted

Come up against the same issue this morning. Did you get anywhere with yours?

Highlighted

Raise a case with azure, its a problem at their end, the latest update I got from them on Tuesday 10th July is: 

From Azure Networking there are no logs that we can use to see why the connection between SLB and Azure Insights fails.

Azure Insights is responsible for gathering the logs from Azure SLB.

We are waiting for Azure Insights team to verify what is going on between those 2 Azure modules.

I will keep you posted with our progress.

So if you could also raise a case, gives them more reason to get it fixed if theres more customers waiting for it to be fixed...

Highlighted

I have enabled Diagnostics for a public load balancer and able to see the logs of the probe health in App Insights and get email notifications by using Monitors. 
Query : 

AzureDiagnostics
| where Category == "LoadBalancerProbeHealthStatus" and TimeGenerated > ago(3d) and healthPercentage_d < 100
| project ResourceGroup, Resource, TimeGenerated, port_d, totalDipCount_d, dipDownCount_d, healthPercentage_d
 
(or)
AzureDiagnostics | where Category == 'LoadBalancerProbeHealthStatus' | where healthPercentage_d != (100)
 
 
Thanks,
 
Anuraag