1427 строки
55 KiB
JSON
1427 строки
55 KiB
JSON
{
|
|
"version": "Notebook/1.0",
|
|
"items": [
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "## ADX vs LA\n---\n\n"
|
|
},
|
|
"name": "text - 2"
|
|
},
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "dfc22c7d-754c-417f-b2d2-9f70c0b1d439",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Subscription",
|
|
"label": "Subscriptions",
|
|
"type": 6,
|
|
"description": "All subscriptions with ADX Cluster",
|
|
"isRequired": true,
|
|
"query": "Resources\r\n| where type =~ 'Microsoft.Kusto/clusters'\r\n| summarize Count = count() by subscriptionId\r\n| order by Count desc\r\n| extend Rank = row_number()\r\n| project value = subscriptionId, label = subscriptionId, selected = Rank == 1",
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [],
|
|
"showDefault": false
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "bb362f52-6bde-4b4d-bae3-1765017c0106",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Resources",
|
|
"label": "Cluster",
|
|
"type": 5,
|
|
"description": "The ADX cluster",
|
|
"isRequired": true,
|
|
"query": "resources\r\n| where type =~ 'microsoft.kusto/clusters'",
|
|
"crossComponentResources": [
|
|
"{Subscription}"
|
|
],
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [],
|
|
"showDefault": false
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "26213835-0d1d-42a9-9d52-c8874140946e",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "adxRG",
|
|
"label": "ADX Resource Group",
|
|
"type": 1,
|
|
"description": "The resource group of the ADX cluster",
|
|
"isRequired": true,
|
|
"query": "Resources\r\n| where type =~ 'Microsoft.Kusto/clusters' and id == '{Resources}'\r\n| order by resourceGroup asc\r\n| project resourceGroup",
|
|
"crossComponentResources": [
|
|
"{Subscription}"
|
|
],
|
|
"isHiddenWhenLocked": true,
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "0ee44444-0995-4dad-97c2-8843a150e694",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "selectADXcluster",
|
|
"label": "Cluster and DB",
|
|
"type": 2,
|
|
"description": "Select the database where the sentinel tables are duplicated to",
|
|
"isRequired": true,
|
|
"query": "{\"version\":\"ARMEndpoint/1.0\",\"data\":null,\"headers\":[],\"method\":\"GETARRAY\",\"path\":\"/subscriptions/{Subscription:Id}/resourceGroups/{adxRG}/providers/Microsoft.Kusto/Clusters/{Resources:label}/databases\",\"urlParams\":[{\"key\":\"api-version\",\"value\":\"2021-01-01\"}],\"batchDisabled\":false,\"transformers\":[{\"type\":\"jsonpath\",\"settings\":{\"columns\":[{\"path\":\"name\",\"columnid\":\"name\"}]}}]}",
|
|
"value": "chiadxcluster/javierdb",
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [],
|
|
"showDefault": false
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 12
|
|
},
|
|
{
|
|
"id": "363efd16-9c3d-4fca-bd80-b68354883431",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "fullClusterName",
|
|
"type": 1,
|
|
"description": "Cluster name with location",
|
|
"isRequired": true,
|
|
"query": "Resources\r\n| where type =~ 'Microsoft.Kusto/clusters' and id == '{Resources}'\r\n| project name, id, nameToTrim = tostring(properties.dataIngestionUri), location\r\n| project new = strcat(name,'.',location)",
|
|
"crossComponentResources": [
|
|
"{Subscription}"
|
|
],
|
|
"isHiddenWhenLocked": true,
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "97b31e4f-86e7-4b55-b982-33020a053e14",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "ClusterName",
|
|
"type": 1,
|
|
"description": "Only the clustername ",
|
|
"query": "Resources\r\n| where type =~ 'Microsoft.Kusto/clusters' and id == '{Resources}'\r\n| project name",
|
|
"isHiddenWhenLocked": true,
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "4b566ef9-09ac-4cab-8e54-70395109cc9e",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "justDB",
|
|
"label": "parsed DB name",
|
|
"type": 1,
|
|
"description": "The database name",
|
|
"query": "project filterName = '{selectADXcluster:label}'\r\n| summarize by filterName\r\n| extend DBname = split(filterName,\"/\")[1]\r\n//| parse filterName with * '/Databases/' DBname '\"' *\r\n| project DBname",
|
|
"crossComponentResources": [
|
|
"{Subscription}"
|
|
],
|
|
"isHiddenWhenLocked": true,
