Open In App

Microsoft Azure – Query Azure Storage Logs in Azure Monitor Log Analytics

Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisite:- Azure

Log Analytics is a tool offered by Azure, which is used to edit and run log queries against data in the Azure Monitor Logs store and helps interactively analyze their results. One can easily use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide various insights into the data. Log Analytics helps the user collect telemetry and other data from various sources and provides a query language for advanced analytics.

Here in this article, we will discuss Log Analytics, how to get started with some basic queries, how to run and write some simple queries, and modify them in Azure Monitor Log Analytics.

Steps to Query with Log Analytics

Step 1: Open the Log Analytics demo environment, or Select Logs from the Azure Monitor menu in the subscription. 

log analytics

 

Step 2: The Tables tab is located on the left side of the screen, and it allows us to view the tables that are accessible in the current scope. By default, these tables are grouped by Solution, but we can adjust the grouping or filters as necessary.

Step 3: Locate the AppRequests table by expanding the Log Management solution. The table can be expanded to reveal its schema, and if we hover the mouse over a cell’s name, more details will appear.

app request table

 

Step 4: here, To access the table reference, which details each table and its columns, click the link under “Useful links.” To quickly glance at a few recent records in the table. select ‘Preview data’ Before running a query on the data, which can help ensure the correct data that is needed. 

logs

 

How to write a Simple Query

Let’s begin by creating a query in the AppRequests table. To begin, add it to the query window by double-clicking its name. It is also possible to type directly in the window. We can also use IntelliSense to help complete the names of tables in the current scope, as well as Kusto Query Language (KQL) commands.

This is the most basic query we can construct. It simply returns all of the records in a table. Run it by pressing the Run button or Shift+Enter with the cursor anywhere in the query text. Here the results can be seen in the image below:

query logs

 

All queries return records created within a specific time frame. The query returns records generated within the last 24 hours by default. A different time range, however, can be specified by using the ‘where operator’ in the query. There is also a Time range dropdown list at the top of the screen that can be useful.

Here, lets us understand it with the help of an example. Let’s change the time range of the query by selecting the Last 12 hours from the Time range dropdown.

time to query logs

 

Working with Multiple Query Conditions

Since we already know how to create simple and direct queries. Let’s now add another filter condition to further limit our results. Any number of filters can be used in a query to specifically target the records we need. Simply choose the “Name query” index under “Home” and then “Apply & Run” to apply.

multiple queries

 

Analyzing the Results

Log Analytics provides tools for interacting with the results as well as for creating and running queries. When we expand a record, we can see the values for each of its columns. Simply click on the name of any column to sort the results. Select the filter icon next to it to add a filter condition. This action is the same as adding a filter condition to the query itself, with the exception that the filter is cleared if the query is run again. We can use this method to quickly analyze a set of records as part of the interactive analysis.

analyzing result

 

Searching through the Query Results Using Search Box

We can also use the search box to search through the query results given at the top right of the results pane. For example, we will type ‘Chicago’ as the keyword in the query results search box, and then, will select the arrows to find all instances of this string in the search results.

searching query

 

Reorganizing and Summarizing the Data

To improve data visualization, we can also use the functions in Log Analytics to reorganize and summarise the data in the query results based on our requirements. To do so, Simply click Columns to the right of the results pane to open the Columns sidebar.

summarizing data

 

In the sidebar, there will be a list of all available columns. Here, simply just drag the Url column into the Row Groups section. Using the method, Results will now be organized by that column, and it can collapse each group to help us with the analysis. 

This action is somewhat the same as adding a filter condition to the query, however, instead of fetching data from the server, it processes the data returned by our original query. 

logs data

 

Working with Charts

Let’s look at a query that uses numerical data that we can view in a chart. here we’ll carry on with the example query instead of building a new one. 

Step 1: To start with let’s select Queries on the left pane. This page includes example queries that we can add to the query window.

Step 2: here, for example, In the Applications category, search for the query ‘Function Error rate’. And then add it to the query window.

charts query

 

Step 3: Move the cursor to the required query, as shown in the image. The current query is the one on which the cursor is positioned. The first query is highlighted in this case, indicating that it is the current query. Now Click anywhere in the window to select, and then tap on the ‘Run’ button. 

logs

 

Step 4: Next, select Chart from the results pane to view the results as a graph.

chart output

 



Last Updated : 31 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads