I am trying to bring in Azure Synapse logs into Loganalytics to create dashboards on usage level.
I have already setup in diagnostic settings to pass on the logs to my loganalytics workspace.
But while trying to execute queries from below documentation, I am getting error saying -
Query -
//Chart the most active resource classes
AzureDiagnostics | where Category contains "ExecRequests" | where
Status_s == "Completed" | summarize totalQueries = dcount(RequestId_s)
by ResourceClass_s | render barchart
Error:
'where' operator: Failed to resolve column or scalar expression named 'Status_s'...
Documentation link for queries : https://learn.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-monitor-workload-portal
Please let me know if there is something I am missing. I am directly logging to loganalytics workspace and running these queries inside a workbook...
Also i didnt find any proper documentation/blogs/links for connecting synapse to loganalytics, please let me know if anyone has that..
The documentation linked in your post appears to be out of date even though the last update date is recent.
See this link:
Azure services that use resource-specific mode store data in a table
specific to that service and do not use the AzureDiagnostics
table.
The link also lists a number of resource-specific tables for Synapse. "SynapseSqlPoolExecRequests" and "SynapseSqlPoolSqlRequests" are a few examples that might provide the info you're seeking.
Related
In the ADX web UI at https://dataexplorer.azure.com/dashboards, I can see a list of Kusto based dashboards I've created or been granted access to.
Under what resource type in https://portal.azure.com/ are these assets scoped? I've used the UI to export the report definition JSON. However, I've been unable to find either the Dashboard name or guid in Azure Resource Graph explorer searching in the name & id fields. Notably these same queries (with different arguments) return the ADX clusters which are the data sources for the dashboards in question.
The az portal dashboard commands do not appear to include Kusto dashboards as far as I can tell.
A partial inventory appears to be available in the .show queries system view.
.show queries
| where ClientActivityId startswith "RTD;"
| extend ClientActivityIdBag = split(ClientActivityId,';')
| extend DashboardGuid = tostring(ClientActivityIdBag[1])
| summarize
count(),
min(StartedOn),
max(StartedOn),
take_any(ClientActivityId)
by DashboardGuid
This suggests to me that there is a ReportServer DB analouge from which I'd be able to correlate the dashboard guid to broader dashboard metadata, but I've been unable to proceed further so far.
I want to monitor shared Kusto dashboard assets for modifications. Other than logging into the web UI and using my eyeballs, how can I do this?
I use Log Analaytics Workspace in order to add logs from my application and use kusto query as follows:
ApplicationLog_CL
| order by TimeGenerated desc
What does this ApplicationLog_CL indicate? Is there a way to add another log type?
The 'ApplicationLog_CL' is a reference to the Table in Log Analytics you are querying with KQL.
The postfix of '_CL' indicates that it's a Custom Table and will most likely also have the type of 'Custom Table' if you look in the Log Analytics Workspace under Tables.
When trying to create a custom table in LAW through e.g. Bicep or the Azure CLI and you do not add the postfix '_CL' to the table, the creation of the table fails.
It specifies here that the table needs to postfixed with '_CL'.
If creating the table through the Azure Portal, Azure will postfix the table with '_CL' automatically.
I have Azure Function Apps running in App Service, and I am able to get the number of Http Server Errors by instance level in the Metrics (Pls see image). I would like to get the same level of metics via Kusto query and tried all the Log tables I can't find it. Is it possible to get those metrics by instance using Kusto?
I checked in AzureMetrics there is no instance level data stored: Here is the query I am using to get all Http Server Errors overall.
AzureMetrics
| where ResourceGroup == "RG"
| where TimeGenerated {TimeRange}
| where ResourceId in ("ResourceId")
| where MetricName == "Http5xx"
Since you are looking at Azure Metrics in metrics explorer, those generally are NOT coming from a kql backed data source (not all standard azure metrics are in any workspaces/etc for cost/compat reasons)
in workbooks, instead of using a Query step, you'd use a Metrics step to get this data instead. you'd pick that time range parameter in the time range dropdown, likewise you'd select the appropriate resource type and that resources or resource parameter in the resource picker of the metrics item, and you'd add that metric. (there's a preview feature coming to help with this, add ?feature.sendtoworkbooks=true to your azure portal url, like https://portal.azure.com/?feature.sendtoworkbooks=true) and the Metrics Explorer view will have additional "Send to workbooks" options in the share and pin menus that will convert the metrics view to a workbook)
If Application Insights is configured on this function app, you could possibly query the appinsights customMetrics table to get custom metrics in the function app, but probably not the standard metrics as KQL)
So, I can see create_or_update logs of my VM on activity logs. There is no filter just to get the create logs as much as I am aware.
So is there any way where I can just see the create logs of a VM using API or commands?
You can follow below steps to achieve your requirement
You need to enable diagnostic settings to activity logs.
refer https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log#send-to-log-analytics-workspace for enabling the diagnostic settings.
Once the Log analytics workspace is established, you can query the logs as
AzureActivity
| where OperationName == 'Create or Update Virtual Machine' and ActivitySubstatusValue == 'Created'
| order by TimeGenerated desc
above output will show only the Create operations. You can further filter it based on your requirement.
We want to see activity logs initiated by all the users from the organization(like users#mycompamy.com). We don't want to see the activity initiated by platform(by azure policy, by backup management, etc).
On the Azure portal, there is only two option: Either select 'All' or type a single user's name. I tried '*#mycompany.com' but it didn't work. Is there any way to get this.
thanks
Updated:
In azure monitor -> Logs, you can write the query like below:
AzureActivity
| where Caller contains "#mycompamy.com"
Add a screenshot for this:
Original answer:
A simple way is that just type the #mycompany.com in the search box. The screenshot is as below:
Another more advanced method is that nav to azure monitor -> logs -> then use kusto query, then you can query what you like as per the condition like use this where clause EventInitiatedBy contains "#mycompany.com".