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "c64f6a0c-e581-4890-8330-34f6f3b7b82a",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Workspace",
|
|
"type": 5,
|
|
"description": "Azure Sentinel workspace from which the data is duplicated",
|
|
"query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| project id",
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [],
|
|
"showDefault": false
|
|
},
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources",
|
|
"label": "Sentinel Workspace"
|
|
},
|
|
{
|
|
"id": "970a7bab-ba04-4b71-9d09-1212649ad689",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "DefaultSubscription_Internal",
|
|
"type": 1,
|
|
"query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| take 1\r\n| project subscriptionId",
|
|
"crossComponentResources": [
|
|
"{Subscription}"
|
|
],
|
|
"isHiddenWhenLocked": true,
|
|
"queryType": 1,
|
|
"resourceType": "microsoft.resourcegraph/resources"
|
|
},
|
|
{
|
|
"id": "d6d26b3b-1986-4296-ac51-81e835e2a47b",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Help",
|
|
"label": "Show Help",
|
|
"type": 10,
|
|
"description": "This will show some help information on how to read this workbook.",
|
|
"isRequired": true,
|
|
"value": "Yes",
|
|
"typeSettings": {
|
|
"additionalResourceOptions": []
|
|
},
|
|
"jsonData": "[{ \"value\": \"Yes\", \"label\": \"Yes\"},\r\n {\"value\": \"No\", \"label\": \"No\", \"selected\":true }]"
|
|
}
|
|
],
|
|
"style": "above",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parametersGroup"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "{\"version\":\"AzureHealthQuery/1.0\",\"queryType\":\"Detailed\"}",
|
|
"size": 4,
|
|
"title": "ADX State",
|
|
"queryType": 4,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"crossComponentResources": [
|
|
"{Resources}"
|
|
],
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Availability state",
|
|
"formatter": 11
|
|
},
|
|
{
|
|
"columnMatch": "Detailed status",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Occurred time",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Reason chronicity",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Reason type",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Summary",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "60%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Title",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Resource group",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Subscription",
|
|
"formatter": 5
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"name": "query - 0"
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"items": [
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "Raw Log Analytics/Sentinel data is ingested first to an intermediate table where the raw data is stored. </br>\r\nRaw data is updated by a function (update policy) and is saved in a destination table. Once the data is transformed, the raw logs can be deleted. Therefore, retention on the raw tables should be set to 0 days.",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Help",
|
|
"comparison": "isEqualTo",
|
|
"value": "Yes"
|
|
},
|
|
"name": "text - 0"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "ADXTableDetails \r\n| where TableName contains 'raw' and TimeGenerated>=ago(1d)\r\n| project TimeGenerated,\r\n DatabaseName,\r\n TableName,\r\n RetentionPolicyOrigin,\r\n CachingPolicyOrigin,\r\n OriginalSize = TotalOriginalSize, \r\n TotalExtentSize, \r\n HotExtentSize = HotExtentSize, \r\n RowCount = TotalRowCount, \r\n ExtentCount = TotalExtentCount,\r\n SoftDelete = format_timespan(totimespan(todynamic(RetentionPolicy).SoftDeletePeriod), 'd'),\r\n HotCache = format_timespan(totimespan(todynamic(CachingPolicy).DataHotSpan), 'd') \r\n| extend CompressionRatio = round(toreal(OriginalSize) / TotalExtentSize,1)\r\n| extend SoftDelete = iff(RetentionPolicyOrigin ==\"default\" and isempty(SoftDelete), \"unlimited\",SoftDelete)\r\n| extend HotCache = iff(CachingPolicyOrigin ==\"default\" and isempty(HotCache), \"unlimited\",HotCache)\r\n| summarize arg_max(TimeGenerated , *) by DatabaseName, TableName\r\n| top 351 by HotExtentSize desc\r\n| project TableName,\r\n RowCount,\r\n OriginalSize, \r\n SoftDelete ,\r\n HotExtentSize\r\n ",
|
|
"size": 1,
