Extracting Nested Fields in Kusto 2.0

What a difference 3 years makes. Since my last Extracting nested fields post, I’ve learned a lot and thought it might be time to provide a new post with new examples and more ways to accomplish the same goal. Like the first version, but better! Operators, Functions & Dynamic Types, Oh my! There are a number …

Read more

Azure Monitor Alerts from Azure Resource Graph

In my previous post I talked about how we can now query Azure Resource Graph data with Log Analytics. The purpose of that addition was to be able to alert on Azure Resource Graph data with Azure Monitor Alerts. In this post I’ll show exactly what you need to be able to create alerts in …

Read more

Advanced Azure Workbooks – Parameters as Datasets

Workbooks are quite amazing. Its quite often I look at someone else’s work in a Workbook and blown away, not knowing that you could do whatever it is that I saw. One such amazing thing Workbooks can do is Datasets as Parameters. Meaning we can get data from Log Analytics, Azure Resource Graph, Application Insights, …

Read more

Query Azure Resource Graph from Log Analytics

Have you ever wanted to filter resources in Log Analytics by resource tags? Or wanted to query Azure Resource Graph data with a broader set of KQL? Well, do I have some news for you. Now we can query Azure Resource Graph directly from Log Analytics. I was fortunate enough to be a small part …

Read more

Azure Policy Exemptions Added to Resource Graph

Have you tried to get data on exemptions in your environment? Only to find they’re not in Azure Resource Graph, like policies, assignments and their states. Previously you would have to queried the API, which is limited to querying one subscription at a time. Not exactly “cloud scale.” Sometime in the last few weeks “microsoft.authorization/policyexemptions” …

Read more

Managed Identity for Azure Monitor Log Alerts

Have you created a Log Alert recently? You might have noticed a new section under “Details” of the alert. Managed Identity has been added to Log Alerts, to allow you to set a context in which the Log Alert query will run in. This setting is currently in preview and you can read more about …

Read more

Migrating Classic Application Insights

birds migrating credit https://dailyillini.com/staff_name/amy-sanchez/

Unless you’ve been living under a rock the last year or so, you know that Application Insights now lives on top of Log Analytics. Which also means you need to convert your Classic Application Insights to the new Workspace model Applicaiton Insights. The docs for this process and what it entails can be found here. …

Read more