Enable performance counter for Log analytics and execute KUSTO Query
This article
states you about how can you execute log analytics query or KUSTO query over
log analytics workspace. A KUSTO query is combination of SQL,PowerShell and bash and becomes KQL (Kusto query language).
Prior to
this please go through to this which is about how to create log analytics
workspace.
Pre-requisite
The
following must be present for this solution:
1.
You should have Log analytics workspace already configured in
your Azure subscription.
Log analytics workspace
Once you are done with creation of LAW, go to that and find
an option logs on t eleft side of the panel as you can see in an image LA.jpg below marked as
RED
There
I’ve executed a query which is describes about list the number of computers
sending logs, each hour. For that purpose I selected a table named HeartBeat
which contains a potential information about the virtual machine connected to
Log analytics workspace aka LAW
Go to Data -> Windows Performance Counter -> Add the selected
performance counter
And click on that. As soon as you click all those counter
will be enable and will start sending telemetry to log analytics workspace on
which you can query and get virtual machine performace information. Refer enable-counter.jpg
Once performance counter got enabled , it
starts sending those information to Log Analytics workspace.
NOTE: If you don’t get any records while you execute query
on PERF table than restart MMA agent persists on virtual machine or disconnect/connect
from virtual machine option visible in Log Analytics Workspace.
You can easily see the performance of a
virtual machine connected to Log analytics workspace aka LAW. For that select PERF
table .
Another set of query is for Usage
and rendering it in piechart. You can render it in table , scatterchart and with few
more option
// Usage by data types
// Chart the amount of logs reported for each data type, today
Usage
| summarize count_per_type=count() by DataType
| sort by count_per_type desc
| render piechart
In an image below you should be able to understand how does it
works in real use case.
 |
| KUSTO keywords in use |
Refer an image below kusto-query-piechart.jpg below for the output in piechart.
NOTE:
Following query fetches information about "%committed bytes in use"
(in case of windows OS) for Linux base machine
counter name will be "% Used Memory".
After executing the below query I get
3 rows as a result because If you remember I’ve enable performance counter for
windows computer. Refer screen shot enable-counter.jpg
Perf
| where TimeGenerated > ago(30m)
| where CounterName == "% Committed Bytes
In Use"
| project TimeGenerated, CounterName, CounterValue, Computer
| summarize UsedMemory = avg(CounterValue) by CounterName, bin(TimeGenerated,
10m), Computer
| where UsedMemory > 0
| render timechart
Refer an image result.jpg
below
I hope it helps you a bit to understand how can we run KUSTO
on LOG analytics workspace.
0 comments :
Post a Comment