Kusto Query to get Http5xx by Instance level - azure-monitor-workbooks

I have Azure Function Apps running in App Service, and I am able to get the number of Http Server Errors by instance level in the Metrics (Pls see image). I would like to get the same level of metics via Kusto query and tried all the Log tables I can't find it. Is it possible to get those metrics by instance using Kusto?
I checked in AzureMetrics there is no instance level data stored: Here is the query I am using to get all Http Server Errors overall.
AzureMetrics
| where ResourceGroup == "RG"
| where TimeGenerated {TimeRange}
| where ResourceId in ("ResourceId")
| where MetricName == "Http5xx"

Since you are looking at Azure Metrics in metrics explorer, those generally are NOT coming from a kql backed data source (not all standard azure metrics are in any workspaces/etc for cost/compat reasons)
in workbooks, instead of using a Query step, you'd use a Metrics step to get this data instead. you'd pick that time range parameter in the time range dropdown, likewise you'd select the appropriate resource type and that resources or resource parameter in the resource picker of the metrics item, and you'd add that metric. (there's a preview feature coming to help with this, add ?feature.sendtoworkbooks=true to your azure portal url, like https://portal.azure.com/?feature.sendtoworkbooks=true) and the Metrics Explorer view will have additional "Send to workbooks" options in the share and pin menus that will convert the metrics view to a workbook)
If Application Insights is configured on this function app, you could possibly query the appinsights customMetrics table to get custom metrics in the function app, but probably not the standard metrics as KQL)

Related

Where do Kusto dashboard definitions live

In the ADX web UI at https://dataexplorer.azure.com/dashboards, I can see a list of Kusto based dashboards I've created or been granted access to.
Under what resource type in https://portal.azure.com/ are these assets scoped? I've used the UI to export the report definition JSON. However, I've been unable to find either the Dashboard name or guid in Azure Resource Graph explorer searching in the name & id fields. Notably these same queries (with different arguments) return the ADX clusters which are the data sources for the dashboards in question.
The az portal dashboard commands do not appear to include Kusto dashboards as far as I can tell.
A partial inventory appears to be available in the .show queries system view.
.show queries
| where ClientActivityId startswith "RTD;"
| extend ClientActivityIdBag = split(ClientActivityId,';')
| extend DashboardGuid = tostring(ClientActivityIdBag[1])
| summarize
count(),
min(StartedOn),
max(StartedOn),
take_any(ClientActivityId)
by DashboardGuid
This suggests to me that there is a ReportServer DB analouge from which I'd be able to correlate the dashboard guid to broader dashboard metadata, but I've been unable to proceed further so far.
I want to monitor shared Kusto dashboard assets for modifications. Other than logging into the web UI and using my eyeballs, how can I do this?

Azure log analytics Azure Synapse integration

I am trying to bring in Azure Synapse logs into Loganalytics to create dashboards on usage level.
I have already setup in diagnostic settings to pass on the logs to my loganalytics workspace.
But while trying to execute queries from below documentation, I am getting error saying -
Query -
//Chart the most active resource classes
AzureDiagnostics | where Category contains "ExecRequests" | where
Status_s == "Completed" | summarize totalQueries = dcount(RequestId_s)
by ResourceClass_s | render barchart
Error:
'where' operator: Failed to resolve column or scalar expression named 'Status_s'...
Documentation link for queries : https://learn.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-monitor-workload-portal
Please let me know if there is something I am missing. I am directly logging to loganalytics workspace and running these queries inside a workbook...
Also i didnt find any proper documentation/blogs/links for connecting synapse to loganalytics, please let me know if anyone has that..
The documentation linked in your post appears to be out of date even though the last update date is recent.
See this link:
Azure services that use resource-specific mode store data in a table
specific to that service and do not use the AzureDiagnostics
table.
The link also lists a number of resource-specific tables for Synapse. "SynapseSqlPoolExecRequests" and "SynapseSqlPoolSqlRequests" are a few examples that might provide the info you're seeking.

How to select a log analytics workspace in azure monitor notebook using a parameter?

