Fetch processes with Names by CPU Usage for AVD Machines using Azure Log Analytics or Azure Monitoring

Question

Hi

I am trying to fetch the process which are consuming CPU usage in %, For this I am using Azure Log Analytics. I found some of the KQL queries to fetch CPU and Memory utilization but they are not giving info regarding the process like which process is consuming more CPU.

Sample query:

Perf

| where (ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total") or (ObjectName == "Memory" and CounterName == "Available MBytes")
| summarize avg(CounterValue) by TimeGenerated, ObjectName, CounterName, InstanceName

| project TimeGenerated, ObjectName, CounterName, InstanceName, CounterValue = avg_CounterValue

Is there is any way to achieve the above requirement?

Kindly help!

Thanks

Hirdesh

Answer 1

Hello Hirdesh, Welcome to MS Q&A

To fetch the process consuming more CPU in Azure Log Analytics, you can use the Perf table and filter on the CounterName column to find the process consuming the most CPU. Here's an example KQL query to achieve this: You can try this once and let us know

Perf
| where ObjectName == "Process" and CounterName == "% Processor Time" and InstanceName != "_Total"
| summarize avg(CounterValue) by InstanceName, bin(TimeGenerated, 1m)
| order by avg_CounterValue desc

This query will return the processes consuming the most CPU, ordered by the average CPU usage over the last minute. You can adjust the bin function to change the time interval over which the average is calculated.

References:

• Optimize log queries in Azure Monitor
• Audit Microsoft Sentinel queries and activities - Auditing with LAQueryLogs

Please let us know if any questions

Kindly accept answer if it helps

Thanks

Deepanshu