This post is aimed at beginners with Azure Log Analytics. I’ll be discussing how you can use the Azure Log Analytics Project operator when you query data in your Log Analytics workspace. The Project operator works similarly to Select-Object in Powershell.
If we do:
Perf | where TimeGenerated ago(1h)
We get a bunch of fields back. Including our TenantId, which I have blurred.
But if we do:
Perf | where TimeGenerated ago(1h)) | project Computer, CounterName, InstanceName
You can see that it returns back only the fields I have included behind the project operator.
Project can also be used to rename columns.
If we do:
Perf | where TimeGenerated ago(1h) | project ComputationalDeviceName = Computer, Countername, InstanceName
We have renamed our Computer column to “ComputationalDeviceName”
There is also a project-away operator. This does the opposite of the project operator. Any field included behind project-away will be excluded from the data set results.
Perf | where TimeGenerated ago(1h) | project-away TenantId
This removes the TenantId field but includes everything else.
Use the log analytics project operator to limit results to fields you want, rename fields or project-away fields. Limiting the results, is especially useful in creating alerts in Log Analytics to limit the alert results to only the pertinent information.