您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure Monitor 中的示例查询 Log AnalyticsExample queries in Azure Monitor Log Analytics

Log Analytics 提供了示例查询集,你可以运行这些查询本身,或将其用作你自己的查询的起点。Log Analytics offers sets of example queries that you can run on their own or use as a starting point for your own queries. 本文介绍了示例查询以及如何使用它们。This article describes example queries and how to use them.

如果你不熟悉 Log Analytics 或 KQL 查询语言,则可从示例查询着手。If you aren't familiar with Log Analytics or the KQL query language, example queries are a great way to start. 它们可以提供对资源的即时见解,并提供了一种在你开始学习和使用 KQL 时可以使用的很好的方法,从而缩短你的 Log Analytics 入门时间。They can provide instant insight into a resource and provide a nice way to start learning and using KQL, thus shortening the time it takes to start using Log Analytics. 我们收集并特选了 250 多个示例查询(这些查询设计用来提供即时值),这些示例查询的数量还在不断增长。We have collected and curated over 250 example queries designed to provide you instant value and that number of example queries is continually growing.

上下文内查询In-context queries

新体验在上下文中筛选查询和提供查询建议。The new experience filters and suggests queries in context. 换句话说,系统只会自动显示与所选作用域相关的查询。In other words, the system automatically shows only queries relevant to the scope you have selected.

  • 对于 单个资源 –按资源类型筛选查询。For a single resource – queries are filtered according to the resource type.
  • 对于 资源组 ,将根据特定资源组中的资源对查询进行筛选。For a resource group - queries are filtered according to the resources in the specific resource group.
  • 对于 工作区 –根据工作区中安装的解决方案筛选查询。For a workspace – queries are filtered according to the solutions installed on the workspace.

对于所有 Log Analytics 作用域,此行为都是一致的。This behavior is consistent for all Log Analytics scopes. 如果看不到所需资源类型的示例查询,则可能是由于在上下文中进行了筛选。If you are not seeing an example query for the resource type you want, it may be because of filters due to being in-context. 下文中的一个部分介绍了如何删除上下文中作用域界定,以便你可以查看所有可能的查询。A later section describes how to remove in-context scoping so you can view all possible queries.

提示

你的作用域中的资源越多,门户筛选和显示“示例查询”对话框所需的时间就越长。The more resources you have in your scope, the longer the time for the portal to filter and show the sample query dialog.

示例查询用户界面Example query user interface

可以从两个不同的位置访问示例查询。You can get to example queries from two different locations.

“示例查询”对话框Example query dialog

当你首次进入 Log Analytics 体验时,会自动显示“示例查询”对话框。When you first enter the Log Analytics experience, the Example queries dialog is shown automatically. 还可以通过单击屏幕右上角的“示例查询”来访问它。It can also be accessed by clicking in the upper right of the screen on Example queries.

边栏-示例查询

此时会显示“示例查询”对话框,如下所示:The example query dialog then appears as shown below:

“示例查询”屏幕

前面的屏幕截图显示了 Azure Key Vault 实例的日志屏幕。The previous screenshot displays the logs screen for an Azure Key Vault instance. 如本文前面所述,将根据上下文显示查询。As mentioned previously in this article, the queries are shown in-context. 因此,屏幕截图只显示了与 Key Vault 相关的示例。As a result, the screenshot shows only Key Vault related examples. 如果选择整个订阅,则会显示针对该订阅中所有资源类型的查询。If you select an entire subscription, then queries for all the resource types in that subscription are displayed.

每个示例查询都通过一个卡片来表示。Each example query is represented by a card. 你可以快速浏览查询来查找所需内容。You can quickly scan through the queries to find what you need. 你可以直接从对话框中运行查询,也可以选择将其加载到查询编辑器,以便进行更细致的微调和调整。You can run the query directly from the dialog or choose to load it to the query editor for additional fine-tuning and tweaking.

可以从 Log Analytics 左侧边栏中的查询窗格访问与对话框体验完全相同的功能。All the same functionality of the dialog experience can be accessed from the queries pane on the left-hand sidebar of Log Analytics. 可以将鼠标指针悬停在查询名称上来获取查询说明和其他功能。You can hover over a query name to get the query description and additional functionality.

