You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-monitor/logs/azure-cli-log-analytics-workspace-sample.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,8 +60,7 @@ You can delete [Custom Log](custom-logs-overview.md), [Search Results](search-jo
60
60
To delete a table, run the [az monitor log-analytics workspace table delete](/cli/azure/monitor/log-analytics/workspace/table#az-monitor-log-analytics-workspace-data-export-delete) command:
Copy file name to clipboardExpand all lines: articles/azure-monitor/logs/basic-logs-query.md
+20-11Lines changed: 20 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,12 +7,15 @@ ms.date: 01/27/2022
7
7
---
8
8
9
9
# Query Basic Logs in Azure Monitor (Preview)
10
-
Basic Logs reduce the cost of high-volume verbose logs you don’t need for analytics and alerts. Basic Logs have reduced charges for ingestion and limitations on log queries and other Azure Monitor features. This article describes how to query data from tables configured for Basic Logs in the Azure portal and using the Log Analytics REST API.
10
+
Basic Logs tables reduce the cost of ingesting high-volume verbose logs and let you query the data they store using a limited set of log queries. This article explains how to query data from Basic Logs tables.
11
+
12
+
For more information, see [Azure log data plans](log-analytics-workspace-overview.md#log-data-plans-preview) and [Configure a table for Basic Logs](basic-logs-configure.md).
13
+
11
14
12
15
> [!NOTE]
13
16
> Other tools that use the Azure API for querying - for example, Grafana and Power BI - cannot access Basic Logs.
14
17
15
-
## Limits
18
+
## Limitations
16
19
Queries with Basic Logs are subject to the following limitations:
17
20
### KQL language limits
18
21
Log queries against Basic Logs are optimized for simple data retrieval using a subset of KQL language, including the following operators:
@@ -33,38 +36,43 @@ You can use all functions and binary operators within these operators.
33
36
Specify the time range in the query header in Log Analytics or in the API call. You can't specify the time range in the query body using a **where** statement.
34
37
35
38
### Query context
36
-
Queries with Basic Logs must use a workspace for the scope. You can't run queries using another resource for the scope. For more details, see [Log query scope and time range in Azure Monitor Log Analytics](scope.md).
39
+
Queries with Basic Logs must use a workspace for the scope. You can't run queries using another resource for the scope. For more information, see [Log query scope and time range in Azure Monitor Log Analytics](scope.md).
37
40
38
41
### Concurrent queries
39
42
You can run two concurrent queries per user.
40
43
41
44
### Purge
42
-
You cannot[purge personal data](personal-data-mgmt.md#how-to-export-and-delete-private-data) from Basic Logs tables.
45
+
You can’t[purge personal data](personal-data-mgmt.md#how-to-export-and-delete-private-data) from Basic Logs tables.
43
46
44
47
45
-
## Run a query from the Azure portal
48
+
## Run a query on a Basic Logs table
46
49
Creating a query using Basic Logs is the same as any other query in Log Analytics. See [Get started with Azure Monitor Log Analytics](./log-analytics-tutorial.md) if you aren't familiar with this process.
47
50
48
-
Open Log Analytics in the Azure portal and open the **Tables** tab. When browsing the list of tables, Basic Logs tables are identified with a unique icon:
51
+
# [Portal](#tab/portal-1)
52
+
53
+
In the Azure portal, select **Monitor** > **Logs** > **Tables**.
54
+
55
+
In the list of tables, you can identify Basic Logs tables by their unique icon:
49
56
50
57
51
58
52
-
You can also hover over a table name for the table information view. This will specify that the table is configured as Basic Logs:
59
+
You can also hover over a table name for the table information view, which will specify that the table is configured as Basic Logs:
53
60
54
61
55
62
56
-
57
63
When you add a table to the query, Log Analytics will identify a Basic Logs table and align the authoring experience accordingly. The following example shows when you attempt to use an operator that isn't supported by Basic Logs.
58
64
59
65
60
66
61
-
## Run a query from REST API
67
+
# [API](#tab/api-1)
68
+
62
69
Use **/search** from the [Log Analytics API](api/overview.md) to run a query with Basic Logs using a REST API. This is similar to the [/query](api/request-format.md) API with the following differences:
63
70
64
71
- The query is subject to the language limitations described above.
65
72
- The time span must be specified in the header of the request and not in the query statement.
The charge for a query on Basic Logs is based on the amount of data the query scans, not just the amount of data the query returns. For example, a query that scans three days of data in a table that ingests 100 GB each day, would be charged for 300 GB. Calculation is based on chunks of up to one day of data.
82
91
83
92
For more information, see [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/).
To reapply the workspace's default interactive retention value to the table and reset its total retention to 0, run the [az monitor log-analytics workspace table update](/cli/azure/monitor/log-analytics/workspace/table#az-monitor-log-analytics-workspace-table-update) command with the `--retention-time` and `--total-retention-time` parameters set to `-1`.
0 commit comments