User Profile
Meir_Mendelovich
MicrosoftJoined 9 years ago
User Widgets
Recent Discussions
Re: CPU Usage
Hi, Here is a query that shows highest average CPU minutes for computer "foo": Perf | where TimeGenerated > ago(1d) | where CounterName == "% Processor Time" and InstanceName == "_Total" | where Computer == "foo" | summarize avg(CounterValue) by bin(TimeGenerated,1m) | top 10 by avg_CounterValue Azure Monitor Logs query example have several examples that also shows CPU data: Deepwater_83Re: Help with making the query work
Arslan11 , It seems to me that the query fail to parse because you were using the wrong double quote character. You used ” instead of " There are many different double quote chars that some keyboards change automatically. Other than the quote chars, I have slightly rewritten your query to make it more readable and easy to maintain: ConfigurationChange | where ConfigChangeType == "WindowsServices" and SvcState == "Stopped" and Computer has_any ("NH-P2PAPP01.networkhg.org.uk","NET-P2PLIVEAPP1.networkhg.org.uk","NET-P2PTESTAPP.networkhg.org.uk") and SvcDisplayName in ("Integra eSeries FINPROD","Integra SPC FINPROD","Integra UAS FINPROD","Integra eSeries FINDEV","Integra SPC FINDEV","Integra UAS FINDEV","Integra eSeries Duet","Integra eSeries SPTDEV","Integra eSeries FINARCH")Re: azure log analytics FileHash
johnadamsp, The FileHash value is coming from the Security Event on that machine. Log Analytics doesn't calculate file hashes. It is usually coming from here: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee844150(v=ws.11) Thanks, Meir 😆Re: Application Gateway Logs not shown in Azure Log Analytics
Hi John, Happy to help. Here are answers to your follow up questions: 1. There is a property called "Tenant" in many tables (e.g. Heartbeat) that include the workspace GUID. We are thinking on providing better tools to map stuff. 2. In the case you are describing, the user will be able to access only logs of resources where he has Read access to. If he has access to a VM, he can read the logs. If he doesn't have access, he won't be able to read the logs even if they are on the same workspace.Re: Application Gateway Logs not shown in Azure Log Analytics
John_McCash , From your description it seems that workspace-context access works and resource-context access doesn't. You can see all details on both here: https://aka.ms/logsaccess The first thing that comes into my mind is the resource access mode. See here and make sure that it is "both". If still not working, please approach me directly: meirm@microsoft.com and I would love to get you up and running. Meir 😆Re: The workspace() expression is now causing syntax errors when its used on Azure Gov CSP
Hi brian_weatherill, We had a breaking change that probably caused this. It was quickly fixed in public instances, it takes a bit more time on isolated instances. Please let me know if the problem linger. Thanks, Meir 😆Re: How to access kusto logs from a different service
Hi, You have many options to integrate the Log data into other systems: 1. You can use the Azure Monitor Logs in Logic Apps to build workflows 2. You can use PowerShell to write scripts: https://docs.microsoft.com/en-us/powershell/module/az.operationalinsights/invoke-azoperationalinsightsquery 3. You can use any REST client as explained here: https://dev.loganalytics.io/ Thanks Meir
