Latest updates to the Log Analytics portal include auto-sorting of results by default, as well as Query Explorer support for renaming and deleting saved items. Query language updates offer several new operators, such as strcmp() to compare strings and row_cumsum() to calculate a cumulative sum of a specific column, across records.
Log Analytics advanced portal enhancements
The Setting menu now includes a View section, exposing two new capabilities. The first is automatic sorting - query results are now sorted by the time field ("TimeGenerated"), by default. However, this setting controls client-side sorting, meaning that queries that yield over 10,000 results may not appear in true order (i.e. sorting is applied only to the displayed results, which are partial and my not be consecutive). In these cases, sorting should be performed on the server, by adding “… | sort by TimeGenerated” to your query.
Another new setting is the preferred number of results shown per page - if 50 results does not meet your needs, you can adjust the table to show up to 200 results per page.
The Query Explorer has also been improved and now shows a context menu next to each saved item, so you can easily rename and delete items.
Query language updates
Some of the interesting functions added recently:
1. hash_sha256() - Returns a sha256 hash value for the input value.
2. row_cumsum() - Calculates the cumulative sum of a column, across records.
3. strcmp() - Compares two strings.
4. stdevif() and varianceif() - Calculate the standard deviation or variance of an expression, across results that satisfy a given condition.