|
|
"showAnalytics": true,
|
|
"title": "Raw Tables",
|
|
"noDataMessage": "No tables found",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"crossComponentResources": [
|
|
"{Resources}"
|
|
],
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "TableName",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "10%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "RowCount",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "!=",
|
|
"thresholdValue": "0",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
],
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "OriginalSize",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "!=",
|
|
"thresholdValue": "0",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
],
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SoftDelete",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "!=",
|
|
"thresholdValue": "0",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
],
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "HotExtentSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "purple",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "DatabaseName",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "10%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "HotCache",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "!=",
|
|
"thresholdValue": "0",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
],
|
|
"customColumnWidthSetting": "10%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "TotalExtentSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "turquoise",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "CompressionRatio",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "ExtentCount",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "lightBlue",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "CompressedSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "purple",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"rowLimit": 350,
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "TableName",
|
|
"label": "Table name"
|
|
},
|
|
{
|
|
"columnId": "HotExtentSize",
|
|
"label": "Hot cache size (hot extents)"
|
|
}
|
|
]
|
|
},
|
|
"sortBy": []
|
|
},
|
|
"name": "TableSizesGrid",
|
|
"styleSettings": {
|
|
"margin": "0px 0px 0px 10px"
|
|
}
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "Once the raw data is manipulated, expanded and ingested into the destination tables, it will have the same schema as the original one in Log Analytics/Sentinel. You can see the destination tables below.",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Help",
|
|
"comparison": "isEqualTo",
|
|
"value": "Yes"
|
|
},
|
|
"name": "text - 2"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "ADXTableDetails \r\n| where TableName !contains 'raw' and TimeGenerated>=ago(1d)\r\n| project TimeGenerated,\r\n DatabaseName,\r\n TableName,\r\n RetentionPolicyOrigin,\r\n CachingPolicyOrigin,\r\n OriginalSize = TotalOriginalSize, \r\n TotalExtentSize, \r\n HotExtentSize = HotExtentSize, \r\n RowCount = TotalRowCount, \r\n ExtentCount = TotalExtentCount,\r\n SoftDelete = format_timespan(totimespan(todynamic(RetentionPolicy).SoftDeletePeriod), 'd'),\r\n HotCache = format_timespan(totimespan(todynamic(CachingPolicy).DataHotSpan), 'd') \r\n| extend CompressionRatio = round(toreal(OriginalSize) / TotalExtentSize,1)\r\n| extend SoftDelete = iff(RetentionPolicyOrigin ==\"default\" and isempty(SoftDelete), \"unlimited\",SoftDelete)\r\n| extend HotCache = iff(CachingPolicyOrigin ==\"default\" and isempty(HotCache), \"unlimited\",HotCache)\r\n| summarize arg_max(TimeGenerated , *) by DatabaseName, TableName\r\n| top 351 by HotExtentSize desc\r\n| project TableName,\r\n RowCount, \r\n OriginalSize, \r\n SoftDelete ,\r\n HotExtentSize,\r\n HotCache ,\r\n TotalExtentSize,\r\n CompressionRatio, \r\n ExtentCount\r\n ",
|
|
"size": 1,
|
|
"showAnalytics": true,
|
|
"title": "Final ADX Tables",
|
|
"noDataMessage": "No tables found",
|
|
"exportFieldName": "TableName",
|
|
"exportParameterName": "ADXTableName",
|
|
"exportDefaultValue": "\" No ADX table selected ! \"",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"crossComponentResources": [
|
|
"{Resources}"
|
|
],
