LogsQueryClient Class

Reference

Definition

Namespace:: Azure.Monitor.Query

Assembly:: Azure.Monitor.Query.dll

Package:: Azure.Monitor.Query v1.3.1

Package:: Azure.Monitor.Query v1.3.0-beta.2

Source:: LogsQueryClient.cs

Source:: LogsQueryClient.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The LogsQueryClient allows to query the Azure Monitor Logs service.

public class LogsQueryClient

type LogsQueryClient = class

Public Class LogsQueryClient

Inheritance: Object
LogsQueryClient

Constructors

LogsQueryClient()	Creates an instance of LogsQueryClient to support mocking.
LogsQueryClient(TokenCredential)	Creates an instance of LogsQueryClient for Azure Public Cloud usage. Uses the default 'https://api.loganalytics.io' endpoint. `var client = new LogsQueryClient(new DefaultAzureCredential());`
LogsQueryClient(TokenCredential, LogsQueryClientOptions)	Creates an instance of LogsQueryClient for Azure Public Cloud usage. Uses the default 'https://api.loganalytics.io' endpoint, unless Audience is set to an Azure sovereign cloud.
LogsQueryClient(Uri, TokenCredential)	Creates an instance of LogsQueryClient for the Azure cloud represented by `endpoint`.
LogsQueryClient(Uri, TokenCredential, LogsQueryClientOptions)	Creates an instance of LogsQueryClient for the Azure cloud represented by `endpoint`.

Properties

Endpoint

Gets the endpoint used by the client.

