FYI - Log Search editor is becoming multi-line
With the new query language available in Log Search, we notice user queries develop and no longer fit into just one line. To accommodate longer queries we decided to make log search a multi-line editing area: so a few things have changed: Run - to run the query, click the Search icon or use the keyboard shortcut Shift+Enter. Enter no longer runs the query, as it's now a valid character you can use as part of a query, to add lines and make it more readable. Resize - the editing area start off with 5 lines. You can drag the bottom border to adjust the text area size to your needs. Intellisense - as you type, Intellisense suggestions appear beneath the editing area. To reach the suggestions area, click Tab. If the cursor is on the last row of your query, the ↓ key will also take you there. Once you've found the best suggestion, click Enter to accept it and continue editing. Note - If you're also using the Advanced Analytics portal, you might be used to separate queries by adding new lines or marking only parts of the text to be run. Log search does not support that behavior - here your entire text is considered a single query, that is always run in its entirety. We hope you'll find it as cool as we do. Let us know what you think and how we can further improve your experience. - Noa Kuperberg
Adding "prefer" returns zero results
Hello, Based on this method: https://dev.loganalytics.io/reference/post-query I'm adding a query param, "prefer", with value of "maxoutputcolumns=3000", but really, any value set on this query param caused the same behavior (even the value in the example) - a search query performed without the "prefer" http query has results, when the same search query is with the "prefer" http query no results. Please assistAzure Log Analytics workspace upgrades are in progress
If you’re currently using Azure Log Analytics to monitor your environments for availability and performance, we’re rolling out new enhancements and changes for Log Analytics that you should be aware of. Including the new and improved query language, so that you can take appropriate action, if necessary. To take advantage of these enhancements, you’ll need to upgrade your workspaces. The upgrade is currently available in these regions: WCUS, SEAU, SEA, WEU, EJP, SUK, CID and CCAN. The upgrade process converts all saved searches, alerts, and views to the new query language. About 50 percent of all Azure Log Analytics workspaces have been upgraded by now, and thousands of customers are enjoying the simple yet powerful query language. Read about it in the Azure blog.
Log Analytics / Sentinel - Dictionary of Solutions, Schemas and Variables
Hi Team, does anyone know of a good centralised repository (like a dictionary) of Azure Solutions mapped to their Log Schemas, and a definition of the fields within each? For example, if you take a look at the following LA workspace logs: We'd like the full list of potentially available sources, with a mapping to which component provides / feeds into each one of these logs, and a clear explanation of the fields within each of these. Thanks
