Introducing Log Analytics Find In Table queries
Published Jul 10 2022 01:39 AM 7,677 Views
Microsoft

Intro

Log Analytics is a powerful tool to query your logs and gain insights from the abundance of data stored in them.

Sometimes, getting started with a query might be a challenge - especially for new users who are not yet familiar with our data structure and are not yet KQL fluent.

To assist users with their first steps in log exploration, we've introduced several tools, including built-in Example Queries and Query Packs, both designed to allow users to start their exploration with pre-built, curated queries.

Today we are happy to introduce another powerful way to start your log exploration - Find In Table.

 

Find In Table

Find In Table is a new type of example query designed to enable searching a specific term in a table right from the query dialog screen.

Currently, Find In Table is available for Kubernetes Services and Azure Key Vault resources only.

To access Find In Table, go to your Kubernetes Services or Azure Key Vault resource, select Logs, and select Find In Table on the Queries dialog:

Getting to Find In Table.gif

 

To start searching, select the table you want to search in, type the string you want to search, and select Run.

In this example, I'm searching for the 8e389a3c-d8b1-4a26-9465-132aa64d93d9 ID in the Heartbeat table:

Using Find In Table.gif

 

Log Analytics searches for the string in all of the table's columns.

In this example, we found the string in the SourceComputerID column.

Note: Leaving the string field empty runs the query with no search value, and Log Analytics returns a 1000 records from the table.

 

Advanced use of Find In Table:

Find In Table uses a parameterized query to perform the search. This query is a great way to start your log exploration.

Extend and modify the query created to filter and hone in on the result set you need.

You can also use Find In Table with our new result set grid capabilities to achieve a KQL-less point and click exploration experience.

 

Summary and feedback:

We hope you enjoy this new addition to Log Analytics.

Want to see Find In Table for more resource types? Have thoughts and comments about the feature? Please let us know what you think by commenting on this blog or using our feedback feature in Log Analytics.

Simply click the Feedback button and share your thoughts: 

Feedback.png

Co-Authors
Version history
Last update:
‎Jul 10 2022 01:46 AM
Updated by: