Log Analytics Data Dictionary

%3CLINGO-SUB%20id%3D%22lingo-sub-207521%22%20slang%3D%22en-US%22%3ELog%20Analytics%20Data%20Dictionary%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-207521%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20list%20the%20tables%20eg%20(Alert%2C%20Event%2C%20Perf%2C%20...)%20as%20you%20would%20with%20a%20relational%20database%20by%20querying%20a%20data%20dictionary%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-207521%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212817%22%20slang%3D%22en-US%22%3ERE%3A%20Log%20Analytics%20Data%20Dictionary%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212817%22%20slang%3D%22en-US%22%3Esearch%20*%20%7C%20distinct%20%24table%20will%20return%20all%20the%20tables%20you%20have%20available.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212224%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20Data%20Dictionary%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212224%22%20slang%3D%22en-US%22%3EHere%20is%20another%20method%20to%20see%20all%20data%20types%20and%20how%20many%20records%20in%20each%3A%20%3CBR%20%2F%3E%3CBR%20%2F%3Esearch%20*%20%7C%20summarize%20count()%20by%20%24table%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-207740%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20Data%20Dictionary%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-207740%22%20slang%3D%22en-US%22%3E%3CP%3EA%20command%20like%20that%20does%20not%20today%20exist%2C%20but%20is%20fairly%20easy%20to%20replicate%20with%20the%20following%20(somewhat%20computationally%20expensive)%20query%3A%3C%2FP%3E%0A%3CPRE%3Eunion%20withsource%3DtblName%20*%20%0A%7C%20distinct%20tblName%3C%2FPRE%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3E-Evgeny%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Visitor

Is there a way to list the tables eg (Alert, Event, Perf, ...) as you would with a relational database by querying a data dictionary?

3 Replies
Highlighted

A command like that does not today exist, but is fairly easy to replicate with the following (somewhat computationally expensive) query:

union withsource=tblName * 
| distinct tblName

Thanks,

-Evgeny

Highlighted
Here is another method to see all data types and how many records in each:

search * | summarize count() by $table
Highlighted
search * | distinct $table will return all the tables you have available.