User Profile
Stanislav_Zhelyazkov
MVP
Joined 10 years ago
User Widgets
Recent Discussions
Re: Log Analytics Workspace - error : Access to the subscription was lost.
Use diagnostic settings on subscription level to send Activity Logs to Log Analytics. Remove the legacy way that is available from the workspace blade. The legacy is set to be deprecated. https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log4.5KViews1like2CommentsBlog Post: Aggregate on More Than One Column for Azure Log Search Alerts
Log Analytics alerts aka Azure Log Search Alerts allows you to create a single alert and trigger alert instances per a column. This is possible by creating metric measurement alert. Unfortunately these types of alerts also have a limitation which might be blocking in certain situation. The classical example for that limitation is to create a single alert that will separate instance for free disk space threshold for each computer and disk. Read the full blog post here.1KViews0likes0CommentsBlog Post: Top 10 Charts in Azure Log Analytics and Application Insights
I've written blog post that I think it might be interested for the audience here: I’ve recently stumbled on forum question asking for chart that list only the top 10 resources or computers. Such chart is of course used a lot in performance metrics where for example you want to get the top 10 computers with CPU usage and list them in time chart. Check the full blog post here.2.4KViews2likes0Comments[Blog Post] Find if You Are Using Only TLS 1.2 Protocol with Log Analytics
I have a new article on how you can tackle this problem with Log Analytics and of course the query used is a very good example on transforming data. https://cloudadministrator.wordpress.com/2017/11/14/find-if-you-are-using-only-tls-1-2-protocol-with-log-analytics/4.1KViews0likes0CommentsRe: Help understanding Processor counters
Dante Nahuel Ciai Not sure if I can explain it better than the Kusto article or Wikipedia( https://en.wikipedia.org/wiki/Percentile#The_Nearest_Rank_method) but I can give you example where this is used a lot. It is used in measuring latency for web sites as there the average is not so important. Instead there you use percentile as you would want 95% of the customers to not experience high latency. Overall your explanation is also correct. You can use bin which will slice the data into time bins but really depends depends on the bins. Overall I do not think max is suitable for processor time. For example let's say that every hour you have the CPU going to 100 % for a second. If you slice your data to bins of 1 hour and calculate the maximum you will get that the CPU had maximum of 100% every hour but does that brings you any insights that you VM is not performing well?3.9KViews0likes0CommentsRe: Help understanding Processor counters
HiDante Nahuel Ciai The right query will be: Perf | where CounterName =~ '% Processor Time' and ObjectName =~ 'Processor' and InstanceName =~ '_Total' | summarize AggregatedValue = avg(CounterValue) by _ResourceId or if you have on-premises VMs Perf | where CounterName =~ '% Processor Time' and ObjectName =~ 'Processor' and InstanceName =~ '_Total' | summarize AggregatedValue = avg(CounterValue) by Computer Basically you only need _Total values for the counter. Besides average you can also use percentile() . I am not sure how max() will work for you as you can have a VM that once had for a second CPU at 100% and then all the time it was as low as 1%. Overall it depends on your logic and what kind of analysis you want to do.4KViews0likes2CommentsRe: Azure monitoring alerts
HiArslan11 This is not possible out of the box as alerts has time window of maximum 24 hours. You can potentially make your own automation by using one of these: - Azure Automation - Logic App - Azure Function In any of these services you can write runbook/script/workflow that performs the following actions - Logins to Azure - Executes a query that gets the free disk space for the day before - Executes a query that gets the free disk space for the current day - Make comparison of the results and based on them configure some other automation like e-mail or something else.1.3KViews0likes0CommentsRe: Not getting PostgreSQL Logs into Log Analytics
HiJK_UK One thing to make sure which you probably did is that you need the instance to be General Purpose or Memory Optimized SKU. In the blade of the PostgreSQL instance you should have Logs option on the left menu. That logs option allows you to query Log Analytics directly and any query you enter will automatically be scoped only to the logs that are generated by the PostgreSQL instance of the blade. With diagnostic logs you have to keep in mind that these become available in AzureDiagnostics table only when such log is generated. If such log is not generated you might see the table empty for your PostrgeSQL instance until log is generated. In case you are logging only errors and warnings you might want to set the minimum log level on the PostgreSQL instance so you generate more log levels.2.6KViews1like0CommentsRe: Monitor Only "Automatic" Windows Services
zarchi There is no such limitation. If there is it must be in the portal only experience. To a single workspace and automation account with change tracking enabled you can onboard VMs from multiple subscriptions under the same tenant. If you want to onboard VMs in other tenants you have to onboard them like they are on-premises VMs. I would strongly suggest using automation account and workspace per tenant rather onboarding multiple tenants to the same workspace and automation account. Especially of the tenants are different customers.3.4KViews2likes3CommentsRe: Monitor Only "Automatic" Windows Services
Hizarchi , This is possible. Example query: ConfigurationChange | where ConfigChangeType =~ 'WindowsServices' and ChangeCategory =~ 'Modified' and SvcChangeType =~ 'State' and SvcState =~ 'Stopped' and SvcStartupType =~ 'Auto' | extend AggregatedValue = 1 | summarize arg_max(TimeGenerated, *) by _ResourceId, SvcDisplayName, bin(TimeGenerated, 5m) You can read more about the query I am using on my blog post. You need to set the alert on Metric measurement, greater than, threshold value 0, total breaches greater than 0. Period 5 mins, frequency 5 minutes. Aggregate on: select _ResourceId and SvcDisplayName. Usually Aggregate on is not available when you create alerts via portal so it is best to create it via ARM Template as I have shown in my blog post. My Advise is to always scope to specific services names as I have shown in my blog post and not to monitor all Automatic services. There are some automatic services that start and stop on certain periods which will generate a lot of false positives and noise.3.5KViews1like5CommentsRe: How to delete a stale alert in Log analytics?
HiAshok42 , I have never had such problem. Once the alert is deleted (no matter if previously was enabled or disabled) it will stop working. May be double check if there is another alert that is doing this or if you are still receiving delayed notifications from the time the alert was still deployed. In case you still have the case you are describing best is to raise official support ticket to Microsoft as if the resource is not available but still working is some kind of bug they can resolve only.6KViews1like1CommentRe: Unable to enable Update Management
PatrikHansson Hi, Yes Update Management can be deployed in certain regions only. You can onboard though any Azure VM (not matter the region) to Update Management solution even if they are in different regions. Best is once you have deployed Update Management to go to the Automation account blade of where Update Management is deployed and from there you have Update Management blade. From that blade you can onboard any Azure VM in your tenant.6.1KViews0likes4Comments
Recent Blog Articles
No content to show