cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

AzureDiagnostics log management

Régis Baccaro
Microsoft

‎Jan 23 2018 09:48 AM - last edited on ‎Apr 07 2022 04:52 PM by

‎Jan 23 2018 09:48 AM - last edited on ‎Apr 07 2022 04:52 PM by

AzureDiagnostics log management

Hi,

I am running the following query 

AzureDiagnostics
| summarize count(CallerIPAddress) by HttpMethod_s , bin(TimeGenerated, 2m)
that gives me the type of request grouped by IP Address for a period of time
 
But when I look at the documentation there is no "AzureDiagnostics" log management category. the query works fine though.
 
If I look at the CallerIPAddress column it appears AzureMetrics, AzureActivity and ReservedCommonFields but there is no HttpMethod_s there.
 
So my question is : Is there a documented to get activity grouped by HttpMethods and CallerIPAddresses ?
 
Thanks
Regis
Labels:
5,531 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Jan 23 2018 11:33 PM

‎Jan 23 2018 11:33 PM

Solution

Re: AzureDiagnostics log management

Hi

AzureActivity table contains the azure activity log if you have configure it to be send to Log Analytics. This log does contain HTTP methods but only for certain operations so basically your Activity log needs to have such operations. HTTP method in AzureActivity table is located in json object called HTTPRequest. Inside the json object you have a few fields one of which is method. So in your case the query will look like this:

 

AzureActivity
| summarize count(CallerIpAddress) by tostring(parsejson(HTTPRequest).method) , bin(TimeGenerated, 2m)

AzureDiagnostics table can contain diagnostics logs from multiple azure services. For a full list of supported services see here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-diagnostic-logs-schema . Of course with this log you will have to configure the resources you have to send the logs to Log Analytics.

The situation is the same with AzureMetrics table. See https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics 

So both of these tables will depend on what services you've configured to send logs to Log Analytics. If any of the services does not have HttpMethod field than such will not be present in Log Analytics.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Jan 23 2018 11:33 PM

‎Jan 23 2018 11:33 PM

Solution

Re: AzureDiagnostics log management

Hi

AzureActivity table contains the azure activity log if you have configure it to be send to Log Analytics. This log does contain HTTP methods but only for certain operations so basically your Activity log needs to have such operations. HTTP method in AzureActivity table is located in json object called HTTPRequest. Inside the json object you have a few fields one of which is method. So in your case the query will look like this:

 

AzureActivity
| summarize count(CallerIpAddress) by tostring(parsejson(HTTPRequest).method) , bin(TimeGenerated, 2m)

AzureDiagnostics table can contain diagnostics logs from multiple azure services. For a full list of supported services see here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-diagnostic-logs-schema . Of course with this log you will have to configure the resources you have to send the logs to Log Analytics.

The situation is the same with AzureMetrics table. See https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics 

So both of these tables will depend on what services you've configured to send logs to Log Analytics. If any of the services does not have HttpMethod field than such will not be present in Log Analytics.

View solution in original post

0 Likes
Reply