Azure Monitor log queries
Azure Monitor logs are built on Azure Data Explorer, and Azure Monitor log queries use a version of the same Kusto query language. The Kusto query language documentation has all of the details for the language and should be your primary resource for writing Azure Monitor log queries. This page provides links to other resources for learning how to write queries and on differences with the Azure Monitor implementation of the language.
This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. We are updating the terminology to better reflect the role of logs in Azure Monitor. See Azure Monitor terminology changes for details.
- Get started with Azure Monitor Log Analytics is a lesson for writing queries and working with results in the Azure portal.
- Get started with Azure Monitor log queries is a lesson for writing queries using Azure Monitor log data.
- Analyze log data in Azure Monitor gives a brief overview of log queries and describes how Azure Monitor log data is structured.
- Viewing and analyzing log data in Azure Monitor explains the portals where you create and run log queries.
- Query language reference is the complete language reference for the Kusto query language.
- Azure Monitor log query language differences describes differences between versions of the Kusto query language.
- Standard properties in Azure Monitor log records describes properties that are standard to all Azure Monitor log data.
- Perform cross-resource log queries in Azure Monitor describes how to write log queries that use data from multiple Log Analytics workspaces and Application Insights applications.
- Azure Monitor log query examples provides example queries using Azure Monitor log data.
- Working with strings in Azure Monitor log queries describes how to work with string data.
- Working with date time values in Azure Monitor log queries describes how to work with date and time data.
- Aggregations in Azure Monitor log queries and Advanced aggregations in Azure Monitor log queries describe how to aggregate and summarize data.
- Joins in Azure Monitor log queries describes how to join data from multiple tables.
- Working with JSON and data Structures in Azure Monitor log queries describes how to parse json data.
- Writing advanced log queries in Azure Monitor describes strategies for creating complex queries and reusing code.
- Creating charts and diagrams from Azure Monitor log queries describes how to visualize data from a log query.
- SQL to Azure Monitor log query assists users who are already familiar with SQL.
- Splunk to Azure Monitor log query assists users who are already familiar with Splunk.
- Access the complete reference documentation for the Kusto query language.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.