I would like to have the user select the log analytics workspace as a parameter in an Azure Monitor notebook to perform a query, similar to what is explained in the parameter documentation. However, I can't resolve the log analytics workspace using a variable.
What I would like to do is something like:
let event_table = workspace({parameter}).Event;
event_table
| take 5
The following query using a string literal is successful in both an azure monitor notebook and in a log query:
let event_table = workspace("name_of_work_space").Event;
event_table
| take 5
The following fails with the error "Unknown function 'workspace'. in both an azure monitor notebook and a log query:
let logAnalyticsWorkspaceName = "name_of_work_space";
let event_table = workspace(logAnalyticsWorkspaceName).Event;
event_table
| take 5
It seems that only string literals are allowed as arguments to the workspace() function.
Additionally, iff() and case() functions only return scalars so I cannot use iff() and case() to conditionally return a table or workspace based on a Azure Notebook parameter.
How do I supply a parameter to an Azure Monitor Notebook to query against a particular log analytics workspace?
Dynamically setting the workspace be accomplished using a parameter. Create a parameter for Workspaces where the parameter type is Resource picker (from Azure Resource Graph). That parameter will then appear as an option in the Log Analytics drop down for downstream controls. A demonstration appears in the video "How to build tabs and alerts in Azure workbooks | Azure Portal" at 5:00.

How to query multiple Azure API Management API names with Application Insights query

Hello i was working on getting requests through the Azure API Management , however i am getting all the api exsiting. i wanted to filter just the apis i needed
here is what i did :
requests
|summarize totalCount=sum(itemCount) by bin(timestamp,15m),toString(customDimensions.["API Name"])
where (toString(customDimensions.["API Name"]) == "api1" && "api2"
|render timechart
when i test it tells me status : something is broken , how can i filter just the api that i need from all
change the query to
requests
| extend apiName = tostring(customDimensions.["API Name"])
| summarize totalCount=sum(itemCount) by bin(timestamp,15m),apiName
| where apiName in ("api1", "api2")
| render timechart
To dive deeper into the requests, you application insights. You can link ApplicationInsights to APIM instance for monitoring.
Create Application Insights in Azure and copy the generated Instrumentation key.
Browse to APIM Resource, scroll to Monitoring section to select Application Insights. Use the above copied Instrumentation key.
Monitoring is not On by default for all incoming and outgoing. To enable it, in APIM scroll to API section to select APIs. On the top select Settings and enable Application Insights.
Now it is all set to monitor your APIs.
Found the solution in the azure documentation .
the language is called kusto
here is the link to the documentation: Azure Kusto Query language
requests
| extend apiName = tostring(customDimensions.["API Name"])
| summarize totalCount=sum(itemCount) by bin(timestamp,15m),apiName
| where apiName in ("api1", "api2")
| render timechart
When configuring the Application Insights Diagnostics Logs, don't forget to set the number of payload bytes to an adequate value. This will give you more information from the requests and responses you are monitoring.

how to get the fully qualified instance id from data which is stored in storage account table in azure?

I want to get the fully qualified instance id(Ex-:"/subscriptions/9xxxxxx5-6xxe-4xxc-8xx4-2xxxxxxxxx5/resourceGroups/test/providers/Microsoft.Compute/virtualMachines/vm-test")which is stored in storage account table in Azure.
I have enabled guest level monitoring in my virtual machine and exported metrics to a Storage account table. In that table, instance id column (PARTITIONKEY) shows like below.
":002Fsubscriptions:002F9xxxxxx5:002D6xxe:002D4xxc:002D8xx4:002D2xxxxxxxxx5:002FresourceGroups:002Ftest:002Fproviders:002FMicrosoft:002ECompute:002FvirtualMachines:002Fvm:002Dtest"
Not sure how to convert instance id column PARTITIONKEY into like a instance Id.
However, for your purpose to get vm memory related metrics. It's recommended to use Log Analytics. Search Log Analytics workspace resource in the Azure portal then narrow down to your specific VM scope then run the query language.
Perf
| where ObjectName == "Memory"
Or, you can execute an Analytics query using Query - Get
For more information, you could read these docs.
https://learn.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
https://learn.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
Hope this could help you.

Resources