Methods

CreateQuery(FormattableString)	Create a Kusto query from an interpolated string. The interpolated values will be quoted and escaped as necessary.
QueryBatch(LogsBatchQuery, CancellationToken)	Submits the batch query. Use the LogsBatchQuery to compose a batch query. string workspaceId = "<workspace_id>"; var client = new LogsQueryClient(new DefaultAzureCredential()); // Query TOP 10 resource groups by event count // And total event count var batch = new LogsBatchQuery(); string countQueryId = batch.AddWorkspaceQuery( workspaceId, "AzureActivity \| count", new QueryTimeRange(TimeSpan.FromDays(1))); string topQueryId = batch.AddWorkspaceQuery( workspaceId, "AzureActivity \| summarize Count = count() by ResourceGroup \| top 10 by Count", new QueryTimeRange(TimeSpan.FromDays(1))); Response<LogsBatchQueryResultCollection> response = await client.QueryBatchAsync(batch); var count = response.Value.GetResult<int>(countQueryId).Single(); var topEntries = response.Value.GetResult<MyLogEntryModel>(topQueryId); Console.WriteLine($"AzureActivity has total {count} events"); foreach (var logEntryModel in topEntries) { Console.WriteLine($"{logEntryModel.ResourceGroup} had {logEntryModel.Count} events"); }
QueryBatchAsync(LogsBatchQuery, CancellationToken)	Submits the batch query. Use the LogsBatchQuery to compose a batch query. string workspaceId = "<workspace_id>"; var client = new LogsQueryClient(new DefaultAzureCredential()); // Query TOP 10 resource groups by event count // And total event count var batch = new LogsBatchQuery(); string countQueryId = batch.AddWorkspaceQuery( workspaceId, "AzureActivity \| count", new QueryTimeRange(TimeSpan.FromDays(1))); string topQueryId = batch.AddWorkspaceQuery( workspaceId, "AzureActivity \| summarize Count = count() by ResourceGroup \| top 10 by Count", new QueryTimeRange(TimeSpan.FromDays(1))); Response<LogsBatchQueryResultCollection> response = await client.QueryBatchAsync(batch); var count = response.Value.GetResult<int>(countQueryId).Single(); var topEntries = response.Value.GetResult<MyLogEntryModel>(topQueryId); Console.WriteLine($"AzureActivity has total {count} events"); foreach (var logEntryModel in topEntries) { Console.WriteLine($"{logEntryModel.ResourceGroup} had {logEntryModel.Count} events"); }
QueryResource(ResourceIdentifier, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Returns all the Azure Monitor logs matching the given query for an Azure resource. var client = new LogsQueryClient(new DefaultAzureCredential()); string resourceId = "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<resource_provider>/<resource>"; string tableName = "<table_name>"; Response<LogsQueryResult> results = await client.QueryResourceAsync( new ResourceIdentifier(resourceId), $"{tableName} \| distinct * \| project TimeGenerated", new QueryTimeRange(TimeSpan.FromDays(7))); LogsTable resultTable = results.Value.Table; foreach (LogsTableRow row in resultTable.Rows) { Console.WriteLine($"{row["OperationName"]} {row["ResourceGroup"]}"); } foreach (LogsTableColumn columns in resultTable.Columns) { Console.WriteLine("Name: " + columns.Name + " Type: " + columns.Type); }
QueryResource<T>(ResourceIdentifier, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Returns all the Azure Monitor logs matching the given query for an Azure resource. var client = new LogsQueryClient(new DefaultAzureCredential()); string resourceId = "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<resource_provider>/<resource>"; string tableName = "<table_name>"; Response<LogsQueryResult> results = await client.QueryResourceAsync( new ResourceIdentifier(resourceId), $"{tableName} \| distinct * \| project TimeGenerated", new QueryTimeRange(TimeSpan.FromDays(7))); LogsTable resultTable = results.Value.Table; foreach (LogsTableRow row in resultTable.Rows) { Console.WriteLine($"{row["OperationName"]} {row["ResourceGroup"]}"); } foreach (LogsTableColumn columns in resultTable.Columns) { Console.WriteLine("Name: " + columns.Name + " Type: " + columns.Type); }
QueryResourceAsync(ResourceIdentifier, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Returns all the Azure Monitor logs matching the given query for an Azure resource. var client = new LogsQueryClient(new DefaultAzureCredential()); string resourceId = "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<resource_provider>/<resource>"; string tableName = "<table_name>"; Response<LogsQueryResult> results = await client.QueryResourceAsync( new ResourceIdentifier(resourceId), $"{tableName} \| distinct * \| project TimeGenerated", new QueryTimeRange(TimeSpan.FromDays(7))); LogsTable resultTable = results.Value.Table; foreach (LogsTableRow row in resultTable.Rows) { Console.WriteLine($"{row["OperationName"]} {row["ResourceGroup"]}"); } foreach (LogsTableColumn columns in resultTable.Columns) { Console.WriteLine("Name: " + columns.Name + " Type: " + columns.Type); }
QueryResourceAsync<T>(ResourceIdentifier, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Returns all the Azure Monitor logs matching the given query for an Azure resource. var client = new LogsQueryClient(new DefaultAzureCredential()); string resourceId = "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<resource_provider>/<resource>"; string tableName = "<table_name>"; Response<LogsQueryResult> results = await client.QueryResourceAsync( new ResourceIdentifier(resourceId), $"{tableName} \| distinct * \| project TimeGenerated", new QueryTimeRange(TimeSpan.FromDays(7))); LogsTable resultTable = results.Value.Table; foreach (LogsTableRow row in resultTable.Rows) { Console.WriteLine($"{row["OperationName"]} {row["ResourceGroup"]}"); } foreach (LogsTableColumn columns in resultTable.Columns) { Console.WriteLine("Name: " + columns.Name + " Type: " + columns.Type); }
QueryWorkspace(String, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Executes the logs query.
QueryWorkspace<T>(String, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Executes the logs query. Deserializes the result into a strongly typed model class or a primitive type if the query returns a single column. Example of querying a model: `Response<IReadOnlyList<MyLogEntryModel>> response = await client.QueryWorkspaceAsync<MyLogEntryModel>( workspaceId, "AzureActivity \| summarize Count = count() by ResourceGroup \| top 10 by Count", new QueryTimeRange(TimeSpan.FromDays(1)));` Example of querying a primitive: `Response<IReadOnlyList<string>> response = await client.QueryWorkspaceAsync<string>( workspaceId, "AzureActivity \| summarize Count = count() by ResourceGroup \| top 10 by Count \| project ResourceGroup", new QueryTimeRange(TimeSpan.FromDays(1)));`
QueryWorkspaceAsync(String, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Executes the logs query.
QueryWorkspaceAsync<T>(String, String, QueryTimeRange, LogsQueryOptions, CancellationToken)	Executes the logs query. Deserializes the result into a strongly typed model class or a primitive type if the query returns a single column. Example of querying a model: `Response<IReadOnlyList<MyLogEntryModel>> response = await client.QueryWorkspaceAsync<MyLogEntryModel>( workspaceId, "AzureActivity \| summarize Count = count() by ResourceGroup \| top 10 by Count", new QueryTimeRange(TimeSpan.FromDays(1)));` Example of querying a primitive: `Response<IReadOnlyList<string>> response = await client.QueryWorkspaceAsync<string>( workspaceId, "AzureActivity \| summarize Count = count() by ResourceGroup \| top 10 by Count \| project ResourceGroup", new QueryTimeRange(TimeSpan.FromDays(1)));`

Applies to