Microsoft Azure – Query Azure Storage Logs in Azure Monitor Log Analytics
Log Analytics is a tool offered by Azure, which is used to edit and run log queries against data in the Azure Monitor Logs store and helps interactively analyze their results. One can easily use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide various insights into the data. Log Analytics helps the user collect telemetry and other data from various sources and provides a query language for advanced analytics.
Here in this article, we will discuss Log Analytics, how to get started with some basic queries, how to run and write some simple queries, and modify them in Azure Monitor Log Analytics.
Steps to Query with Log Analytics
Step 1: Open the Log Analytics demo environment, or Select Logs from the Azure Monitor menu in the subscription.
Step 2: The Tables tab is located on the left side of the screen, and it allows us to view the tables that are accessible in the current scope. By default, these tables are grouped by Solution, but we can adjust the grouping or filters as necessary.
Step 3: Locate the AppRequests table by expanding the Log Management solution. The table can be expanded to reveal its schema, and if we hover the mouse over a cell’s name, more details will appear.
Step 4: here, To access the table reference, which details each table and its columns, click the link under “Useful links.” To quickly glance at a few recent records in the table. select ‘Preview data’ Before running a query on the data, which can help ensure the correct data that is needed.
How to write a Simple Query
Let’s begin by creating a query in the AppRequests table. To begin, add it to the query window by double-clicking its name. It is also possible to type directly in the window. We can also use IntelliSense to help complete the names of tables in the current scope, as well as Kusto Query Language (KQL) commands.
This is the most basic query we can construct. It simply returns all of the records in a table. Run it by pressing the Run button or Shift+Enter with the cursor anywhere in the query text. Here the results can be seen in the image below:
All queries return records created within a specific time frame. The query returns records generated within the last 24 hours by default. A different time range, however, can be specified by using the ‘where operator’ in the query. There is also a Time range dropdown list at the top of the screen that can be useful.
Here, lets us understand it with the help of an example. Let’s change the time range of the query by selecting the Last 12 hours from the Time range dropdown.
Working with Multiple Query Conditions
Since we already know how to create simple and direct queries. Let’s now add another filter condition to further limit our results. Any number of filters can be used in a query to specifically target the records we need. Simply choose the “Name query” index under “Home” and then “Apply & Run” to apply.
Analyzing the Results
Log Analytics provides tools for interacting with the results as well as for creating and running queries. When we expand a record, we can see the values for each of its columns. Simply click on the name of any column to sort the results. Select the filter icon next to it to add a filter condition. This action is the same as adding a filter condition to the query itself, with the exception that the filter is cleared if the query is run again. We can use this method to quickly analyze a set of records as part of the interactive analysis.
Searching through the Query Results Using Search Box
We can also use the search box to search through the query results given at the top right of the results pane. For example, we will type ‘Chicago’ as the keyword in the query results search box, and then, will select the arrows to find all instances of this string in the search results.
Reorganizing and Summarizing the Data
To improve data visualization, we can also use the functions in Log Analytics to reorganize and summarise the data in the query results based on our requirements. To do so, Simply click Columns to the right of the results pane to open the Columns sidebar.
In the sidebar, there will be a list of all available columns. Here, simply just drag the Url column into the Row Groups section. Using the method, Results will now be organized by that column, and it can collapse each group to help us with the analysis.
This action is somewhat the same as adding a filter condition to the query, however, instead of fetching data from the server, it processes the data returned by our original query.
Working with Charts
Let’s look at a query that uses numerical data that we can view in a chart. here we’ll carry on with the example query instead of building a new one.
Step 1: To start with let’s select Queries on the left pane. This page includes example queries that we can add to the query window.
Step 2: here, for example, In the Applications category, search for the query ‘Function Error rate’. And then add it to the query window.
Step 3: Move the cursor to the required query, as shown in the image. The current query is the one on which the cursor is positioned. The first query is highlighted in this case, indicating that it is the current query. Now Click anywhere in the window to select, and then tap on the ‘Run’ button.
Step 4: Next, select Chart from the results pane to view the results as a graph.
Please Login to comment...