Useful operators in Azure Monitor log queries

The table below provides some common functions to use for different scenarios in Azure Monitor log queries.

Useful operators

Category Relevant Analytics Function
Selection and Column aliases project, project-away, extend
Temporary tables and constants let scalar_alias_name = …;
let table_alias_name = … … … ;
Comparison and String Operators startswith, !startswith, has, !has
contains, !contains, containscs
hasprefix, !hasprefix, hassuffix, !hassuffix, in, !in
matches regex
==, =~, !=, !~
Common string functions strcat(), replace(), tolower(), toupper(), substring(), strlen()
Common math functions sqrt(), abs()
exp(), exp2(), exp10(), log(), log2(), log10(), pow()
gamma(), gammaln()
Parsing text extract(), extractjson(), parse, split()
Limiting output take, limit, top, sample
Date functions now(), ago()
datetime(), datepart(), timespan
startofday(), startofweek(), startofmonth(), startofyear()
endofday(), endofweek(), endofmonth(), endofyear()
dayofweek(), dayofmonth(), dayofyear()
getmonth(), getyear(), weekofyear(), monthofyear()
Grouping and aggregation summarize by
max(), min(), count(), dcount(), avg(), sum()
stddev(), countif(), dcountif(), argmax(), argmin()
percentiles(), percentile_array()
Joins and Unions join kind=leftouter, inner, rightouter, fullouter, leftanti
union
Sort, order sort, order
Dynamic object (JSON and array) parsejson()
makeset(), makelist()
split(), arraylength()
zip(), pack()
Logical operators and, or, iff(condition, value_t, value_f)
binary_and(), binary_or(), binary_not(), binary_xor()
Machine learning evaluate autocluster, basket, diffpatterns, extractcolumns

Next steps