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "DatabaseName",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "10%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "TableName",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "10%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "RowCount",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "HotExtentSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "purple",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SoftDelete",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "HotCache",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "10%"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "OriginalSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "pink",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "TotalExtentSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "turquoise",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "CompressionRatio",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "ExtentCount",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "lightBlue",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "CompressedSize",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "purple",
|
|
"customColumnWidthSetting": "10%"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 36,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"rowLimit": 350,
|
|
"filter": true,
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "TableName",
|
|
"sortOrder": 1
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "TableName",
|
|
"label": "Table name"
|
|
},
|
|
{
|
|
"columnId": "RowCount",
|
|
"label": "Row count"
|
|
},
|
|
{
|
|
"columnId": "OriginalSize",
|
|
"label": "Original size"
|
|
},
|
|
{
|
|
"columnId": "SoftDelete",
|
|
"label": "Retention policy (days)"
|
|
},
|
|
{
|
|
"columnId": "HotExtentSize",
|
|
"label": "Hot cache size (hot extents)"
|
|
},
|
|
{
|
|
"columnId": "HotCache",
|
|
"label": "Hot cache policy (days)",
|
|
"comment": ""
|
|
},
|
|
{
|
|
"columnId": "TotalExtentSize",
|
|
"label": "Total extent size (compressed)"
|
|
},
|
|
{
|
|
"columnId": "CompressionRatio",
|
|
"label": "Compression ratio"
|
|
},
|
|
{
|
|
"columnId": "ExtentCount",
|
|
"label": "Total extent count"
|
|
}
|
|
]
|
|
},
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "TableName",
|
|
"sortOrder": 1
|
|
}
|
|
]
|
|
},
|
|
"name": "TableSizesGrid",
|
|
"styleSettings": {
|
|
"margin": "-35px 0px 0px 10px"
|
|
}
|
|
},
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "beb26b8d-3f76-4177-8dac-5c7f7e19791d",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "TimeRange",
|
|
"label": "Time range",
|
|
"type": 4,
|
|
"isRequired": true,
|
|
"value": {
|
|
"durationMs": 86400000
|
|
},
|
|
"typeSettings": {
|
|
"selectableValues": [
|
|
{
|
|
"durationMs": 300000
|
|
},
|
|
{
|
|
"durationMs": 900000
|
|
},
|
|
{
|
|
"durationMs": 1800000
|
|
},
|
|
{
|
|
"durationMs": 3600000
|
|
},
|
|
{
|
|
"durationMs": 14400000
|
|
},
|
|
{
|
|
"durationMs": 43200000
|
|
},
|
|
{
|
|
"durationMs": 86400000
|
|
},
|
|
{
|
|
"durationMs": 172800000
|
|
},
|
|
{
|
|
"durationMs": 259200000
|
|
},
|
|
{
|
|
"durationMs": 604800000
|
|
},
|
|
{
|
|
"durationMs": 1209600000
|
|
},
|
|
{
|
|
"durationMs": 2419200000
|
|
},
|
|
{
|
|
"durationMs": 2592000000
|
|
},
|
|
{
|
|
"durationMs": 5184000000
|
|
},
|
|
{
|
|
"durationMs": 7776000000
|
|
}
|
|
]
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
}
|
|
}
|
|
],
|
|
"style": "pills",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parameters - 7"
|
|
},
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "06964285-c10f-4421-846f-2b4153a9a3f4",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "ADXInfo",
|
|
"label": "Table",
|
|
"type": 1,
|
|
"isRequired": true,
|
|
"query": "{\"version\":\"AzureDataExplorerQuery/1.0\",\"queryText\":\"union withsource=TableName1 *\\r\\n| where TimeGenerated {TimeRange:query} and TableName1 == '{ADXTableName}'\\r\\n| project TimeGenerated, TableName1\\r\\n| summarize Entries = count(), last_log = datetime_diff(\\\"second\\\",now(), max(TimeGenerated)), LastTM=max(TimeGenerated) by TableName1\\r\\n| project strcat(Entries, ',', last_log, ',', LastTM)\",\"clusterName\":\"{fullClusterName}\",\"databaseName\":\"{justDB}\"}",
|
|
"isHiddenWhenLocked": true,
