Queries for the Perf table
Non-RDMA activity
View Non-RDMA activity of a node within a cluster.
//Select your log analytics workspace and replace enter nodename with the name of the node within a cluster on which you want to set the alert for Non-RDMA activity
Perf
| where ObjectName == "Network Interface"
| extend Nodename= tostring(split(Computer, ".")[0])
| where Nodename =~'enter nodename'
| summarize NetworkUsage = sum(CounterValue), Nodename = any(Nodename) by TimeGenerated
| summarize arg_max(TimeGenerated, Nodename, NetworkUsage)
RDMA activity
View RDMA activity of a node within a cluster.
//Select log analytics workspace and replace enter nodename with the name of the node within a cluster on which you want to set the alert for RDMA activity
Perf
| where ObjectName == "RDMA Activity"
| extend Nodename= tostring(split(Computer, ".")[0])
| where Nodename =~'enter nodename'
| summarize RdmaUsage = sum(CounterValue), Nodename = any(Nodename) by TimeGenerated
| summarize arg_max(TimeGenerated, Nodename, RdmaUsage)
What data is being collected?
List the collected performance counters and object types (Process, Memory, Processor).
Perf
| summarize by ObjectName, CounterName
Memory and CPU usage
Chart all computers' used memory and CPU, over the last hour.
Perf
| where TimeGenerated > ago(1h)
| where (CounterName == "% Processor Time" and InstanceName == "_Total") or CounterName == "% Used Memory"
| project TimeGenerated, CounterName, CounterValue
| summarize avg(CounterValue) by CounterName, bin(TimeGenerated, 1m)
| render timechart
CPU usage trends over the last day
Calculate CPU usage patterns across all computers, chart by percentiles.
Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total"
| summarize percentiles(CounterValue, 50, 90, 99) by bin(TimeGenerated, 1h)
| render timechart
Top 10 computers with the highest disk space
Show the top 10 computers with the highest available disk space.
Perf
| where CounterName == "Free Megabytes" and InstanceName == "_Total"
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue
What data is being collected?
List the collected performance counters and object types (Process, Memory, Processor…)
Perf
| summarize by ObjectName, CounterName
Virtual Machine available memory
Chart the VM's available memory over time.
// To create an alert for this query, click '+ New alert rule'
Perf
| where ObjectName == "Memory" and
(CounterName == "Available MBytes Memory" or // the name used in Linux records
CounterName == "Available MBytes") // the name used in Windows records
| summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes
| render timechart
Chart CPU usage trends
Calculate CPU usage patterns over the last day, chart by percentiles.
// To create an alert for this query, click '+ New alert rule'
Perf
| where CounterName == "% Processor Time"
| where ObjectName == "Processor"
| summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes
| render timechart
// Perf table stores performance counters for Windows and Linux computers
// Counters are specified using ObjectName (performance object), InstanceName and CounterName
// % Processor Time captures CPU activity, ObjectNames can be Processor, Process and Process Information
Virtual Machine free disk space
Show the latest report of free disk space, per instance.
// To create an alert for this query, click '+ New alert rule'
Perf
| where ObjectName == "LogicalDisk" or // the object name used in Windows records
ObjectName == "Logical Disk" // the object name used in Linux records
| where CounterName == "Free Megabytes"
| summarize arg_max(TimeGenerated, *) by InstanceName // arg_max over TimeGenerated returns the latest record
| project TimeGenerated, InstanceName, CounterValue, Computer, _ResourceId
Top 10 Virtual Machines by CPU utilization
Find top 10 VM by CPU utilization in the last 7 days.
Perf
| where TimeGenerated > ago(7d)
| where CounterName == "% Processor Time" and InstanceName == "_Total"
| project TimeGenerated, Computer, ObjectName, CounterName, InstanceName, round(CounterValue, 2)
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue
Bottom 10 Free disk space %
Bottom 10 Free disk space % by computer, for the last 7 days.
Perf
| where TimeGenerated > ago(7d)
| where (ObjectName == "Logical Disk" or ObjectName == "LogicalDisk") and CounterName contains "%" and InstanceName != "_Total" and InstanceName != "HarddiskVolume1"
| project TimeGenerated, Computer, ObjectName, CounterName, InstanceName, CounterValue
| summarize arg_max(TimeGenerated, *) by Computer
| top 10 by CounterValue desc
Container CPU
View all the container CPU usage averaged over 30mins.
// To create an alert for this query, click '+ New alert rule'
//Select the Line chart display option: can we calculate percentage?
Perf
| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores"
| summarize AvgCPUUsageNanoCores = avg(CounterValue) by bin(TimeGenerated, 30m), InstanceName, _ResourceId
Container memory
View container CPU averaged over 30 mins intervals.
// To create an alert for this query, click '+ New alert rule'
//Select the Line chart display option: can we calculate percentage?
let threshold = 75000000; // choose a threshold
Perf
| where ObjectName == "K8SContainer" and CounterName == "memoryRssBytes"
| summarize AvgUsedRssMemoryBytes = avg(CounterValue) by bin(TimeGenerated, 30m), InstanceName, _ResourceId
| where AvgUsedRssMemoryBytes > threshold
| render timechart
Instances Avg CPU usage growth from last week
Show Avg CPU growth by instance in the last week by descending order.
// To create an alert for this query, click '+ New alert rule'
//Show which instances grew CPU usage from last week to current
Perf
| where TimeGenerated > ago(7d) //This week Average CPU Usage Nano Cores
| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores"
| summarize ThisWeekAvgCPU = avg(CounterValue) by InstanceName, _ResourceId
| join kind= leftouter (
//Previous week Average CPU Usage Nano Cores
Perf
| where TimeGenerated > ago(14d) and TimeGenerated <= ago(7d)
| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores"
| summarize PrevWeekAvgCPU = avg(CounterValue) by InstanceName, _ResourceId
) on InstanceName, _ResourceId
| extend InstanceNameParts = split(InstanceName, "/") //array of the parts of the instance name
| extend ShortInstanceName = InstanceNameParts[(array_length(InstanceNameParts)-1)] //extract the last part of the instance name
| extend ThisWeekAvgCPU = round(ThisWeekAvgCPU,0)
| extend PrevWeekAvgCPU = round(iff(isempty(PrevWeekAvgCPU),0.0,PrevWeekAvgCPU),0) //When doing join with kind=leftouter, missing matches has empty value. To calculate growth, it should be converted to zero. In this case, empty value means that instance did not exist in the previous week
| extend AvgCPUGrowth = round(ThisWeekAvgCPU - PrevWeekAvgCPU , 0) //Calculate growth
| project-away InstanceName1,InstanceNameParts //Remove redundant fields
| order by AvgCPUGrowth desc
Find In Perf
Find in Perf to search for a specific value in the Perf table./nNote that this query requires updating the <SeachValue> parameter to produce results
// This query requires a parameter to run. Enter value in SearchValue to find in table.
let SearchValue = "<SearchValue>";//Please update term you would like to find in the table.
Perf
| where * contains tostring(SearchValue)
| take 1000
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for