How to create new table out of existing table in LA workspace?

Microsoft

I have all my data (from all different operations) in default AzureDiagnostics table.

 

Basically I want to create separate table for different operations.

For Eg:

I want to create 'Agent_Job' table from below query.

AzureDiagostics
| where Category == "Agent" and OperationName == "Job"
I want to create 'Agent_Alert' table from below query.
AzureDiagostics 
| where Category == "Agent" and OperationName == "Alert"
The intention is to create different retention for different such tables.
Is it possible to automate the creation of different table while ingestion of data into
LA?
Could you please give me pointers?
 
 
Thanks.

 

2 Replies

Whilst KQL has the ability to create a table its not surfaced in Log Analytics, look at Azure Data Explorer for that.  

 

You could create an "Agent_Alert" column?

 

AzureDiagnostics
| where Category == "JobLogs" and ResultType == "Completed"
| project Category ,Agent_Alert= ResultType
 
You can create your own table using a Custom Log?
 
Retention (as in how long to retain your data in the Log Analytics workspace) is done at the workspace not the table level.  But it is being looked at https://feedback.azure.com/forums/267889-log-analytics/suggestions/6657533-data-retention-intervals-...
 
 
 

Hi,

Tables can be created on the fly via query but those tables are visible only within the execution of the query not to everyone. You cannot create new tables visible to everyone without using features like data ingestion api, custom logs, etc. Best is to put your queries into saved searches. That is the intention of those.