Home

Network Query in OMS Creation

%3CLINGO-SUB%20id%3D%22lingo-sub-167544%22%20slang%3D%22en-US%22%3ENetwork%20Query%20in%20OMS%20Creation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167544%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20There%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20Trying%20to%20create%20a%20Custom%20Network%20query%20for%20Transmitted%20and%20received%20Traffic%20from%20all%20the%20servers%20in%20Azure.%26nbsp%3B%3C%2FP%3E%0A%3CP%3Efrom%20the%20query%20i'm%20getting%20results%2C%20but%20when%20i'm%20creating%20a%20new%20tile%20it's%20doesn't%20show%20anything.%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ealso%2C%20i%20want%20to%20add%20a%20filter%20that%20shows%20traffic%20only%20from%20the%20past%20hour.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3Bi%20used%20this%20-%3C%2FP%3E%0A%3CP%3EPerf%3CBR%20%2F%3E%7C%20where%20ObjectName%20%3D%3D%20%22Network%22%3CBR%20%2F%3E%7C%20where%20(%20CounterName%20%3D%3D%20%22Total%20Bytes%20Transmitted%22%20)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167544%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECustom%20Logs%20and%20Custom%20Fields%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169501%22%20slang%3D%22en-US%22%3ERe%3A%20Network%20Query%20in%20OMS%20Creation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169501%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20Noa%20for%20the%20quick%20response%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ei%20%3CSPAN%3Eeventually%3C%2FSPAN%3E%20used%20this%3A%3C%2FP%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EPerf%20%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20ObjectName%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22Network%20Interface%22%3C%2FSPAN%3E%20%3CSPAN%3Eand%3C%2FSPAN%3E%20%3CSPAN%3E(%3C%2FSPAN%3E%3CSPAN%3E%20CounterName%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22Bytes%20Received%2Fsec%22%3C%2FSPAN%3E%20%3CSPAN%3E)%3C%2FSPAN%3E%20%3CSPAN%3Eand%3C%2FSPAN%3E%3CSPAN%3E%20TimeGenerated%20%26gt%3B%20now%3C%2FSPAN%3E%3CSPAN%3E(%3C%2FSPAN%3E%3CSPAN%3E-%3C%2FSPAN%3E%3CSPAN%3E10%3C%2FSPAN%3E%3CSPAN%3Em%3C%2FSPAN%3E%3CSPAN%3E)%3C%2FSPAN%3E%3CSPAN%3E%20%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%20%3CSPAN%3E(%3C%2FSPAN%3E%3CSPAN%3E%20Computer%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22computername%22%3C%2FSPAN%3E%20%3CSPAN%3Eor%3C%2FSPAN%3E%3CSPAN%3E%20Computer%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22computername%22%3C%2FSPAN%3E%20%3CSPAN%3Eor%3C%2FSPAN%3E%3CSPAN%3E%20Computer%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22computername%22%3C%2FSPAN%3E%20%3CSPAN%3Eor%3C%2FSPAN%3E%3CSPAN%3E%20Computer%20%3D%3D%20%3C%2FSPAN%3E%3CSPAN%3E%22computername%22%3C%2FSPAN%3E%20%3CSPAN%3E)%3C%2FSPAN%3E%3CSPAN%3E%20%7C%20%3C%2FSPAN%3E%3CSPAN%3Esummarize%3C%2FSPAN%3E%3CSPAN%3E%20AggregatedValue%20%3D%20%3C%2FSPAN%3E%3CSPAN%3Ecount%3C%2FSPAN%3E%3CSPAN%3E()%3C%2FSPAN%3E%20%3CSPAN%3Eby%3C%2FSPAN%3E%3CSPAN%3E%20Computer%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3Eand%20i%20received%20this%20results%20in%20the%20tile%20-%20attached.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3Eand%20yes%2C%20issue%20still%20occurs.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3Eif%20i%20use%20your%20counter%20i%20can%20only%20see%201%20VM%20showing%20traffic%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3Ewith%20the%20other%20counter%20%22Bytes%20Received%2Fsec%22%20i%20can%20see%20all%20VM's%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3Ei%20want%20to%20have%20the%20ability%20the%20to%26nbsp%3Bsee%20the%20traffic%20(send%20and%20received)%20with%20sparklines%20and%20not%20with%20dots%20as%20i%20sent%20you%20via%20attachment.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3EThanks!%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168932%22%20slang%3D%22en-US%22%3ERe%3A%20Network%20Query%20in%20OMS%20Creation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168932%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Eldad%2C%3C%2FP%3E%0A%3CP%3EFirst%2C%20here%20are%20two%20(identical)%20filters%20to%20show%20only%20data%20from%20the%20last%20hour%3A%3C%2FP%3E%0A%3CPRE%3EPerf%0A%7C%20where%20TimeGenerated%20%26gt%3B%20now(-1h)%20%0A%7C%20where%20ObjectName%20%3D%3D%20%22Network%22%0A%7C%20where%20(%20CounterName%20%3D%3D%20%22Total%20Bytes%20Transmitted%22)%3C%2FPRE%3E%0A%3CPRE%3EPerf%0A%7C%20where%20TimeGenerated%20%26gt%3B%20ago(1h)%20%0A%7C%20where%20ObjectName%20%3D%3D%20%22Network%22%0A%7C%20where%20(%20CounterName%20%3D%3D%20%22Total%20Bytes%20Transmitted%22)%3C%2FPRE%3E%0A%3CP%3Eyou%20can%20choose%20the%20syntax%20you%20prefer%2C%20the%20meaning%20is%20exactly%20the%20same.%3C%2FP%3E%0A%3CP%3ERegarding%20the%20tile%20not%20showing%20data%20-%20a%20bit%20obscure...%20do%20you%20mean%20a%20View%20Designer%20tile%3F%20does%20the%20problem%20still%20occur%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTH%2C%3C%2FP%3E%0A%3CP%3ENoa%3C%2FP%3E%3C%2FLINGO-BODY%3E
Eldad Somech
New Contributor

