Azure Useful Queries

Posted on December 11, 2018 by

Raju Venkataraman Posted in SQL Server — No Comments ↓

Log Analytics

// Percentiles Calculation
search *
| where Category == 'SQLSecurityAuditEvents'
| order by event_time_t , server_principal_name_s ,duration_milliseconds_d
| where database_name_s == "UserDB"
| where server_principal_name_s == "databaselogin" 
| summarize percentiles(duration_milliseconds_d, 25, 50, 75, 90,95,99) by substring(statement_s, 0, 40) , server_principal_name_s ,application_name_s
| where application_name_s == "Core .Net SqlClient Data Provider"

search *
| where Category == 'SQLSecurityAuditEvents'
| order by event_time_t , server_principal_name_s ,duration_milliseconds_d
| where database_name_s == "UserDB"
| where server_principal_name_s == "UserLogin"
| summarize count() , percentiles(duration_milliseconds_d, 25, 50, 75, 90,95,99) by substring(statement_s, 0, 40) , server_principal_name_s ,application_name_s
| where application_name_s == "Core .Net SqlClient Data Provider"
| order by count_ desc

// Percentiles Calculation

search *

| where Category == 'SQLSecurityAuditEvents'

| order by event_time_t , server_principal_name_s ,duration_milliseconds_d

| where database_name_s == "UserDB"

| where server_principal_name_s == "databaselogin"

| summarize percentiles(duration_milliseconds_d, 25, 50, 75, 90,95,99) by substring(statement_s, 0, 40) , server_principal_name_s ,application_name_s

| where application_name_s == "Core .Net SqlClient Data Provider"

search *

| where Category == 'SQLSecurityAuditEvents'

| order by event_time_t , server_principal_name_s ,duration_milliseconds_d

| where database_name_s == "UserDB"

| where server_principal_name_s == "UserLogin"

| summarize count() , percentiles(duration_milliseconds_d, 25, 50, 75, 90,95,99) by substring(statement_s, 0, 40) , server_principal_name_s ,application_name_s

| where application_name_s == "Core .Net SqlClient Data Provider"

| order by count_ desc

let startTimestamp = ago(1h);<br> KubePodInventory<br> | where TimeGenerated > startTimestamp<br> | where ClusterName =~ ""<br> | distinct ContainerID<br> | join<br> (<br>     ContainerLog<br>     | where TimeGenerated > startTimestamp<br> )<br> on ContainerID<br> | project LogEntrySource, LogEntry, TimeGenerated, Computer, Image, Name, ContainerID<br> | order by TimeGenerated desc<br> | where LogEntrySource == "stdout"<br> | where Image == "dummy-logger"<br> | render table<br> ContainerInventory<br> | where ContainerState == "Failed"<br> | order by CreatedTime desc<br> //| summarize AggregatedValue = dcount(ContainerID) by Computer, Image, ContainerState<br> // | order  by Computer , Image<br> https://github.com/denniszielke/container_demos/blob/master/KubernetesOMSAKS.md

let startTimestamp = ago(1h); KubePodInventory | where TimeGenerated > startTimestamp | where ClusterName =~ "" | distinct ContainerID | join ( ContainerLog | where TimeGenerated > startTimestamp ) on ContainerID | project LogEntrySource, LogEntry, TimeGenerated, Computer, Image, Name, ContainerID | order by TimeGenerated desc | where LogEntrySource == "stdout" | where Image == "dummy-logger" | render table ContainerInventory | where ContainerState == "Failed" | order by CreatedTime desc //| summarize AggregatedValue = dcount(ContainerID) by Computer, Image, ContainerState // | order by Computer , Image https://github.com/denniszielke/container_demos/blob/master/KubernetesOMSAKS.md

Azure Useful Queries

Leave a Reply Cancel reply

Recent Posts

Categories

Recent Posts

Archives