Azure Log Analytics: Disk Space Usage – Part 2

  My previous post on this topic is one of the most viewed (according to our blog analytics in the last week).   So I thought it was time to share some extra queries that you many find helpful. Please see the previous post, Part 1: https://blogs.msdn.microsoft.com/ukhybridcloud/2017/12/08/azure-log-analytics-disk-space-usage/ Part3: https://blogs.msdn.microsoft.com/ukhybridcloud/2018/05/18/azure-log-analytics-disk-space-usage-part-3/ The original query I produced was this: //…

2

Azure Log Analytics: Queries, the basics explained – Part 4

  I’ll finish with some more examples, building on what we discussed in part 3. SecurityEvent | where Account has “Clive”   // has is a best practise rather than contains | project Account, Computer, EventID , EventSourceName // now I’ve selected a few columns of data I think are useful to reduce the noise //or…

0

Azure Log Analytics: Queries, the basics explained – Part 3

Sometimes unlike post 2, you may not know where to start, but hopefully you know some piece of data to search on. An example I often use  is a persons name, I’ll use my own.  Search can look through a lot of data so you may want to scope the time to a period you…

0

Azure Log Analytics: Queries, the basics explained – Part 2

Now that we have opened our first tab for producing a query in part 1 lets look at, some other capabilities. I mentioned Schema in the last post, its a good way of finding which types of data you may have and what solutions.  From my workspace you can see the variety of Solutions I…

0

Azure Log Analytics: Queries, the basics explained – Part 1

Sometimes I’m guilty of jumping in to the deep-end and skipping the basics. Update: This post end up in four parts: Part1 Part2 Part3 Part4 I spend all my time in the Advanced Analytics portal, as originally Log Search was a single line syntax. I much prefer multi-line syntax: Perf | where TimeGenerated >= ago(2h)…

0

Azure Log Analytics: Finding CPUs with perf counters

Today I saw a question on how find the count of CPUs that a server has, maybe you need this for licensing or maybe just for inventory purposes.  I remember looking at this before… The easiest way I’ve found (unless you know different) was to convert a syntax I used in the old query language…

0

Azure Log Analytics: Disk Space Usage–Part1

Often for customer demos I show this particular example or get questions as its pinned to my Azure Dashboard – its the first thing you see. UPDATE 17th May 2018: I’ve now added a Part 2 to this post, please go here for that  Part 2: https://blogs.msdn.microsoft.com/ukhybridcloud/2018/05/17/azure-log-analytics-disk-space-usage-part-2/ Performance counters are a great sources of performance…

0

Azure Log Analytics: Linux Groups

Earlier today I needed to look for some specific Linux machines, and a process name in Syslog. If you happen to have a naming convention, that enables a startswith or endswith or even a contains then its reasonably easy to find this info, e.g. However I wanted to make sure it was a Linux server…

0

Azure Log Analytics: Sorting Events

Jon (who also works at Microsoft) was asking me how to use an ‘or’ to filter EventIDs, I thought I’d add some syntax examples. We have seen in the last post that you can get Event or SecurityEvent details.  I’ll use SecurityEvents as the example but you can use Events if you prefer.  All examples…

0

Azure Log Analytics: Using the Parse operator

Updated: to include some screenshots (as thus wasn’t working the other day) Today I had to look at getting some data from SecurityEvent.  This is using the new Log Analytics query language and the Advanced Analytics portal. I was looking at EventID: 5061, but you can use any EventID you like, e.g. SecurityEvent | where…

2