Share via

How to write KQL query for Disk Read Bytes?

Syed Harith Zaki 180 Reputation points
2024-05-29T03:17:51.4533333+00:00

Hi,

I wanted to use a KQL query to get the results from the metric Disk Read Bytes. However, the InsightsMetrics table did not have DiskReadBytes as a metric. Hence, I used ReadBytesPerSecond in my query.

However, the results produced by the query below did not tally with those generated by Azure Monitor Metrics. Can anyone help to spot any mistakes in my query or suggest an alternative solution? Thank you.

InsightsMetrics

| where Namespace == "LogicalDisk"

  and Name == "ReadBytesPerSecond"

  and TimeGenerated > ago(30d)

| extend ReadBytesPerMinute_MB = (Val * 60) / (1024 * 1024)

| summarize DiskReadBytes = avg(ReadBytesPerMinute_MB) by Computer

| project Computer, DiskReadBytes

| order by Computer asc

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,645 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sohail Ali 325 Reputation points Microsoft Employee
    2024-05-29T04:54:17.8733333+00:00

    Hello @Syed Harith Zaki

    I don't think the result will tally. The calculation and aggregation type used is different for Metric and logs. 

    I don't think if ReadBytesPerSecond is the correct one to use. 

     

    However, if you want to query metric Disk Read Bytes, then you can forward the metrics (DiskReadBytes) to Log analytics workspace and query AzureMetrics table 

    We don't have UI to enable diagnostic settings for VM to send Metrics to LA. 

    you can use REST API to configure diagnostic settings for VM

    https://learn.microsoft.com/en-us/rest/api/monitor/diagnostic-settings/create-or-update?view=rest-monitor-2021-05-01-preview&tabs=HTTP

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.