Working with Azure Storage diagnostic logs in Analytics Log Work-space
Published Oct 25 2019 04:47 AM 5,906 Views

Log Analytics is an Azure service that collects telemetry and other data from a various sources and provide a query language for advanced analytics. After you post logging data to Log Analytics workspace with HTTP Data Collector API, you are able to query logs for troubleshooting, visualize the data for monitoring, or even create alerts based on log search.


Steps 1: Create Log Analytic Workspace


Work space got created



Step 2:  Load the logs from Storage Analytic logs( from $Log) folder to analytical workspace using below script.


Please make sure, you change the following values in the script before executing.


# - $ResourceGroup

# - $StorageAccountName

# - $CustomerId

# - $SharedKey

# - $LogType

# - Please create a  file with the name Log.txt in your D drive and update the below path in the script.

$filename = "D:\Log\Log.txt"



You can find more details on this script here

Step 3:

Once you run the script, you will get below output, which indicates that logs are being posted to Log analytics.









Common Queries



| limit 50



| sort by request_start_time_t asc //Sorting


//Use Wild cards using "*"


search in (Apsarnewlog_CL ) "*Tiger*" //The search command is typically used to search a specific term. In the following example, all columns in all tables are scanned for the term Tiger:


search in (Apsarnewlog_CL) request_url_s:"*Tiger*" // By default, search will evaluate all columns in the data set. To search only a specific column {request_url_s}, use this syntax:


search in (Apsarnewlog_CL) "container2" and ("Sucess" or "200") //If you have multiple search conditions, you can combine them into the same query using parentheses:

| take 100


Apsarnewlog_CL // Use project to select specific columns to include in the results:

| top 10 by client_request_id_s

| project TimeGenerated, request_url_s , operation_type_s



Apsarnewlog_CL //Summarize: aggregate groups of rows

| where TimeGenerated > ago(1h)

| summarize count() by operation_type_s






| where request_start_time_t > ago(1d)

| summarize count() by tostring( requester_ip_address_s), operation_type_s, bin(request_start_time_t, 1h)


Version history
Last update:
‎Oct 25 2019 04:52 AM
Updated by: