May 28 2018
12:40 PM
- last edited on
Apr 07 2022
05:10 PM
by
TechCommunityAP
May 28 2018
12:40 PM
- last edited on
Apr 07 2022
05:10 PM
by
TechCommunityAP
Hi,
Can anyone help out a starting log analytics rookie?
I am trying to troubleshoot performance on an Application Gateway and noticed a specific IP has a high amount of hits compared to the others (factor 10000).
I want to filter out all requests for that specific IP address and set on a timeline how many requests have been send by this IP in time so I cancorrelate traffic originating from that IP with the performance issues we experienced.
What I already have is quite limited:
search in (AzureDiagnostics) ResourceType == "APPLICATIONGATEWAYS" and Resource == "mygateway"
| where clientIP_s == "1.1.1.1"
| render timechart
Thanks for your feedback!
Bart
May 30 2018 01:21 PM
SolutionHi Bart,
If I understand your question correctly, you're looking for the bin() command. I've also cleaned up the rest of your query to be more performant. Try to avoid "search" whenever possible to improve your query times; in this case, since you know the table name and column names where your data is, filter by them directly.
AzureDiagnostics | where ResourceType == "APPLICATIONGATEWAYS" and Resource == "mygateway" | where clientIP_s == "1.1.1.1" | summarize count() by bin(TimeGenerated, 1h) | render timechart
Note that while I'm using "1h" here as the size of bucket which you want to examine, I could just as easily say "2m" (2 minute buckets), "30s" (30 seconds), etc.
Thanks,
-Evgeny
May 31 2018 10:57 AM
Wonderful!
This indeed returns the information that I'm looking for
Thanks,
Regards,
Bart
May 30 2018 01:21 PM
SolutionHi Bart,
If I understand your question correctly, you're looking for the bin() command. I've also cleaned up the rest of your query to be more performant. Try to avoid "search" whenever possible to improve your query times; in this case, since you know the table name and column names where your data is, filter by them directly.
AzureDiagnostics | where ResourceType == "APPLICATIONGATEWAYS" and Resource == "mygateway" | where clientIP_s == "1.1.1.1" | summarize count() by bin(TimeGenerated, 1h) | render timechart
Note that while I'm using "1h" here as the size of bucket which you want to examine, I could just as easily say "2m" (2 minute buckets), "30s" (30 seconds), etc.
Thanks,
-Evgeny