August 20, 2020

Visualizing Azure Logs data with SquaredUp 4.7

New & improved Log Analytics tile

John Knowles

Director of Product Management , SquaredUp

Being able to visualize the logs from your infrastructure is crucial - both for identifying potential issues and identifying opportunities for improving performance and utilization. However, when it comes to SCOM and Azure, monitoring can be a bit confusing. That is why, we at SquaredUp, have made it our mission to help you make sense of all the data being collected with beautiful visualizations and dashboards that can be shared with the rest of your organization and displayed on wallboard monitors. Read our blogs on our other new features to learn more about the latest version 4.7 updates!

The SquaredUp Log Analytics tile allows you to query logs data from Azure Monitor and Azure Log Analytics, which will then display that information in your SquaredUp dashboard.

In version 4.7, our latest jam-packed release, the Log Analytics tile in both SquaredUp for SCOM and SquaredUp for Azure has been enhanced in the below three ways.

New bar graph visualization

In version 4.7 we wanted to introduce a new visualization for the Log Analytics tile. As the tile already had a great selection of visualizations (Scalar displaying a number, Grid to layout values in a table, Line Graph for time series data and the Donut), the next logical step was to add a bar graph!

The bar graph was an obvious choice, as bars are easy to understand at a quick glance and are great for seeing how multiple values compare against each other.

Bar graphs are also well-suited to percentage-based values, where you want to have a fixed and understandable scale, like in the case of the amount of available Disk Space, or Memory.

Multi-value line graphs

The line graph is designed to visually represent changing values over a period of time (time series data).

The Log Analytics tile has had the line graph visualization since version 4.5, which has been extremely useful for showing a single metric value for one, or multiple objects/resources - for example the Average CPU % for a collection of Virtual Machines.

Version 4.7 enhances this commonly used visualization to allow multiple values from a single object/resource to be displayed at the same time; for example, you can now display Min, Average and Maximum CPU % for a resource/object!

Once you’ve constructed the query, simply tick show all in the column overrides area in the Log tile configuration.

Example with sample query

The following example shows a calculated “expected maximum” from the Actual CPU % which is helping us quickly identify anomalies (standard deviations from the normal range) on this Virtual Machine.

The example above was created using the following Kusto query:

InsightsMetrics 
| where Computer startswith "{{scope[0].name}}" 
| where Namespace == "Processor" 
| where Name == "UtilizationPercentage" 
| summarize stdev(Val), avg(Val) by Computer 
| summarize ExpectedMax = sum(avg_Val + stdev_Val) by Computer 
| join kind=inner 
    InsightsMetrics on Computer 
    | where Computer startswith "{{scope[0].name}}" 
    | where Namespace == "Processor" 
    | where Name == "UtilizationPercentage" 
    | summarize Actual = avg(Val) by bin(TimeGenerated, 5m), ExpectedMax, Namespace

In the query above you can see how the scope from the tile configuration is used to get the computer name:

"{{scope[0].name}}"

The query is also calculating the standard deviation to give us the “ExpectedMax” value.

Retrieving saved queries from the Azure Portal

The last feature added to the Log Analytics tile in version 4.7 is extremely handy, especially if, like me, you aren’t a Kusto Query Language (KQL) expert. With the new feature, you can retrieve KQL that has been previously saved in the Azure Portal’s Query Explorer directly into SquaredUp!

The new saved searches button lists all the queries saved in the selected workspace. Selecting a query will populate the query field in SquaredUp automatically, where you can make edits if you need to. Any changes to the query made in SquaredUp are not saved back to the Azure Portal, so if you make a mistake you can simply revert the changes by choosing the query again from the saved searches button.

How do I get started?

If you’re an existing SquaredUp (for SCOM or Azure) user and want to start using these new Log Analytics tile features, you simply need to upgrade to version 4.7 (see SCOM / Azure upgrade documentation for help). Head over to SquaredUp downloads to get version 4.7. 

For more background on Azure Monitor, Log Analytics and working with KQL, here are a number of resources from the SquaredUp blog that have been recently published that you’ll find really useful:

• Mastering Azure Monitor, with Richard Benwell
• Azure Monitor Learning Path, by Sameer Mhaisekar
• Aggregating and Visualizing Data with Kusto, by Kevin Hood

Thank you for reading this blog post about the great new Log Analytics tile functionality in version 4.7. Please take time to read our other blogs about this release and stay tuned for more in the coming weeks! 

John Knowles

Director of Product Management , SquaredUp

Related content

Visualizing VMInsights data in SquaredUp

Visualizing SAP PI/PO with SquaredUp

Azure Dashboards: SquaredUp vs. Azure Portal (Part 3 – Azure Cost Management)

SquaredUp 5.4: New ODBC data source

Azure dashboards: Azure Portal vs. SquaredUp (Part 1 – VMInsights)

Azure dashboards: SquaredUp vs. Azure portal (Part 2 – Application Insights)