Azure Log Analytics: Do you need some demo data?

Article
09/12/2018

This article (as a test) was also published to my LinkedIn feed

Sometimes you need some demo data to work with, here are two methods:

Use the Print operator to create some

In its basic use, you can use Print to display some text e.g.

print "this is a test" - which looks like:

You can also use it with a column name e.g. "t" in this example

print t = "this is another test"

This helps as we can then look or use the data, in this simple example we can look into "t" and see if the word "another" is found, if it is TRUE is returned (we use extend to write the result into a column called 'found').

Use the Let statement with datatable

This works in a way more similar to how you would write a Query in Log analytics. i.e. A simple Event query like:

 Event
| where EventID > 7600
| count

a example would be:

 let dummyData = datatable(dummyTxt:string)
[
    "This is yet another test"
];
dummyData
| where dummyTxt has "yet"

What is nice with datatable is that you can imitate a line of example log file (or whatever), that you might want to work on without actually having a copy of it.

 let dummyData = datatable(Date:datetime, dummyTxt:string)
[
    datetime(now) , "This is yet another test" ,
    datetime(now) , "This is yet another test string" 
];
dummyData
| where dummyTxt == "This is yet another test string"

Azure Log Analytics: Do you need some demo data?

Use the Print operator to create some

Use the Let statement with datatable

Additional resources