Hi There, 

 

I'm Trying to create a Custom Network query for Transmitted and received Traffic from all the servers in Azure. 

from the query i'm getting results, but when i'm creating a new tile it's doesn't show anything. 

also, i want to add a filter that shows traffic only from the past hour. 

Thanks, 

 i used this -

Perf
| where ObjectName == "Network"
| where ( CounterName == "Total Bytes Transmitted" )

 

2 Replies

Hi Eldad,

First, here are two (identical) filters to show only data from the last hour:

Perf
| where TimeGenerated > now(-1h) 
| where ObjectName == "Network"
| where ( CounterName == "Total Bytes Transmitted")
Perf
| where TimeGenerated > ago(1h) 
| where ObjectName == "Network"
| where ( CounterName == "Total Bytes Transmitted")

you can choose the syntax you prefer, the meaning is exactly the same.

Regarding the tile not showing data - a bit obscure... do you mean a View Designer tile? does the problem still occur?

 

HTH,

Noa

Thank you Noa for the quick response :) 

 

i eventually used this:

Perf | where ObjectName == "Network Interface" and ( CounterName == "Bytes Received/sec" ) and TimeGenerated > now(-10m) | where ( Computer == "computername" or Computer == "computername" or Computer == "computername" or Computer == "computername" ) | summarize AggregatedValue = count() by Computer
 
and i received this results in the tile - attached. 
and yes, issue still occurs. 
 
if i use your counter i can only see 1 VM showing traffic 
with the other counter "Bytes Received/sec" i can see all VM's
 
i want to have the ability the to see the traffic (send and received) with sparklines and not with dots as i sent you via attachment. 
 
Thanks! 
Related Conversations
Heartbeat Azure Monitor OMS VMs
Ahmed Atef in Azure Log Analytics on
5 Replies
Computer Groups with new query language?
Sean Tompkins in Azure Log Analytics on
8 Replies
Sorting problem with imported data from query
DenisL in Excel on
5 Replies
OMS DNS Analytics solution discrepancy
Vedran Matica in Azure Log Analytics on
6 Replies
Excel web query DataFormat.Error "not a valid path"
Simon Pearce in Excel on
7 Replies