如需在 Azure 入口網站中使用這些查詢的相關資訊,請參閱 Log Analytics 教學課程。 如需 REST API,請參閱 查詢。
錯誤訊息
顯示 PostgreSQL 日誌中的所有錯誤訊息。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where ErrorLevel =~ "ERROR"
| order by TimeGenerated desc
| take 100
致命訊息
顯示 PostgreSQL 日誌中的所有致命訊息。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where ErrorLevel =~ "FATAL"
| order by TimeGenerated desc
| take 100
偵測死鎖
在 PostgreSQL 日誌中搜尋死結事件。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "deadlock detected"
| order by TimeGenerated desc
| take 100
伺服器重新啟動
在PostgreSQL日誌中搜尋伺服器關閉和伺服器就緒事件。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "database system was shut down" or Message has "database system is ready to accept"
| order by TimeGenerated asc
| take 100
收到的連線
在 PostgreSQL 日誌中搜尋收到的連線訊息。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "connection received"
| extend allmatches=extract_all(@'host=(.+)port=(.+)', Message)
| project TimeGenerated, host=allmatches[0][0], port=allmatches[0][1], Message,ProcessId,ErrorLevel, SqlErrorCode
| order by TimeGenerated desc
| take 100
授權的連線
在 PostgreSQL 日誌中搜尋授權連線訊息。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "connection authorized"
| extend allmatches=extract_all(@'user=(.+)database=(.\S+)', Message)
| project TimeGenerated, user=trim(@" ",tostring(allmatches[0][0])), database=allmatches[0][1], Message,ProcessId,ErrorLevel, SqlErrorCode
| where ['user'] !='azuresu' //exclude Azure managed superuser
| order by TimeGenerated desc
| take 100
連線失敗
在 PostgreSQL 日誌中搜尋未經授權 (失敗) 的連線。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "authentication failed" or SqlErrorCode in ('28000', '28P01', '3D000', '53300', '42501','08P01')
| where ErrorLevel =~'FATAL'
| order by TimeGenerated desc
| take 100
鎖定爭用
在 PostgreSQL 日誌中搜尋鎖定爭用。 它需要參數 log_lock_waits=ON。
// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "still waiting for"
| order by TimeGenerated desc
| take 100
自動清空事件
在 PostgreSQL 日誌中搜尋自動清理事件。 它需要啟用參數「log_autovacuum_min_duration」。
PGSQLServerLogs
| where Message has "vacuum of table"
| order by TimeGenerated desc
| take 100
稽核記錄
在 PostgreSQL 日誌中搜尋所有稽核事件。 它需要啟用稽核記錄 [https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-audit]。
PGSQLServerLogs
| where Message contains "AUDIT:"
| order by TimeGenerated desc
| take 100