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 9
|
|
}
|
|
],
|
|
"style": "pills",
|
|
"queryType": 9
|
|
},
|
|
"name": "adxinfo"
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "##### Comparison of content in ADX and LA\r\nBy selecting a table from the final ADX tables grid, you will get a small comparison of what the table looks like in ADX and in the Log Analytics workspace.\r\n- **Entries** : In the Entries column you can find the number of entries received in the LA workspace, ADX database and the difference btween the LA workspace - ADX database. This is calculated for the time range selected in the parameter and for the table which was selected in the final ADX tables grid.\r\n- **Last** : This column represents when the log was received in LA, in ADX and their difference. It is not necessarrily the same log, but just shows when a log was last received (and does not specify which log exactly). This is calculated for the time range selected in the parameter and for the table which was selected in the final ADX tables grid.\r\n- **LastTM** : The timestamp of the last log which was received by LA or ADX respectively and their difference in time. This is calculated for the time range selected in the parameter and for the table which was selected in the final ADX tables grid.\r\n- **New in Log Analytics**: The number of newer entries in Log Analytics compared to the latest timestamp from ADX. This is calculated for the time range selected in the parameter and for the table which was selected in the final ADX tables grid.\r\n\r\n##### Average Ingestion Latency\r\nLatency of data ingested, from the time the data was received in the cluster until it's ready for query.",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Help",
|
|
"comparison": "isEqualTo",
|
|
"value": "Yes"
|
|
},
|
|
"name": "text - 8"
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"items": [
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let ADXInfo = split('{ADXInfo}', ',');\r\nlet ADXLastTM = todatetime(ADXInfo[2]);\r\nlet ADXTable = datatable(Source:string)\r\n['ADX database']\r\n| extend Entries=tolong(ADXInfo[0]), Last=tolong(ADXInfo[1]), LastTM=tostring(ADXInfo[2]);\r\nlet LATablePart = union withsource=TableName1 *\r\n| where TimeGenerated {TimeRange:query} and TableName1 == '{ADXTableName}'\r\n| project TimeGenerated, TableName1;\r\nlet LATable = LATablePart\r\n| summarize Entries = count(), Last = datetime_diff(\"second\",now(), max(TimeGenerated)), LastTM=max(TimeGenerated) by TableName1\r\n| project Source='Log Analytics workspace', PositiveEntries=Entries, PositiveLast=Last, LastTM\r\n| extend NegativeEntries = -PositiveEntries, NegativeLast= -PositiveLast;\r\nlet counterMore = toscalar(LATablePart\r\n| where TimeGenerated > ADXLastTM\r\n| count);\r\nlet LALastTM = toscalar(LATable | project LastTM);\r\nlet DiffTable=(\r\nunion ADXTable, (LATable | project Entries=NegativeEntries, Last=NegativeLast, LastTM)\r\n| summarize E=sum(Entries), L=sum(Last) \r\n| project Source='Difference', Entries=E, Last=L\r\n| extend LastTM = ADXLastTM-LALastTM\r\n| extend ['New in Log Analytics'] = counterMore\r\n);\r\nunion (ADXTable | project Source, Entries, Last, LastTM ),\r\n(LATable | project Source, Entries=PositiveEntries, Last=PositiveLast, tostring(LastTM)),\r\n(DiffTable | project Source, Entries, Last, tostring(LastTM), ['New in Log Analytics'])",
|
|
"size": 4,
|
|
"title": "{TimeRange:label}: Comparing the {ADXTableName} ADX table to the same table in the {Workspace:name} Sentinel workspace",
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"crossComponentResources": [
|
|
"{Workspace}"
|
|
],
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Source",
|
|
"formatter": 1
|
|
},
|
|
{
|
|
"columnMatch": "Entries",
|
|
"formatter": 0,
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Last",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 24,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "$gen_number_Entries_1",
|
|
"sortOrder": 2
|
|
}
|
|
]
|
|
},
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "$gen_number_Entries_1",
|
|
"sortOrder": 2
|
|
}
|
|
],
|
|
"tileSettings": {
|
|
"showBorder": false,
|
|
"titleContent": {
|
|
"columnMatch": "Source",
|
