Query Basic Logs in Azure Monitor (Preview)

Basic Logs tables reduce the cost of ingesting high-volume verbose logs and let you query the data they store using a limited set of log queries. This article explains how to query data from Basic Logs tables.

For more information, see Azure log data plans and Configure a table for Basic Logs.

Note

Other tools that use the Azure API for querying - for example, Grafana and Power BI - cannot access Basic Logs.

Limitations

Queries with Basic Logs are subject to the following limitations:

KQL language limits

Log queries against Basic Logs are optimized for simple data retrieval using a subset of KQL language, including the following operators:

You can use all functions and binary operators within these operators.

Time range

Specify the time range in the query header in Log Analytics or in the API call. You can't specify the time range in the query body using a where statement.

Query context

Queries with Basic Logs must use a workspace for the scope. You can't run queries using another resource for the scope. For more information, see Log query scope and time range in Azure Monitor Log Analytics.

Concurrent queries

You can run two concurrent queries per user.

Purge

You can’t purge personal data from Basic Logs tables.

Run a query on a Basic Logs table

Creating a query using Basic Logs is the same as any other query in Log Analytics. See Get started with Azure Monitor Log Analytics if you aren't familiar with this process.

In the Azure portal, select Monitor > Logs > Tables.

In the list of tables, you can identify Basic Logs tables by their unique icon:

Screenshot of the Basic Logs table icon in the table list.

You can also hover over a table name for the table information view, which will specify that the table is configured as Basic Logs:

Screenshot of the Basic Logs table indicator in the table details.

When you add a table to the query, Log Analytics will identify a Basic Logs table and align the authoring experience accordingly. The following example shows when you attempt to use an operator that isn't supported by Basic Logs.

Screenshot of Query on Basic Logs limitations.

Pricing model

The charge for a query on Basic Logs is based on the amount of data the query scans, which is influenced by the size of the table and the query's time range. For example, a query that scans three days of data in a table that ingests 100 GB each day, would be charged for 300 GB.

For more information, see Azure Monitor pricing.

Note

During the preview period, there is no cost for log queries on Basic Logs.

Next steps