Exploring Log Analytics

Log analytics enables you to explore and visualize metrics derived from your log data through filtering and aggregation. You can apply filters to narrow your dataset, then generate charts based on log counts or other metrics using facet selectors and aggregation functions. This feature helps you identify patterns and trends within your logs for analysis and troubleshooting.

Add log filters

Add any log filters as described in the Log Search View to filter down logs for charting

Explore count-based log metrics

  1. Choose count_log_eventsfrom the log facet selector.

  2. Choose number as the normalization function.

  3. Choose rate or count_over_time as the Range/time aggregation function.

  4. Click Generate chart to chart the count-based metric.

    logs metrics count

Explore facet log metrics

  1. Choose the log facet from the log facet selector.

  2. Choose one of number, bytes, or duration as the function to normalize the facet value.

  3. Choose count to count the number of times the log facet appears in the time-step.

  4. Choose one of the log facet-based range aggregation functions.

  5. Click Generate chart.

    logs metrics facet

Metric aggregations

To work with metrics, you must often aggregate them. Aggregations consist of the aggregation, a specified grouping, a limit, and the step size.

log metric aggregation

  1. Aggregation:

    In the Show (Show) clause of your query, the aggregation is count unique of (count unique of).

    Select either a label or a facet from the drop-down.

    Log aggregation drop-down; select either a label or a facet

  2. Grouping:

    In the by (by) clause, select the grouping from the drop-down: either Everything, or one of the labels or facets.

  3. Limit:

    In the limit to (limit to) close, specify either top (top, default) or bottom (bottom) limit, and then select the appropriate number from the drop-down (default is 10).

  4. Step size:

    In the roll up every (roll up every) clause, specify the size of the time step by selecting from the drop-down.

    This value determines the incremental aggregations of the plot. For example, it specifies the width of the bar in bar charts.

    The default values and possible choices change depending on the overall interval of the chart; see Interval.