Log Analytics
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
// Percentiles Calculation search * | where Category == 'SQLSecurityAuditEvents' | order by event_time_t , server_principal_name_s ,duration_milliseconds_d | where database_name_s == "UserDB" | where server_principal_name_s == "databaselogin" | summarize percentiles(duration_milliseconds_d, 25, 50, 75, 90,95,99) by substring(statement_s, 0, 40) , server_principal_name_s ,application_name_s | where application_name_s == "Core .Net SqlClient Data Provider" search * | where Category == 'SQLSecurityAuditEvents' | order by event_time_t , server_principal_name_s ,duration_milliseconds_d | where database_name_s == "UserDB" | where server_principal_name_s == "UserLogin" | summarize count() , percentiles(duration_milliseconds_d, 25, 50, 75, 90,95,99) by substring(statement_s, 0, 40) , server_principal_name_s ,application_name_s | where application_name_s == "Core .Net SqlClient Data Provider" | order by count_ desc |
1 |
let startTimestamp = ago(1h);<br> KubePodInventory<br> | where TimeGenerated > startTimestamp<br> | where ClusterName =~ ""<br> | distinct ContainerID<br> | join<br> (<br> ContainerLog<br> | where TimeGenerated > startTimestamp<br> )<br> on ContainerID<br> | project LogEntrySource, LogEntry, TimeGenerated, Computer, Image, Name, ContainerID<br> | order by TimeGenerated desc<br> | where LogEntrySource == "stdout"<br> | where Image == "dummy-logger"<br> | render table<br> ContainerInventory<br> | where ContainerState == "Failed"<br> | order by CreatedTime desc<br> //| summarize AggregatedValue = dcount(ContainerID) by Computer, Image, ContainerState<br> // | order by Computer , Image<br> https://github.com/denniszielke/container_demos/blob/master/KubernetesOMSAKS.md |
Leave a Reply