Querying data
Being able to query data stored within your monitoring solution is one of the most important scenarios that you could leverage. In Azure Monitor (and specifically in Log Analytics workspaces), queries are written in a language called Kusto. This language may look like the syntax of SQL but is crafted specifically to integrate with data volumes and structure supported by Azure Monitor. Let’s start learning it by discussing its basic syntax.
The basic syntax of Kusto
Each query written in Kusto requires a data source, which will be used to query data. This data source (table) contains data that is already preprocessed and can be queried without additional actions on your side. Let’s cover the following example:
VeryImportantTable | where TimeStamp between (datetime(2022-01-01) .. datetime(2023-12-31)) | sort by ProjectName asc
The preceding query can be read as follows:
- Select VeryImportantTable as the data source.
- Filter the data using...
