Functions in Log Analytics

You can change the function that plots the log facet or label, add a new function, or remove functions entirely.

Add function

  1. Turn on the Use KfuseQL toggle.

    Turn on switch to Use KFuseQL

  2. To add a new function to the graph, click the Sigma (Sigma) icon at the end of the query specification.

    Click Sigma to add function to query

  3. In the drop-down, either search for a function name, or select an existing function category, and then pick the function name.

    See the list of functions for log analytics, FuseQL.

    Here, we demonstrate the Algorithm: Anomalies function.

    log analytics function select

  4. Configure the parameters of the function, if any.

    In the query specification, specify the agile-robust algorithm.

    Select the robust-agile algorithm for the anomaly detection function

  5. In the by (by) clause of the aggregation, select how to group data.

    Here, group by label label:value pair Core:level.

    Make a grouping selection

  6. The interface displays the anomaly detection function.

    Anomalies on logs function

  7. [Optional] You can Use the legend at the bottom of the chart to see both the Warning and Info time series, only the Warning, or only the Info.

    Both Warning and Info

Remove function

Sometimes, you may want to remove a function from a graph. For example, you may want to remove the default aggregation, as described in Remove aggregation.

At other times, you may want to remove a limiting function.

  1. To remove a function, click Remove function (Remove function) icon, next to the function you want to drop.

  2. The interface displays the graph without that function.