As a follow up to my Azure Resource Graph examples repo, I have a few queries to find orphaned Azure resources. These queries are all in the repo, but I’m doing a separate post on this because I feel its a pretty common problem to have orphaned resources. I will also be adding more queries …
Last week the Azure Monitor team announced a new Community for Workbooks, queries and alerts for Azure Monitor. Hopefully it becomes to Azure Operations as what the Azure Sentinel Community has become. Despite being around a lot less time than Azure Monitor, there are many workbooks, queries, Jupyter Notebooks for use in the Azure Sentinel …
Recently Log Analytics added a neat feature that allows you to see how well your queries run. Because Log Analytics Operators Has and Contains perform similar functions, some have been advising to only use the Has operator as it is the most efficient. However, Has is nice but it is not the be all and …
Having worked with SCOM for a number of years, one of things I grew to really like is some of the performance reporting available from the SCOM Data Warehouse. Presently, Log Analytics offers no real out of box performance reporting. Some of the solutions offer dashboards and things like that. In this post I’ll be …
This post is aimed at beginners with Azure Log Analytics. I’ll be discussing how you can use the Azure Log Analytics Summarize operator when you query data in your Log Analytics workspace. The Summarize Operator will likely be the most commonly used Operator. It seems like at least once a week I learn something knew …
I was recently writing a summary performance report binned by day. If you have used the summarize operator with bin you know that the TimeGenerated field has a lot of extra characters on it. So naturally my next question was how do you format the TimeGenerated Field? I took a look at the official format_datetime() …
This post is aimed at beginners with Azure Log Analytics. I’ll be discussing how you can use the Azure Log Analytics Project operator when you query data in your Log Analytics workspace. The Project operator works similarly to Select-Object in Powershell. If we do: We get a bunch of fields back. Including our TenantId, which …