24 May 2021

  • 1

  • 16120 views

  • 0

24 May 2021

16120 views
1 0

Using Power BI to Query Log Analytics

Log Analytics is a basic tool for the entire Azure environment, I wrote about it before.

The possibility to access log analytics data from a tool for analysis, such as Power BI, only increases its importance. There are some options to make this access and we expect these options to improve very soon.

Using Notebooks in Azure Data Studio

That’s an interesting option, not related to Power BI: We can use notebooks in Azure Data Studio to connect to Log Analytics and create notebooks to analyse the logs.

The other options are turning this one less important, but still has its space. I wrote about this before.

Export Kusto to M/Using Web Connector

These are a small variation of the same method. Log Analytics included in an export option on the query UI to export Kusto queries to M.

Once we use the export option, a file is downloaded containing the query. We can create a blank query in Power Query and copy the content of the file, the query will work.

The exported queries also work as an example of how to use the web connector to query log analytics.

The use of the web connector is not difficult, but complex and the Power Query UI doesn’t fully generate the code. The best way to use this feature is really use the export query from Log Analytics.

There is an article about this from Microsoft.

The Web Connector only allows for Import mode. This means the data need refresh to be updated and this is a limited solution.

Use Kusto/Data Explorer Connector

Although the complexity, in my opinion this is one of the best options possible, because it allows direct query and has the flexibility to load a table and allow us to transform the data further in Power BI.

John White wrote a great article about this option, but although the comments in the article help solving the problems, the details change a lot and deserve a small review.

The Basic Concepts

Log Analytics has, in its core, the same structure than an ADX cluster. Connecting to Log Analytics is like connecting to an ADX cluster.

The article on https://docs.microsoft.com/en-us/azure/data-explorer/query-monitor-data explains how we can connect to Log Analytics from an ADX client tool. One of the most important information to get from this link is the format of the URL.

ADX has an online free client we can use to connect to clusters. You can access it on https://dataexplorer.azure.com

There are some issues with the authentication token which are not completely explained, or we are not completely sure about. If you get an error when connecting to the Log Analytics, and this may happen, the solution is simple: Make a connection first to the helper cluster – https://help.kusto.windows.net – and only after that connect to your log analytics.

The explanation – not confirmed – is the helper cluster will generate a token valid to connect to ADX clusters and this token can be used to connect to log analytics. A directly connection to log analytics doesn’t do the same.

Using in Power BI

Changes on the Data Explorer connector makes it not so simple as explained by John on his article, we can’t just use the UI to make the connection to Log Analytics.

There are different ways to achieve the result we would like, the connection. However, the result is to achieve the code below on the Power Query. In my opinion, the best solution is to start from a blank query.

= Kusto.Contents(“https://ade.loganalytics.io/subscriptions/4d72480d-0adb-4df7-b5e3-866c027fe3e0/resourcegroups/marketing/providers/microsoft.operationalinsights/workspaces/Mktlogs”, “Mktlogs”, “AppServiceHTTPLogs”, [MaxRows=null, MaxSize=null, NoTruncate=null, AdditionalSetStatements=null])

There are some important details to highlight in relation to this code:

  • We can’t use the UI to access directly the log analytics address. The result will be “Wrong login, wrong tenant”. We need to use the UI to access the helper cluster and then change the address of the cluster.
  • The default source generated by the UI, AzureDataExplorer.Contents, will not work. We need to replace it by Kusto.Contents
  • Regular Power Query navigation will not work to access the data, because it sends a wrong message to the Log Analytics API. We need to include the query, which can be only the table name, directly on the source statement, as in the statement above.

Discovering the Schema

If you need to discover the available tables in your Log Analytics database, you can use the same expression replacing the table name by Null . You will retrieve a list of available tables. However, you can’t proceed with navigation, you need to choose your table and change the code.

Conclusion

Once the access and model are stablished, the amount of possible analysis we can make about any Azure and even on-premise services is huge. For example, on the image below is a small report made about access to my blog.

 

  • 1

  • 16120 views

Rate this article

Click to rate this post!
[Total: 1 Average: 5]

Dennes Torres

Dennes Torres is a Data Platform MVP and Software Architect living in Malta who loves SQL Server and software development and has more than 20 years of experience. Dennes can improve Data Platform Architectures and transform data in knowledge. He moved to Malta after more than 10 years leading devSQL PASS Chapter in Rio de Janeiro and now is a member of the leadership team of MMDPUG PASS Chapter in Malta organizing meetings, events, and webcasts about SQL Server. He is an MCT, MCSE in Data Platforms and BI, with more titles in software development. You can get in touch on his blog https://dennestorres.com or at his work https://dtowersoftware.com

Follow Dennes Torres via

View all articles by Dennes Torres

Load comments

Related articles

 10 April 2024
10 April 2024

Azure OpenAI and RAG Security

0
1
The most watched videos on my youtube channel are related to security. Azure SQL Networking Secrets and Cloud Security: Secure Access from your Applications to Azure SQL explain private endpoints from different points of views: Azure SQL and Function Apps. The concepts of Private Endpoints apply to most Azure features and even the relation of … Read more
0
1
28 February 2024
28 February 2024

Customizing Kusto (Data Explorer) Connections in Deployment pipeline

0
1
When organizing our SDLC (Software Development Lifecycle) in Power BI/Fabric, we use Deployment Pipelines and create rules to change connection configurations every time we promote an object from one environment (dev for example) to another (test, for example). Kusto connections, on the other hand, are not so simple. You can check more about Deployment Pipelines … Read more
0
1

Tags

, , , , , ,