This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hello All,
I am trying to find a solution to cut short the resultdescription table from 'AzureDiagnostics' provider results.
Below is the query I use to get details of the automation runbooks which resulted in error
AzureDiagnostics
| where ResourceProvider=="MICROSOFT.AUTOMATION" and Category=="JobStreams" and StreamType_s=="Error"
One of the table is 'ResultDescription' which shows the output of error.
Example error message:
Set-AzStorageFileContents : The term 'Set-AzStorageFileContents' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.At line:39 char:1+ Set-AzStorageFileContents -Context $ctx -Sharename $fileShare.name -S ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Set-AzStorageFileContents:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
aaa : The term 'aaa' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.At line:1 char:1+ aaa+ ~~~ + CategoryInfo : ObjectNotFound: (aaa:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
In case1, first three lines are enough,
In case2, first 2 lines are enough
I have built solution to trigger a runbook whenever azure monitor fires an error alert. However, the resultdescription carries whole ps script and error messages , so the output email is not human friendly.
The reason for going with KQL is to find the results in a compact way rather than Azure Monitor data.
I tried trim, split functions but nothing seem to work. Could you please provide your valuable suggestions or alternative solutions, If any.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
@Riyas , Following up to see if the answer below helped. Do let us know if you have any queries.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.
Can you rely on there being 3 sentences and 2 in the results?
You could build on this?
AzureDiagnostics
| where isnotempty(ResultDescription)
| extend rd_ = split( ResultDescription, '.')
| project rd_[0], rd_[1], rd_[2]
| limit 10
Please mark as accepted if this helped you