Queries for the LAQueryLogs table
Most Requested ResourceIds
Most queried resources over the last 24 hours.
LAQueryLogs
| extend reqContext = parse_json(RequestContext)
| extend datasources = array_concat(reqContext["resources"], reqContext["workspaces"], reqContext["applications"])
| mv-expand datasources
| summarize reqCount = count() by tostring(datasources)
| order by reqCount desc
Unauthorized Users
Get a list of unauthorized users with their request count in last 24 hours.
LAQueryLogs
| where ResponseCode == "403"
| summarize reqCount = count() by AADObjectId
| order by reqCount desc
Throttled Users
Get a list of throttled users with their request count in last 24 hours.
LAQueryLogs
| where ResponseCode == "429"
| summarize reqCount = count() by AADObjectId
| order by reqCount desc
Request Count by ResponseCode
Request count by response code within 1 min buckets in last 1 hour.
LAQueryLogs
| where TimeGenerated > ago(1h)
| summarize count() by tostring(ResponseCode), bin(TimeGenerated, 1m)
| render columnchart with (kind=stacked)
Top 10 resource intensive queries
Get top 10 resource intesive queries (based on CPU consumption) in last 24 hours.
LAQueryLogs
| top 10 by StatsCPUTimeMs desc nulls last
Top 10 longest time range queries
Get top 10 queries that scanned the longest time range in last 24 hours.
LAQueryLogs
| extend DataProcessedTimeRange = format_timespan(StatsDataProcessedEnd - StatsDataProcessedStart, 'dd.hh:mm:ss:FF')
| top 10 by DataProcessedTimeRange desc nulls last
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for