Using KQL queries to dive into dynamic arrays Azure Log Analytics
I'm running this command to break out the dynamic arrays IntuneAuditLogs | where TimeGenerated > ago(7d) | extend propertiesJson = todynamic(Properties) | extend propertiesTargets = todynamic(propertiesJson.Targets) But I have these arrays that appear to have these index numbers and data within them is different between each data type: How would I go about referencing each of these and their subsequent values?
Log analytics 'No Results Found'
Hi I apologize if this is a repeat of what I just posted. I think I originally mistakenly posted to myself Re: azure portal logging - no results found @MarkSteben Hello, I am still trying to get log information from some of the sample queries in log analytics. Here is what I have done so far: Server: server1.database.windows.net (NOT a vm) database within server: db1 1. Within server1.db1: built a diagnostic settings instance a. had my IT department define a storage account workspace and connected that workspace to diagnostic settings. b had my IT department define a log analytics workspace and connected that workspace to diagnostic settings c. Within diagnostic settings I clicked on the following to be logged: (under 'log') - SQLInsights - AutomaticTuning - QueryStoreRuntimeStatistics - QueryStoreWaitStatistics - Errors (the purpose of this effort) - DatabaseWaitStatistics - Timeouts - Blocks - Deadlocks (under 'metric') - basic - InstanceAndAppAdvanced - Workload Management 2. Then in the loganalytics workspace I downloaded and installed Windows Agent (64 bit). This automatically connected my machine to the workspace 3. Also within the loganalytics workspace I ensured that Under Azure Storage my storagte account was connected. (I have NOT yet connected any Data sources (options include Windows Event Logs, Windows Performance Counters, IIS Logs among other options) So when I go back to server1.db1.logs and click on any of the sample queries I get the message NO RESULTS FOUND (0 records matched) Also, my IT department gave me: monitoring contributor permission. Any insights/comments welcomed. Thank you!
Log Analytics Metrics/Counter for Memory & CPU Load
Hi all, I am looking for some of the Azure Metrics/Counters for Windows and Linux VMs to replace existing monitoring tool and looking for equivalent Metrics in Azure Metrics Windows VMs Linux VMs Physical memory (Bytes) Pagefile (Bytes) Virtual memory usage (Bytes) Physical memory usage (Bytes) Number of physical CPUs (Number) Number of Logical CPUs (Number) Processor queue length (Number) It would be great help if anyone of you can suggest on these. Best regards, Prash'' operator: Failed to resolve table or column or scalar expression named 'Perf' If issue persists
Hello Community, I tried to run the following query: Perf | where CounterName == "% Processor Time" and ObjectName == "Processor" and InstanceName == "_Total" | summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 1hr), Computer | render timechart But I got: 'where' operator: Failed to resolve table or column expression named 'Perf' If issue persists, please open a support ticket. Request id: 3b67cd23-4f8d-4249-88d4-b8cac1b64346 Any ideas? Cheers
Query LogAnalytics for Azure Virtual Machine Tag?
hi! I have a process that adds some tags to VMs in Azure. I would love to query log analytics for these tags. Here is an example of the tags: I found this query to parse VMInsights tags but am not sure where to go to look up these tags. InsightsMetrics | extend Tags = parse_json(Tags) | where Tags.["AutomanagedPC"] has "true" Any tips would be greatly appreciated 🙂
Table count from custom log
Hello, I would like to get the count of table name reference in my custom log which is pushed to the Log analytics. The custom log structure is given below. 020-08-31 16:15:38 ProxyEngine [INFO] api invoked by user abcd with db user as default api user 2020-08-31 16:15:38 JdbcTemplateService [DEBUG] getting basic api user userapi 2020-08-31 16:15:38 SqlTrigger [INFO] sql fired is select * from table_1 2020-08-31 16:15:39 SqlTrigger [INFO] total records found 301 2020-08-31 16:15:39 SqlTrigger [INFO] done fetching of data 2020-08-31 16:15:50 ProxyEngine [INFO] api invoked by user xyz with db user as default api user 2020-08-31 16:15:50 JdbcTemplateService [DEBUG] getting basic api user userapi 2020-08-31 16:15:50 SqlTrigger [INFO] sql fired is select * from table_2 2020-08-31 16:15:51 SqlTrigger [INFO] total records found 305 2020-08-31 16:15:51 SqlTrigger [INFO] done fetching of data 2020-08-31 16:16:02 ProxyEngine [INFO] api invoked by user abcd with db user as default api user 2020-08-31 16:16:02 JdbcTemplateService [DEBUG] getting basic api user userapi 2020-08-31 16:16:02 SqlTrigger [INFO] sql fired is select * from table_1 2020-08-31 16:16:34 SqlTrigger [INFO] total records found 301 2020-08-31 16:16:34 SqlTrigger [INFO] done fetching of data The expected output Table name count table_1 2 table_2 1 Can someone provide the KQL query to get the above output? thanks in advance.
