Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,216 questions
There has been inconsistency in Azure log analytics results
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Arunkumar Akuthota
26
Reputation points
Hi team, This question has 2 problems.
first problem:
- We are querying log analytics every minute, when we invoke the query from power shell, we are seeing the data.
But one instance showed only one record, but when see it in the portal in Log Analytics, we could see more records.
FYI - We used below query with where condition, start data and end date are time stamps:
$query =
'Event
| where EventLog == "Application" and EventID in ("6901","6902","6908")
| where TimeGenerated >= todatetime("'+$startDate+'") and TimeGenerated < todatetime("'+$endDate+'")
| project EventID, RenderedDescription'
Sample data: (always 1 minute difference)
$startDate = "9/15/2020 6:40:00 AM"
$endDate = "9/15/2020 6:41:00 AM"
P.S: The data in the log analytics store is coming from an on-premises server, we used MMA on server to sync the event log data to azure log analytics store.
Kindly let us know what is the maximum time that could take to sync the data to server, we see it in milli-seconds every time
second problem:
we created a webhook for a runbook in automation account, this gets invoked every minute, every time the process used to take only less than a minute, it used to be completed in few seconds.
but we saw an instance where it took 10mins, but when we see logs, the powershell logs in runbook show that it got invoked after 10 mins, but the history - the job created 10 mins back timestamo.
Please see below timestamp for reference: job created at : 08:01:00 and the process started at : 08:11:19
{count} votes
-
tbgangav-MSFT 10,416 Reputation points2020-10-19T05:27:33.407+00:00 Hi @Arunkumar Akuthota , Thanks for reaching out and apologies for the delayed response on it. We are internally looking into it and will get back to you at the earliest.
-
olufemia-MSFT 2,861 Reputation points2020-11-03T15:28:28.937+00:00 << Private message note - This is a private message which only you as Original Poster and Microsoft Moderators can view. Please respond directly to this comment to privately share the requested information. For your privacy, please do not share any Personal Identifiable Information (PII) as a public comment. All private messages will be periodically deleted from the site >>
Apologies for the delay @Arunkumar Akuthota . We need to deep dive into this issue with our support escalation engineers.
Please send mail to AzCommunity@Microsoft.com incldue your subscirption ID, "Attn:TBM Krishna" and a link to this thread (for context).
Once we get your mail, we will connect you to a log anaytics engineer to help troubleshoot further.Looking forward to your reply.
Sign in to comment
Sign in to answer