I would like to have my local device query and store data from the same Log Analytics platform that it reports to. All the documentation I have seen shows me how to access/query Log Analytics from the Azure UI & Azure PowerShell, but I have not seen anything on how to query the same data from the Virtual Machine's own PowerShell terminal. Any recommendations? Is this possible, or not?
I found the answer to my own question. To the benefit of anyone who is struggling with the same problem, refer to this:
https://igeorgiev.eu/azure/howto-query-log-analytics-workspace-from-azure-powershell-using-service-principal/
The Log Analytics Workspace context can be retrieved with
$workspace = Get-AzOperationalInsightsWorkspace
After you have retrieved the context and defined a KQL Query, you can query the Log Analytics platform with
$QueryResults = Invoke-AzOperationalInsightsQuery -Workspace $Workspace -Query $kqlQuery
Related
I am looking for a way to get all custom log tables from an Azure log analytics workspace through PowerShell code.
Below is an example of three custom log tables of which I would like to see the names in an object (array/list/...).
I am able to create a custom log table, insert and check data in it, but I am not able to upfront check if the table already exists, before I query on it.
I am using the Invoke-AzOperationalInsightsQuery PowerShell cmdlet to query on the custom log table, but this fails if the log does not exist yet. Hence the question.
Thanks for your input.
I have created sample custom log tables
and executed the below command
Get-AzOperationalInsightsDataSource -Kind CustomLog -ResourceGroupName RGName -WorkspaceName LogAnalyticsWorkSpaceName
Get-AzOperationalInsightsDataSource - Gets datasources under Azure Log Analytics workspace.
I am trying to bring in Azure Synapse logs into Loganalytics to create dashboards on usage level.
I have already setup in diagnostic settings to pass on the logs to my loganalytics workspace.
But while trying to execute queries from below documentation, I am getting error saying -
Query -
//Chart the most active resource classes
AzureDiagnostics | where Category contains "ExecRequests" | where
Status_s == "Completed" | summarize totalQueries = dcount(RequestId_s)
by ResourceClass_s | render barchart
Error:
'where' operator: Failed to resolve column or scalar expression named 'Status_s'...
Documentation link for queries : https://learn.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-monitor-workload-portal
Please let me know if there is something I am missing. I am directly logging to loganalytics workspace and running these queries inside a workbook...
Also i didnt find any proper documentation/blogs/links for connecting synapse to loganalytics, please let me know if anyone has that..
The documentation linked in your post appears to be out of date even though the last update date is recent.
See this link:
Azure services that use resource-specific mode store data in a table
specific to that service and do not use the AzureDiagnostics
table.
The link also lists a number of resource-specific tables for Synapse. "SynapseSqlPoolExecRequests" and "SynapseSqlPoolSqlRequests" are a few examples that might provide the info you're seeking.
Following on a question posted a few days ago, Data factory Diagnostic settings, is there any way to accomplish adding to log analytics diagnostics via a script.
I could not find anything in Azure CLI - Data Factory Extension or Terraform Azure Data Factory provider to support this.
Diagnostics is not a property of a resource, but instead it is configured using it's own provider.
https://learn.microsoft.com/en-us/azure/azure-monitor/samples/resource-manager-diagnostic-settings
I did find answer to this question. Hopefully it will help anybody else looking for automation for Azure Data Factory.
The solution was not in documentation for Azure Data Factory, where I was looking, but in the scripting for - Azure Monitor. The link is - Create diagnostic settings to send platform logs and metrics to different destinations - Azure Monitor | Microsoft Docs
To the credit of the Azure team, this link is available on Portal where diagnostics is added to the Azure Data Factory, but the information about the Azure CLI is close to the bottom of the page. (So, egg on my face, for missing it.)
Here is the script that I came up with:
az monitor diagnostic-settings create \
--name LogAnalytics02-Diagnostics \
--resource /subscriptions/(your-subscription)/resourceGroups/(your-resource-group)/providers/Microsoft.DataFactory/factories/(data-factory-name) \
--logs '[{"category": "PipelineRuns","enabled": true}]' \
--metrics '[{"category": "AllMetrics","enabled": true}]' \
--workspace /subscriptions/(your-subscription)/resourcegroups/(your-resource-group)/providers/microsoft.operationalinsights/workspaces/(your-log-analytics-workspace-name)
The pre-requisite to running the script is provisioning to the Azure Data Factory and the Log Analytics Workspace. Substitute the values to match the Azure subscription and resources.
powershell :
dataSources = Get-AzOperationalInsightsDataSource -Workspace $workspace -Kind AzureActivityLog
to list the resources.
is there any equivalent azure api are available?
The equivalent api is Data Sources - List By Workspace.
You can nav to the link to find more details of it's usage.
I want to get the fully qualified instance id(Ex-:"/subscriptions/9xxxxxx5-6xxe-4xxc-8xx4-2xxxxxxxxx5/resourceGroups/test/providers/Microsoft.Compute/virtualMachines/vm-test")which is stored in storage account table in Azure.
I have enabled guest level monitoring in my virtual machine and exported metrics to a Storage account table. In that table, instance id column (PARTITIONKEY) shows like below.
":002Fsubscriptions:002F9xxxxxx5:002D6xxe:002D4xxc:002D8xx4:002D2xxxxxxxxx5:002FresourceGroups:002Ftest:002Fproviders:002FMicrosoft:002ECompute:002FvirtualMachines:002Fvm:002Dtest"
Not sure how to convert instance id column PARTITIONKEY into like a instance Id.
However, for your purpose to get vm memory related metrics. It's recommended to use Log Analytics. Search Log Analytics workspace resource in the Azure portal then narrow down to your specific VM scope then run the query language.
Perf
| where ObjectName == "Memory"
Or, you can execute an Analytics query using Query - Get
For more information, you could read these docs.
https://learn.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
https://learn.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
Hope this could help you.