ADX and KQL – Azure Monitor Logs in Azure Data Studio


I recently wrote about the Kusto Query Language Extension that’s available as an plugin for Azure Data Studio along with KQL Magic.

KQL Plugin for Azure Data Studio

The main reason that people have been using KQL is usually as part of Azure Monitor Logs. And did you know that Azure Data Studio has another Extension available specifically for Azure Monitor Logs. This allows you to connect to a Log Analytics Workspace.

Both extensions are currently in preview at the time of writing, however, having used both, they seem fairly stable to me.

So, after a few seconds (probably less) the Azure Monitor Logs extension was fully installed and ready to go.

I confirmed this by creating a brand new note book and seeing that the ‘Log Analytics’ kernel was available for use.

The Log Analytics kernel in Azure Data Studio

Now we need to connect to our Log Analytics Workspace.

So, let’s set up a new connection in Azure Data Studio. You’ll now have a new connection type – “Azure Monitor Logs”

Set up a connection to a Log Analytics Workspace

If you’re struggling to find the Workspace ID of your Log Analytics resource, just head to the overview page of the resource in the Azure Portal

Locate the Workspace ID

Create a new Notebook.

Now we can simply pick the connection in the dropdown and start writing some Kusto Query Language (KQL)

Select the Kernel (LogAnalytics) and the connection (I called my connection “Log Analytics”)

Select the Kernal and the connection in Azure Data Studio

Create a new code cell and enter some Kusto, here’s a starter.

// Error and exception count 
// Show a column chart of the number of the logs containing warnings or errors in the last hour, per application. 
| where TimeGenerated > ago(24h)
| where Level == "Warning" or Level == "Error"
| summarize count_per_app = count() by _ResourceId
| sort by count_per_app desc 
| render columnchart

So, that’s the Azure Monitor Extension in Azure Data Explorer.

Have a great day