Analyze data using Log Analytics Simple mode

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Introduction 

Azure Monitor Logs offer a powerful set of capabilities for users to explore their logs and derive meaningful insights from their data estate.

Until now, Azure Monitor Logs relied on KQL for users to express their questions as queries.
KQL is a powerful, easy to learn query language, however, as any query language it requires some knowledge to operate.

Simple mode experience was created to bridge this knowledge gap - allowing most popular KQL operators and actions to be utilized using a very simple, point-and-click experience requiring no KQL knowledge at all!  

KQL Mode gives advanced users the full power of Kusto Query Language (KQL) to derive deeper insights from their logs.

 

Here's a video that provides a quick overview of how to query logs in Log Analytics using both Simple and KQL modes:

 

Try Log Analytics Simple mode

Simple mode is currently an opt-in experience. To try it, select Try the new Log Analytics at the top right corner of the Log Analytics query editor. You can switch back to the classic Log Analytics experience at any time.

 

Ilana_Waitser_2-1716757564724.png

 

Explore and analyze data in Simple mode

Let’s look at the example: 

I am an SRE (Site Reliability Engineer), troubleshooting infrastructure issues. For that, I want to understand which Kubernetes pods failed to run.

 

I just clicked 'Run' on the KubePodInventory table, which brought up the 1000 latest results.

Now, all I need to do is click on Add, under Filter section, search for PodStatus column, select Pending and click Apply. 

 

Filter in Simple mode.gif

This brings all pods which have failed to run 

Now, I can easily aggregate by Name and see all pod names and how many times they have failed: 

Ilana_Waitser_1-1716754838779.png

 

I achieved all this without needing to write any KQL code!  

Moreover, whenever I select a filter or an operator in Simple Mode, the query runs automatically; there's no need to click on the 'Run' button. This functionality allows for a more fluent experience.

 

Switch modes

What if you want to make changes to the query and use more advanced operators that are not supported in Simple Mode? No problem! 

 
To do so, we allow to switch from Simple Mode to KQL mode, which allows access to the full power of KQL. 

Once I switch to KQL mode, I can see KQL query generated. I can then edit and continue working with the query. 

Ilana_Waitser_2-1716755628248.png

Once I am done with editing, I can switch back to Simple mode and continue the exploration using again the Simple mode on updated query.

 

Additional Improvements

You will notice some changes aimed at making the UI simple, clean, easy to use, and focused on what matters most – the result set.

One of the changes is organizing the most frequently used actions under separate menus: Save and Share – each of these has sub-actions under it, such as Copy link and Export.

You can find additional actions under '...', such as New Alert or Log Analytics Settings, which enable you to customize behavior according to your needs. 

 

Summary

The new Log Analytics with Simple mode and additional improvements is a huge leap forward in our experiences and we hope you will enjoy using it.

To learn more, we recommend reviewing the feature's official documentation here

 

Feedback

We appreciate your feedback! 

Please leave comments on this blog post or use the 'Give feedback' in Azure Monitor Logs to share your thoughts with us:

Ilana_Waitser_4-1716758751031.png

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.