显示 "查询" 窗格的屏幕截图。

查找和筛选查询Finding and filtering queries

本部分中的选项同时存在于对话框和边栏查询体验中,但用户界面略有不同。The options in this section are available in both the dialog and sidebar query experience, but with a slightly different user interface.

使用收藏夹Use Favorites

你可以收藏经常使用的查询,以便能够更快速地进行访问。You can favorite frequently used queries to give you quicker access.

提示

收集查询供以后查看是一种很好的入门方式。Collecting and viewing queries later is a good way to get started. 找到所需查询并单击查询旁边的星号可将其添加到收藏夹。Find the queries you need and click the star next to the query to add it to the Favorites. 如果以后发现该查询对你没用,则可将其取消收藏。If later you find the query isn't useful to you, you can un-favorite it.

筛选和分组依据Filtering and group by

虽然查询对话框体验会进行筛选以仅显示具有正确上下文的查询,但你可以选择删除筛选器,这样就可以查看所有查询。While the query dialog experience filers to show only queries with the right context, you can choose to remove the filter and see all the queries.

Group byGroup by

单击“分组依据”下拉列表,更改查询的分组:Change the grouping of the queries by clicking the group by drop-down list:

“示例查询”屏幕中的分组依据

此对话框支持以下分组依据:The dialog supports grouping by:

  • 资源类型 -Azure 中定义的资源,例如虚拟机。Resource type – A resource as defined in Azure, such as a Virtual machine. 请参阅 Azure Monitor 表参考,以了解从 Azure Monitor 日志/Log Analytics 表到资源类型的完整映射。See the Azure Monitor Table Reference for a full mapping of Azure Monitor Logs/Log Analytics tables to resource type.
  • 类别 –一种类型的信息,如 安全审核Category – A type of information such as Security or Audit. 类别与在“表”边栏窗格中定义的类别完全相同。Categories are identical to the categories defined in the Tables side pane. 有关类别的完整列表,请参阅 Azure Monitor 表参考See the Azure Monitor Table Reference for a full list of categories.
  • 解决方案 -与查询关联的 Azure Monitor 解决方案Solution – An Azure Monitor solution associated with the queries
  • 主题 –示例查询(例如 活动日志应用日志 )的主题。Topic – The topic of the example query such as Activity Logs or App logs. 对示例查询而言,主题属性具有唯一性,可能会因资源类型而异。The topic property is unique to example queries and may differ according to the specific resource type.

分组值还用作活动目录。The grouping values also act as an active table of contents. 单击屏幕左侧的某个值会将查询视图向右滚动到所单击的项。Clicking one of the values on the left-hand side of the screen scrolls the queries view right to the item clicked.

筛选器Filter

你还可以根据前面提到的 " 分组依据 " 值筛选查询。You can also filter the queries according to the group by values mentioned earlier. 在“示例查询”对话框中,可以在顶部找到筛选器。In the example query dialog, the filters are found at the top.

“示例查询”屏幕上的筛选器

组合使用分组依据和筛选器Combining group by and filter

筛选器和分组依据功能设计为协同工作。The filter and group by functionality are designed to work in tandem. 它们在如何排列查询方面提供了灵活性。They provide flexibility in how queries are arranged. 例如,如果使用具有多个资源的资源组,你可能希望筛选到特定的资源类型,并按主题排列结果查询。For example, if you using a resource group with multiple resources, you may want to filter down to a specific resource type and arrange the resulting queries by topic.

“示例查询”对话框外观行为Sample query dialog appearance behavior

如果你是 KQL 专业人员,喜欢直接转到查询编辑器,则可以将查询对话框切换到“关闭”状态。If you are a KQL pro and prefer to get directly to the query editor, you can toggle the the query dialog "off". 关闭该开关后,在加载 Log Analytics 屏幕时不会加载“示例查询”对话框。With the toggle off, the example query dialog does not load when Log Analytics screen loads.

示例打开-关闭

始终可以从 Log Analytics 顶栏上的“示例查询”按钮访问示例查询弹出窗口体验。You can always access the sample query popup experience from the Example queries button on the top bar of Log Analytics.

查询资源管理器Query explorer

目前,查询资源管理器中保存和共享用户生成查询的体验保持未变。The query explorer experience for saving and sharing user-generated queries remains unchanged for the time being.

后续步骤Next steps

KQL 查询入门Get started with KQL Queries