![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 79%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Azure Event Hubs
An Azure real-time data ingestion service.
695 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Hello, Welcome to MS Q&A
It seems you're experiencing difficulties with Kusto Query Language (KQL) queries in Azure Event Hubs, specifically that the queries are not returning the expected results and only displaying table names with values. Here are some steps to troubleshoot and resolve this issue:
Verify Diagnostic Settings: Ensure that you have correctly configured the diagnostic settings for your Event Hub to send logs to your Log Analytics workspace. This includes selecting the appropriate log categories that you want to monitor, such as "OperationalLogs" and "RuntimeAuditLogs".
Check Log Analytics Workspace: Confirm that your Log Analytics workspace is properly linked to your Event Hub. You can do this by navigating to the Event Hub in the Azure portal, selecting "Diagnostic settings," and ensuring that the logs are being sent to the correct workspace.
Use Correct KQL Queries: Make sure you are using the correct KQL queries to retrieve the data. For example, to get errors from the past seven days, you can use the following query:
AzureDiagnostics | where TimeGenerated > ago(7d) | where ResourceProvider == "MICROSOFT.EVENTHUB" | where Category == "OperationalLogs" | summarize count() by "EventName"
This query should return the count of errors categorized under "OperationalLogs" for your Event Hub.
Query Scope: When you select Logs from the Event Hub's menu, ensure that the query scope is set correctly. If you want to include data from other Azure services, select Logs from the Azure Monitor menu instead. This can affect the results returned by your queries.
Review Permissions: Ensure that you have the necessary permissions to access the logs in the Log Analytics workspace. Lack of permissions can sometimes lead to incomplete data being displayed.
Check for Data Availability: If the queries still do not return results, check if there is any data available in the Log Analytics workspace for the specified time range. You can do this by running a simple query to list all entries:
AzureDiagnostics | where ResourceProvider == "MICROSOFT.EVENTHUB" | take 10
If you follow these steps and still encounter issues, it may be beneficial to review the Azure documentation on monitoring Azure Event Hubs and KQL queries for further insights.
- Ensure that your diagnostic settings are correctly configured to send logs to your Log Analytics workspace.
- Use the appropriate KQL queries to retrieve the desired data from AzureDiagnostics.
- Verify that you have the necessary permissions and that data is available for the specified time range.
If you continue to experience problems, please provide any error messages or additional details, and I will assist you further.
For more detailed instructions, you can view solution:
Please let me know if any further questions
Kindly accept answer if it helps
Thanks
Deepanshu