|
"formatter": 1
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "Entries",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"graphSettings": {
|
|
"type": 0,
|
|
"topContent": {
|
|
"columnMatch": "Source",
|
|
"formatter": 1
|
|
},
|
|
"centerContent": {
|
|
"columnMatch": "Entries",
|
|
"formatter": 1,
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"mapSettings": {
|
|
"locInfo": "LatLong",
|
|
"sizeSettings": "Entries",
|
|
"sizeAggregation": "Sum",
|
|
"legendMetric": "Entries",
|
|
"legendAggregation": "Sum",
|
|
"itemColorSettings": {
|
|
"type": "heatmap",
|
|
"colorAggregation": "Sum",
|
|
"nodeColorField": "Entries",
|
|
"heatmapPalette": "greenRed"
|
|
}
|
|
}
|
|
},
|
|
"name": "Comparison of {ADXTableName} in ADX and Azure Sentinel"
|
|
}
|
|
]
|
|
},
|
|
"customWidth": "50",
|
|
"name": "group - 9",
|
|
"styleSettings": {
|
|
"margin": "20"
|
|
}
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"items": [
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbook2ab7b558-7073-467e-ae6e-c62ca626bccb",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Ingestion health and performance-IngestionLatencyInSeconds",
|
|
"aggregation": 4,
|
|
"splitBy": null,
|
|
"columnName": "Ingestion Latency"
|
|
}
|
|
],
|
|
"title": "Average Ingestion latency",
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
}
|
|
},
|
|
"customWidth": "50",
|
|
"name": "metric - 8"
|
|
}
|
|
]
|
|
},
|
|
"customWidth": "50",
|
|
"name": "group - 8"
|
|
}
|
|
]
|
|
},
|
|
"name": "group - 9"
|
|
},
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "54ae6611-0e4d-48b0-9996-0b025d3217a5",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "TimeRange",
|
|
"label": "Time Range",
|
|
"type": 4,
|
|
"isRequired": true,
|
|
"value": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"typeSettings": {
|
|
"selectableValues": [
|
|
{
|
|
"durationMs": 300000
|
|
},
|
|
{
|
|
"durationMs": 900000
|
|
},
|
|
{
|
|
"durationMs": 1800000
|
|
},
|
|
{
|
|
"durationMs": 3600000
|
|
},
|
|
{
|
|
"durationMs": 14400000
|
|
},
|
|
{
|
|
"durationMs": 43200000
|
|
},
|
|
{
|
|
"durationMs": 86400000
|
|
},
|
|
{
|
|
"durationMs": 172800000
|
|
},
|
|
{
|
|
"durationMs": 259200000
|
|
},
|
|
{
|
|
"durationMs": 604800000
|
|
},
|
|
{
|
|
"durationMs": 1209600000
|
|
},
|
|
{
|
|
"durationMs": 2419200000
|
|
},
|
|
{
|
|
"durationMs": 2592000000
|
|
},
|
|
{
|
|
"durationMs": 5184000000
|
|
},
|
|
{
|
|
"durationMs": 7776000000
|
|
}
|
|
]
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
}
|
|
}
|
|
],
|
|
"style": "pills",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parameters - 7"
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Information about the queries on {ClusterName}",
|
|
"expandable": true,
|
|
"expanded": true,
|
|
"items": [
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "##### Queries\r\n(Queries include the ones made from the log analytics workspace via the adx() operator)\r\n- **Query duration** : Total time until query results are received (doesn't include network latency).\r\n- **QueryResult** : Total number of queries.\t",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Help",
|
|
"comparison": "isEqualTo",
|
|
"value": "Yes"
|
|
},
|
|
"name": "text - 2"
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbook19356bdc-cfd5-47c7-8e70-05bbd3f39558",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Query performance-QueryDuration",
|
|
"aggregation": 4,
|
|
"splitBy": null
|
|
}
|
|
],
|
|
"title": "Query Duration",
|
|
"showOpenInMe": true,
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
},
|
|
"sortBy": [],
|
|
"showExportToExcel": true
|
|
},
|
|
"customWidth": "25",
|
|
"showPin": false,
|
|
"name": "keep alive"
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbook19356bdc-cfd5-47c7-8e70-05bbd3f39558",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Query performance-QueryResult",
|
|
"aggregation": 7,
|
|
"splitBy": null,
|
|
"columnName": "Query Result"
|
|
}
|
|
],
|
|
"title": "Total number of queries",
|
|
"showOpenInMe": true,
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
},
|
|
"sortBy": [],
|
|
"showExportToExcel": true
|
|
},
|
|
"customWidth": "25",
|
|
"name": "keep alive"
|
|
}
|
|
]
|
|
},
|
|
