Skip to content

Azure

Jump to bottom Edit New page
Fernando Benjamin edited this page Sep 24, 2020 · 2 revisions

How does it work? Setup by How to search Log

EXAMPLE COMPLEX QUERY

let startDateTime = ago(2d); let endDateTime = now(); let ContainerIdList = KubePodInventory | where TimeGenerated >= startDateTime and TimeGenerated < endDateTime | where ContainerName contains 'f-gateway' | where ClusterId =~ '/subscriptions/uuid/resourceGroups/Dev1/providers/Microsoft.ContainerService/managedClusters/dev1' | distinct ContainerID; ContainerLog | where TimeGenerated >= startDateTime and TimeGenerated < endDateTime | where ContainerID in (ContainerIdList) | project LogEntrySource, LogEntry, TimeGenerated, Computer, Image, Name, ContainerID | order by TimeGenerated desc | render table

Example 1 assdf

// — How to search for log in Dev1 environment
// — let service_name="de-transaction";
let untillDate = ago(1h);
ContainerLog
| where TimeGenerated > untillDate
| join (
    KubePodInventory
    | where ServiceName == service_name and TimeGenerated > untillDate
    | where _ResourceId endswith "dev1"
) on ContainerID
    | project Environment=substring(ClusterId,indexof(ClusterId,"managedClusters")+16)             
                ,ServiceName 
                ,TimeGenerated 
                , parse_json(LogEntry).level 
                , parse_json(LogEntry).logger_name 
                , parse_json(LogEntry).message 

Example 2
let fromDate = ago(2d);
let toDate = now();
// LOG LINE
let log_line = ContainerLog
    | where TimeGenerated between (fromDate .. toDate)
    | project ContainerID 
        ,TimeGenerated 
        , LogLevel=parse_json(LogEntry).level 
        , LoggerName=parse_json(LogEntry).logger_name 
        , Message=parse_json(LogEntry).message, LogEntry ;
// SERVICE INFO
let container_info = KubePodInventory
    | where TimeGenerated between (fromDate .. toDate)
    | where _ResourceId endswith "dev1"
    | project ContainerID, ServiceName,Environment=substring(ClusterId,indexof(ClusterId,"managedClusters")+16);
log_line
| where Message contains "Exception"
| where Message <> ""
| join kind = inner (
    container_info
    | where ServiceName <> "p-forwarder-job"
    //| where ServiceName == "b"
) on ContainerID
| project-away ContainerID
| summarize count() by tostring(ServiceName),tostring(LoggerName)


Example 3
let fromDate = ago(12d);
let toDate = now();
// LOG LINE
let log_line = ContainerLog
    | where TimeGenerated between (fromDate .. toDate)
    | project ContainerID 
        ,TimeGenerated 
        , LogLevel=parse_json(LogEntry).level 
        , LoggerName=parse_json(LogEntry).logger_name 
        , Message=parse_json(LogEntry).message, LogEntry ;
// SERVICE INFO
let container_info = KubePodInventory
    | where TimeGenerated between (fromDate .. toDate)
    | where _ResourceId endswith "dev1"
    | project ControllerName, ContainerID, ServiceName,Environment=substring(ClusterId,indexof(ClusterId,"managedClusters")+16);
log_line
| where Message contains "Exception"
| where Message <> "" 
| where LogLevel <> 'INFO'
| join kind = inner (
    container_info
    //| where ServiceName <> "prospect-forwarder-job"
    | where ServiceName <> ""
    //| where ServiceName == "blacksea"
) on ContainerID
| project-away ContainerID
| summarize count() by tostring(ServiceName),bin(TimeGenerated,1d)
| order by ServiceName, TimeGenerated




Example 4 - Exceptions per service

let fromDate = ago(12d);
let toDate = now();
// LOG LINE
let log_line = ContainerLog
    | where TimeGenerated between (fromDate .. toDate)
    | project ContainerID 
        ,TimeGenerated 
        , LogLevel=parse_json(LogEntry).level 
        , LoggerName=parse_json(LogEntry).logger_name 
        , Message=parse_json(LogEntry).message, LogEntry ;
// SERVICE INFO
let container_info = KubePodInventory
    | where TimeGenerated between (fromDate .. toDate)
    | where _ResourceId endswith "dev1"
    | project ControllerName, ContainerID, ServiceName,Environment=substring(ClusterId,indexof(ClusterId,"managedClusters")+16);
log_line
| where Message contains "Exception"
| where Message <> "" 
| where LogLevel <> 'INFO'
| join kind = inner (
    container_info
    | where ServiceName <> "p-forwarder-job"
    | where ServiceName <> ""
    //| where ServiceName == "blacksea"
) on ContainerID
| project-away ContainerID
| summarize count() by tostring(ServiceName),bin(TimeGenerated,1h)
| order by ServiceName, TimeGenerated






 ERRORS FOR TRANSACTION SERVICE
let fromDate = ago(4d);
let toDate = now();
// LOG LINE
let log_line = ContainerLog
    | where TimeGenerated between (fromDate .. toDate)
    | project ContainerID 
        ,TimeGenerated 
        , LogLevel=parse_json(LogEntry).level 
        , LoggerName=parse_json(LogEntry).logger_name 
        , Message=parse_json(LogEntry).message, LogEntry ;
// SERVICE INFO
let container_info = KubePodInventory
    | where TimeGenerated between (fromDate .. toDate)
    | where _ResourceId endswith "dev1"
    | project ControllerName, ContainerID, ServiceName,Environment=substring(ClusterId,indexof(ClusterId,"managedClusters")+16);
log_line
| where Message has "Exception"
| where Message <> "" 
//| where LogLevel <> 'INFO'
| join kind = inner (
    container_info
    | where ServiceName <> "prospect-forwarder-job"
    | where ServiceName <> ""
    | where ServiceName == "ing-transaction-job"
) on ContainerID
| project-away ContainerID
| summarize count() by tostring(ServiceName),bin(TimeGenerated,1h)
| order by ServiceName, TimeGenerated
Add a custom footer
Add a custom sidebar

Clone this wiki locally