How can we improve Azure Log Analytics ?

← Azure Monitor-Log Analytics

When pivoting from results of Measure count() queries that use INTERVAL (based on field TimeGenerated) drill down query returns no result

REPRO steps:
Do a query like Type:Event | Measure count() interval 1DAY; the grouped results you get back will have TimeGenerated as the first field.... but the row in the table really represents a time RANGE/interval
When clicking on a group, the resulting query becomes something like Type:Event TimeGenerated:"2014-02-25T20:04:39.234Z" - this yelds no results because the TimeGenerated is really just the BEGINNING of the '1DAY' interval.

How it should work:
backend API should provide more information back to the caller, such as
- informing that this group is not based on a fixed string value (like in many other cases with measure count()) but on a DATETIME field
- informing that the first Timestamp represents the START of the interval (and/or 'format' the timestamp so it is more clear that it is a time/date range)
- informing what offset to be used / how big are the 'buckets' (since even if it was in the query, it gets lost)

With the added info, UI would be able to create a RANGE query instead that uses (pseudocode): TimeGenerated => STARTTIME and TimeGenerated< (STARTTIME+Offset)

2 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Daniele Muscetta (Operational Insights, Program Manager) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Azure Monitor-Log Analytics: Search UI and Language

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice