azure-log-analytics

问题 I'm trying to create comments in my Azure Log Analytics queries and I'm stumped. Part of my challenge I think is treating this system as if it were SQL, which it is clearly not. using "--" for instance results in a syntax error traces | where severityLevel > 1 -- this is an example of a line comment | where message !contains "DiagnosticsLogger.GetMethod contains message 1" | where message !contains "DiagnosticsLogger.GetMethod contains message 2" | summarize by timestamp, message,

问题 I have a JSON schema that I get from the server and I need to transform this JSON into a log analytics query language table and use that table to make a join with another table. The JSON has the following schema: [{ "X": "xyz", "Y": "xyz", "Z": "xyz", "prop1": "value1", "prop2": "value2", "prop3": "value3" }, { "X": "xyz", "Y": "xyz", "Z": "xyz", "prop1": "value1", "prop2": "value2", "prop3": "value3" }] I tried this : let table = todynamic('[{ "X": "xyz", "Y": "xyz", "Z": "xyz", "prop1":

问题 I am trying to create a search query for when a Public IP is assigned to a NIC, and then create an alert off that. I can find the part which identifies the assignment, but I need to use "inverted commas" within my search, but I can't... My query: AzureActivity | where OperationName == "Microsoft.Network/networkInterfaces/write" and ActivityStatus == "Started" | where Properties contains "<>" Within that "contains", I need to use the following JSON pulled from the properties JSON (which I

问题 Below is the kusto query: ADFActivityRun | where PipelineName contains "MyPipeline" | where OperationName == "Failed" | order by TimeGenerated desc | take 1 The Output column gives below result: "{ ""name"": ""varFileNames"", ""value"": [ { ""name"": ""Z400_EEE_20191110_ERR.txt"", ""type"": ""File"" }, { ""name"": ""Z400_CCC_20191119_ERR.txt"", ""type"": ""File"" }, { ""name"": ""Z400_DDD_20191121_ERR.txt"", ""type"": ""File"" }, { ""name"": ""Z400_EEE_20191122_ERR.txt"", ""type"": ""File"" }

问题 I'm querying log entries in Azure Application Insights originating from AppCenter Diagnostics using Azure Log Analytics. In some log entries i use custom propertys. Now i'm trying to write a query to show values only with certain properties having a given value. My original query looks like this and produces the expected result: customEvents | where (timestamp >= datetime(2019-02-20T09:04:00.000Z) and timestamp <= datetime(2019-02-21T09:04:00.000Z)) | top 101 by timestamp desc | project

问题 I need to query my Log Analytics workspace into Azure Data Explorer but i didn't fined any idea about it. Below are my doubts? 1. Do i need to ingest data from Log Analytics to Azure Data Explorer before utilizing it? 2. I didn't find any way to make a connection to Log Analytics into Azure Data Explorer? 3. The only option i saw to ingest data in Azure Data Explorer is through Event Hub. But now my issue is how can i ingest my log analytics data into Azure Data Explorer using event hub? Do i

问题 What is the use case for Azure application insights or log analytics? I am using APIM and Azure Functions and want to perform logging for requests. Which one is the best fit, application insights or log analytics? https://docs.microsoft.com/en-gb/azure/azure-monitor/overview Update In particular, any info on Azure application insights vs log analytics used for APIM? 回答1: What used to be known as Application Insights and Log Analytics independent offerings - are now a part of Azure Monitor. We

问题 Hi All, I am unable to add custom logs Log analytics -> Advanced Settings -> Data->Custom Logs though in the connected resource it's showing my machine connected. am I missing some thing? PS : I am using azure trail account 回答1: Currently, Custom Logs is in preview, you need enable it on OMS Portal firstly. Firstly, click OMS Portal . Then, enable Custom Logs feature. 来源： https://stackoverflow.com/questions/49034162/unable-to-add-custom-logs-to-log-analytics

问题 Hi All, I am unable to add custom logs Log analytics -> Advanced Settings -> Data->Custom Logs though in the connected resource it's showing my machine connected. am I missing some thing? PS : I am using azure trail account 回答1: Currently, Custom Logs is in preview, you need enable it on OMS Portal firstly. Firstly, click OMS Portal . Then, enable Custom Logs feature. 来源： https://stackoverflow.com/questions/49034162/unable-to-add-custom-logs-to-log-analytics

问题 Is there a way to configure Azure Activity logs to be forwarded to a Log Analytics instance using PowerShell? Essentially the same that can be performed using the Portal as outlined on this page: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs#configuration 回答1: You may use the PowerShell cmdlet New-AzureRmOperationalInsightsAzureActivityLogDataSource . Illustration: New-AzureRmOperationalInsightsAzureActivityLogDataSource -ResourceGroupName