In the previous two post we’ve looked at logging and using the TelemetryClient to send information to Application Insights. Application Insights offers a powerful query language (Kusto Query Language – KQL) for filtering logs.<\/p>\n
We cannot possibly cover all options of KQL, so this post will just cover some of the basics and useful queries.<\/p>\n
Tables<\/strong><\/p>\n Application Insights supplied several tables as ways tracking events, information and various logging data. <\/p>\n The main tables are as follows<\/p>\n We can combine timespan, so 1d6h30m means 1 day, 6 hours and 30 minutes.<\/p>\n Get everything<\/strong><\/p>\n We can get everything across all tables (see below for information on the tables) using<\/p>\n Tables<\/strong><\/p>\n We can just get everything from a table by running the query against a table, so for example for the traces table<\/p>\n Filtering<\/strong><\/p>\n Obviously returning all traces<\/em> for example, is probably returning more rows than we want, so we can filter using the where<\/em> keyword<\/p>\n Projections<\/strong><\/p>\n Aggregation<\/strong><\/p>\n Ordering<\/strong><\/p>\n Samples<\/strong><\/p>\n Get all the tables that have data <\/p>\n Get all records within a table for the last 10 minutes<\/p>\n The ago<\/em> function allows us to use a timespan which includes<\/p>\n Summarizing each day’s request count into a timechart (a line chart). We also have options got a bar chart (barchart), pie chart (piechart), area chart (areachart) and scatter chart (scatterchart)<\/p>\n For some of the other chart types we need to supply difference information, so let’s look at a pie chart of the different requests<\/p>\n We can get requests between two dates, including using of the now() function<\/p>\n\n
\r\nsearch *\r\n<\/pre>\n
\r\ntraces\r\n<\/pre>\n
\r\ntraces\r\n| where severityLevel == 3\r\n<\/pre>\n
\r\ntraces\r\n| where severityLevel == 3\r\n| project timestamp, message\r\n<\/pre>\n
\r\ntraces\r\n| where severityLevel == 3\r\n| summarize count() by bin(timestamp, 1h)\r\n<\/pre>\n
\r\nrequests\r\n| where success == "false"\r\n| summarize count() by bin(timestamp, 1h)\r\n| order by bin(timestamp, 1h) desc\r\n<\/pre>\n
\r\nsearch * \r\n| distinct $table\r\n<\/pre>\n
\r\ntraces\r\n| where timestamp > ago(1m)\r\n<\/pre>\n
\n
\r\nrequests\r\n| summarize request_count = count() by bin(timestamp, 1d)\r\n| render timechart \r\n<\/pre>\n
\r\nrequests\r\n| summarize request_count = count() by name\r\n| render piechart \r\n<\/pre>\n
\r\nrequests\r\n| where timestamp between (datetime(2025-02-14T00:00:00Z) .. now())\r\n<\/pre>\n