This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
What is a good first step to analyzing logs in Azure Monitor Logs?
Write a KQL query to retrieve all relevant data.
Carefully look through all of the log data in your Log Analytics workspace.
Define your analysis goals and assess which tables in your Log Analytics workspace hold the data that's relevant to your analysis
What can you do to familiarize yourself with the raw log data you've collected in a table?
Run simple queries, like take 10 and distinct <column name>, on a specific table or use the Log Analytics user interface to search through, filter and explore the data.
take 10
distinct <column name>
Use the make_set() aggregate function to group together all of the data in the table so you can see it all in one place.
make_set()
Export the data to Excel or an external tool.
How can you enrich your query results with additional data that's not available in the table you've queried in Log Analytics?
Use the KQL join operator to retrieve information from a different table.
join
Use the KQL import operator to import the data from a different location.
import
Add a column to the query results and populate the missing data manually.
You must answer all questions before checking your work.
Was this page helpful?