"name": "Queries ADX",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Information about the ingestion on {ClusterName} ",
|
|
"expandable": true,
|
|
"expanded": true,
|
|
"items": [
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "##### Ingestion Event information\r\n- **Events received** : Number of events received by data connections from input stream.\t\r\n- **Events dropped** : Number of events permanently dropped by data connections.\r\n- **Received data size bytes** : Size of data received by data connections from input stream.\t\r\n\r\n",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Help",
|
|
"comparison": "isEqualTo",
|
|
"value": "Yes"
|
|
},
|
|
"name": "text - 3"
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbookb4edce6c-ab18-487e-b81c-848a4de1a893",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"color": "green",
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Ingestion health and performance-EventsReceived",
|
|
"aggregation": 1,
|
|
"splitBy": null,
|
|
"columnName": "Events Received"
|
|
}
|
|
],
|
|
"title": "Events Received",
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
}
|
|
},
|
|
"customWidth": "25",
|
|
"name": "Events Received "
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbook67a86a24-c978-4160-8d09-9e15ecac1e8c",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"color": "redBright",
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Ingestion health and performance-EventsDropped",
|
|
"aggregation": 1,
|
|
"splitBy": null
|
|
}
|
|
],
|
|
"title": "Events Dropped ",
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
}
|
|
},
|
|
"customWidth": "25",
|
|
"name": "Events Dropped "
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbookdda4e020-9d60-495b-a08b-789d0f1d24ae",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Ingestion health and performance-ReceivedDataSizeBytes",
|
|
"aggregation": 4,
|
|
"splitBy": null,
|
|
"columnName": "Size of Events"
|
|
}
|
|
],
|
|
"title": "Received data size bytes",
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
}
|
|
},
|
|
"customWidth": "25",
|
|
"name": "Received data size bytes"
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "##### Ingestion\r\n- **Ingestion latency** : Latency of data ingested, from the time the data was received in the cluster until it's ready for query.\r\n- **Ingestion volume** : The total size of data ingested to the cluster (in MB) before compression.\r\n",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Help",
|
|
"comparison": "isEqualTo",
|
|
"value": "Yes"
|
|
},
|
|
"name": "Ingestion Text"
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbook19356bdc-cfd5-47c7-8e70-05bbd3f39558",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Ingestion health and performance-IngestionLatencyInSeconds",
|
|
"aggregation": 4,
|
|
"splitBy": null
|
|
}
|
|
],
|
|
"title": "Ingestion Latency ",
|
|
"showOpenInMe": true,
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
},
|
|
"sortBy": [],
|
|
"showExportToExcel": true
|
|
},
|
|
"customWidth": "25",
|
|
"showPin": false,
|
|
"name": "Ingestion Latency"
|
|
},
|
|
{
|
|
"type": 10,
|
|
"content": {
|
|
"chartId": "workbook19356bdc-cfd5-47c7-8e70-05bbd3f39558",
|
|
"version": "MetricsItem/2.0",
|
|
"size": 1,
|
|
"chartType": 2,
|
|
"resourceType": "microsoft.kusto/clusters",
|
|
"metricScope": 0,
|
|
"resourceParameter": "Resources",
|
|
"resourceIds": [
|
|
"{Resources}"
|
|
],
|
|
"timeContextFromParameter": "TimeRange",
|
|
"timeContext": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"metrics": [
|
|
{
|
|
"namespace": "microsoft.kusto/clusters",
|
|
"metric": "microsoft.kusto/clusters-Ingestion health and performance-IngestionVolumeInMB",
|
|
"aggregation": 1,
|
|
"splitBy": null
|
|
}
|
|
],
|
|
"title": "Ingestion Volume",
|
|
"showOpenInMe": true,
|
|
"gridSettings": {
|
|
"rowLimit": 10000
|
|
},
|
|
"sortBy": [],
|
|
"showExportToExcel": true
|
|
},
|
|
"customWidth": "25",
|
|
"showPin": false,
|
|
"name": "Ingestion Volume"
|
|
}
|
|
]
|
|
},
|
|
"name": "Ingestion ADX",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
}
|
|
],
|
|
"fallbackResourceIds": [],
|
|
"fromTemplateId": "sentinel-ADXvsLA",
|
|
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
|
}
|