{ "__requires": [ { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "7.4.3" }, { "type": "datasource", "id": "grafana-azure-monitor-datasource", "name": "Azure Monitor", "version": "0.3.0" }, { "type": "panel", "id": "graph", "name": "Graph", "version": "" }, { "type": "panel", "id": "stat", "name": "Stat", "version": "" }, { "type": "panel", "id": "table", "name": "Table", "version": "" } ], "editable": true, "gnetId": null, "graphTooltip": 0, "id": null, "iteration": 1622241391232, "links": [], "panels": [ { "collapsed": false, "datasource": "$ds", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 6, "panels": [], "title": "Overview", "type": "row" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 0, "y": 1 }, "id": 4, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n //the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "KeepAlive", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Keep Alive (Avg)", "type": "stat" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 3, "y": 1 }, "id": 12, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "CPU", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "CPU (Avg)", "type": "stat" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 6, "y": 1 }, "id": 13, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "IngestionUtilization", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Ingestion Utilization (Avg) ", "type": "stat" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 9, "y": 1 }, "id": 14, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "IngestionLatencyInSeconds", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Ingestion Latency (Avg) ", "type": "stat" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 12, "y": 1 }, "id": 15, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "CacheUtilization", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Cache Utilization (Avg)", "type": "stat" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 15, "y": 1 }, "id": 16, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "text": {}, "textMode": "auto" }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Total"], "aggregation": "Total", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Status", "value": "IngestionResultDetails" } ], "metricDefinition": "$ns", "metricName": "IngestionResult", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Succeeded Ingestions (#)", "type": "stat" }, { "datasource": "$ds", "description": "The aggregated usage in the cluster, out of the total used CPU and memory. To see more details, go to the Usage tab.", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": null, "filterable": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 6 }, "id": 17, "options": { "showHeader": true }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "let system_databases = dynamic(['KustoMonitoringPersistentDatabase', '$systemdb']); \r\nlet system_users = dynamic(['AAD app id=b753584e-c468-4503-852a-374280ce7a62', 'KustoServiceBuiltInPrincipal']); // b753584e-c468-4503-852a-374280ce7a62 is KustoRunner\r\nlet system_cluster_management_applications = dynamic(['Kusto.WinSvc.CM.Svc']); // Kusto Cluster Management\r\nlet CommandTable = ADXCommand \r\n | where TimeGenerated > datetime(2020-09-09T09:30:00Z) \r\n | where LastUpdatedOn > ago(7d)\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ((false == \"false\" and ApplicationName != 'Kusto.WinSvc.DM.Svc') or false == \"true\")\r\n | extend MemoryPeak = tolong(ResourceUtilization.MemoryPeak) \r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | project-away ResourceUtilization;\r\nlet QueryTable = ADXQuery\r\n | where LastUpdatedOn > ago(7d)\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ((false == \"false\" and ApplicationName != 'Kusto.WinSvc.DM.Svc') or false == \"true\")\r\n | extend MemoryPeak = tolong(MemoryPeak)\r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | extend CommandType = 'Query';\r\nlet dataset_commands_queries = CommandTable\r\n | union (QueryTable)\r\n | project CommandType, DatabaseName, StartedOn, LastUpdatedOn, Duration, State, FailureReason, RootActivityId, User, ApplicationName, Principal, TotalCPU, MemoryPeak, CorrelationId, cluster_name;\r\nlet dataset = dataset_commands_queries\r\n | where cluster_name == 'mitulktest'\r\n //| where totimespan(TotalCPU) > totimespan(0)\r\n | summarize TotalCPU=max(TotalCPU) \r\n , MemoryPeak=max(MemoryPeak)\r\n by User, ApplicationName, CorrelationId \r\n;\r\nlet totalCPU = toscalar(dataset\r\n | summarize sum((totimespan(TotalCPU) / 1s)));\r\nlet totalMemory = toscalar(dataset\r\n | summarize sum(MemoryPeak));\r\nlet topMemory = \r\n dataset\r\n | top-nested 10000 of User with others=\"Others\" by sum(MemoryPeak), top-nested 10000 of ApplicationName with others=\"Others\" by sum(MemoryPeak)\r\n | extend PercentOfTotalClusterMemoryUsed = aggregated_ApplicationName / toreal(totalMemory)\r\n;\r\nlet topCpu = \r\n dataset\r\n | top-nested 10000 of User with others=\"Others\" by sum(totimespan(TotalCPU) / 1s), top-nested 10000 of ApplicationName with others=\"Others\" by sum(totimespan(TotalCPU) / 1s)\r\n | extend PercentOfTotalClusterCpuUsed = aggregated_ApplicationName / toreal(totalCPU)\r\n;\r\ntopMemory\r\n| join kind = fullouter(topCpu) on User, ApplicationName\r\n| extend BothPercentages = PercentOfTotalClusterMemoryUsed + PercentOfTotalClusterCpuUsed\r\n| top 10 by BothPercentages desc\r\n| extend User = case(ApplicationName == \"Kusto.WinSvc.DM.Svc\", strcat(\"Kusto Data Management \", \"(\", User, \")\"),\r\n ApplicationName == \"KustoQueryRunner\", strcat(\"Kusto Query Runner \", \"(\", User, \")\"),\r\n User == \"AAD app id=e0331ea9-83fc-4409-a17d-6375364c3280\", \"DataMap Agent 001 (app id: e0331ea9-83fc-4409-a17d-6375364c3280)\", // Used for internal MS clusters \r\n User)\r\n| extend PercentOfTotalClusterMemoryUsed_display = iff(isnan(PercentOfTotalClusterMemoryUsed * 100), toreal(0), PercentOfTotalClusterMemoryUsed * 100)\r\n| extend PercentOfTotalClusterCpuUsed_display = iff(isnan(PercentOfTotalClusterCpuUsed * 100), toreal(0), PercentOfTotalClusterCpuUsed * 100)\r\n| where not (ApplicationName == \"Others\" and PercentOfTotalClusterMemoryUsed_display == 0 and PercentOfTotalClusterCpuUsed_display == 0)\r\n| project User, ApplicationName, PercentOfTotalClusterMemoryUsed_display, PercentOfTotalClusterCpuUsed_display", "resultFormat": "time_series", "workspace": "$ws" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "metricDefinition": "select", "metricName": "select", "metricNamespace": "select", "resourceGroup": "select", "resourceName": "select", "timeGrain": "auto", "timeGrains": [], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Log Analytics", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Top resource consumers", "transparent": true, "type": "table" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "description": "Over a sliding timeline window. Not affected by the time range parameter", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 6 }, "hiddenSeries": false, "id": 2, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 3, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "let system_databases = dynamic(['KustoMonitoringPersistentDatabase', '$systemdb']); \r\nlet system_users = dynamic(['AAD app id=b753584e-c468-4503-852a-374280ce7a62', 'KustoServiceBuiltInPrincipal']); // b753584e-c468-4503-852a-374280ce7a62 is Kusto Query Runner\r\nlet system_cluster_management_applications = dynamic(['Kusto.WinSvc.CM.Svc']); // Kusto Cluster Management\r\nlet CommandTable = ADXCommand\r\n | extend MemoryPeak = tolong(ResourceUtilization.MemoryPeak) \r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ApplicationName != 'Kusto.WinSvc.DM.Svc'\r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | project-away ResourceUtilization;\r\nlet QueryTable = ADXQuery\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ApplicationName != 'Kusto.WinSvc.DM.Svc'\r\n | extend MemoryPeak = tolong(MemoryPeak)\r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | extend CommandType = 'Query';\r\nlet dataset_commands_queries = CommandTable\r\n | union (QueryTable)\r\n | project CommandType, DatabaseName, StartedOn, LastUpdatedOn, Duration, State,\r\n FailureReason, RootActivityId, User,\r\n ApplicationName,\r\n Principal,\r\n TotalCPU,\r\n MemoryPeak,\r\n CorrelationId,\r\n cluster_name;\r\nlet raw = dataset_commands_queries\r\n | where LastUpdatedOn > ago(7d)\r\n | where cluster_name == 'mitulktest'\r\n | where StartedOn > ago(365d)\r\n;\r\nraw\r\n| evaluate activity_engagement(User, StartedOn, 1d, 7d)\r\n| join kind = inner (\r\n raw\r\n | evaluate activity_engagement(User, StartedOn, 1d, 30d)\r\n )\r\n on StartedOn\r\n| project StartedOn, Daily=dcount_activities_inner, Weekly=dcount_activities_outer, Monthly = dcount_activities_outer1 \r\n| where StartedOn > ago(90d)\r\n| project Daily, StartedOn, Weekly, Monthly\r\n| sort by StartedOn asc\r\n", "resultFormat": "time_series", "workspace": "$ws" }, "azureMonitor": { "aggOptions": [], "dimensionFilter": "*", "dimensionFilters": [], "metricDefinition": "select", "metricName": "select", "metricNamespace": "select", "resourceGroup": "select", "resourceName": "select", "timeGrain": "auto", "timeGrains": [], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Log Analytics", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Unique user count", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "datasource": "$ds", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 15 }, "id": 19, "panels": [], "title": "Key Metrics", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 0, "y": 16 }, "hiddenSeries": false, "id": 20, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "KeepAlive", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Keep Alive", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 6, "y": 16 }, "hiddenSeries": false, "id": 21, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "CPU", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percent", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 12, "y": 16 }, "hiddenSeries": false, "id": 22, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "CacheUtilization", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Cache Utilization", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percent", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 18, "y": 16 }, "hiddenSeries": false, "id": 23, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "InstanceCount", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Instance Count", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 0, "y": 26 }, "hiddenSeries": false, "id": 24, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "TotalNumberOfConcurrentQueries", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Concurrent Queries", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 6, "y": 26 }, "hiddenSeries": false, "id": 25, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum", "Total"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Query Status", "value": "QueryStatus" } ], "metricDefinition": "$ns", "metricName": "QueryDuration", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Query Duration", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "ms", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 12, "y": 26 }, "hiddenSeries": false, "id": 26, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum", "Total"], "aggregation": "Total", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Command Type", "value": "CommandType" } ], "metricDefinition": "$ns", "metricName": "TotalNumberOfThrottledCommands", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Throttled Commands", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "ms", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 18, "y": 26 }, "hiddenSeries": false, "id": 27, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum", "Total"], "aggregation": "Maximum", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "TotalNumberOfThrottledQueries", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Throttled Queries", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 0, "y": 36 }, "hiddenSeries": false, "id": 28, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "IngestionUtilization", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Ingestion Utilization", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percent", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 6, "y": 36 }, "hiddenSeries": false, "id": 29, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Maximum", "Minimum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "IngestionLatencyInSeconds", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Ingestion Latency", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 12, "y": 36 }, "hiddenSeries": false, "id": 30, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Total"], "aggregation": "Total", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Status", "value": "IngestionResultDetails" } ], "metricDefinition": "$ns", "metricName": "IngestionResult", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Ingestion Result", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 18, "y": 36 }, "hiddenSeries": false, "id": 31, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": true, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Total", "Maximum"], "aggregation": "Total", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Database", "value": "Database" } ], "metricDefinition": "$ns", "metricName": "IngestionVolumeInMB", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Ingestion Volume", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 0, "y": 46 }, "hiddenSeries": false, "id": 32, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Minimum", "Maximum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "StreamingIngestDataRate", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Streaming Ingest Data Rate", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 6, "y": 46 }, "hiddenSeries": false, "id": 33, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average", "Minimum", "Maximum"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [], "metricDefinition": "$ns", "metricName": "StreamingIngestDuration", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Streaming Ingest Duration", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "ms", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 10, "w": 6, "x": 12, "y": 46 }, "hiddenSeries": false, "id": 35, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Result", "value": "Result" } ], "metricDefinition": "$ns", "metricName": "StreamingIngestResults", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Streaming Ingest Result", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 56 }, "hiddenSeries": false, "id": 36, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Total", "Average", "Minimum", "Maximum"], "aggregation": "Total", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Component Type", "value": "ComponentType" }, { "text": "Component Name", "value": "ComponentName" } ], "metricDefinition": "$ns", "metricName": "EventsProcessed", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Events Processed", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "$ds", "fieldConfig": { "defaults": { "color": {}, "custom": {}, "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 56 }, "hiddenSeries": false, "id": 37, "legend": { "avg": true, "current": false, "max": false, "min": false, "show": true, "total": false, "values": true }, "lines": true, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.3", "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "//change this example to create your own time series query\n
//the table to query (e.g. Usage, Heartbeat, Perf)\n| where $__timeFilter(TimeGenerated) //this is a macro used to show the full chart’s time range, choose the datetime column here\n| summarize count() by , bin(TimeGenerated, $__interval) //change “group by column” to a column in your table, such as “Computer”. The $__interval macro is used to auto-select the time grain. Can also use 1h, 5m etc.\n| order by TimeGenerated asc", "resultFormat": "time_series", "workspace": "657b3e91-7c0b-438b-86a5-f769445e237d" }, "azureMonitor": { "aggOptions": ["Average"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Component Type", "value": "ComponentType" }, { "text": "Component Name", "value": "ComponentName" } ], "metricDefinition": "$ns", "metricName": "DiscoveryLatency", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Monitor", "refId": "A", "subscription": "$sub" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Discovery Latency", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "datasource": "$ds", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 65 }, "id": 40, "panels": [], "title": "Usage", "type": "row" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": null, "filterable": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 14, "x": 0, "y": 66 }, "id": 43, "options": { "showHeader": true }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "let system_databases = dynamic(['KustoMonitoringPersistentDatabase', '$systemdb']); \r\nlet system_users = dynamic(['AAD app id=b753584e-c468-4503-852a-374280ce7a62', 'KustoServiceBuiltInPrincipal']); // b753584e-c468-4503-852a-374280ce7a62 is KustoRunner\r\nlet system_cluster_management_applications = dynamic(['Kusto.WinSvc.CM.Svc']); // Kusto Cluster Management\r\nlet CommandTable = ADXCommand \r\n | where TimeGenerated > datetime(2020-09-09T09:30:00Z) \r\n | where LastUpdatedOn > ago(7d)\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ((false == \"false\" and ApplicationName != 'Kusto.WinSvc.DM.Svc') or false == \"true\")\r\n | extend MemoryPeak = tolong(ResourceUtilization.MemoryPeak) \r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | project-away ResourceUtilization;\r\nlet QueryTable = ADXQuery\r\n | where LastUpdatedOn > ago(7d)\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ((false == \"false\" and ApplicationName != 'Kusto.WinSvc.DM.Svc') or false == \"true\")\r\n | extend MemoryPeak = tolong(MemoryPeak)\r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | extend CommandType = 'Query';\r\nlet dataset_commands_queries = CommandTable\r\n | union (QueryTable)\r\n | project CommandType, DatabaseName, StartedOn, LastUpdatedOn, Duration, State, FailureReason, RootActivityId, User, ApplicationName, Principal, TotalCPU, MemoryPeak, CorrelationId, cluster_name;\r\nlet dataset = dataset_commands_queries\r\n | where cluster_name == 'mitulktest'\r\n //| where totimespan(TotalCPU) > totimespan(0)\r\n | summarize TotalCPU=max(TotalCPU) \r\n , MemoryPeak=max(MemoryPeak)\r\n by User, ApplicationName, CorrelationId \r\n;\r\nlet totalCPU = toscalar(dataset\r\n | summarize sum((totimespan(TotalCPU) / 1s)));\r\nlet totalMemory = toscalar(dataset\r\n | summarize sum(MemoryPeak));\r\nlet topMemory = \r\n dataset\r\n | top-nested 10000 of User with others=\"Others\" by sum(MemoryPeak), top-nested 10000 of ApplicationName with others=\"Others\" by sum(MemoryPeak)\r\n | extend PercentOfTotalClusterMemoryUsed = aggregated_ApplicationName / toreal(totalMemory)\r\n;\r\nlet topCpu = \r\n dataset\r\n | top-nested 10000 of User with others=\"Others\" by sum(totimespan(TotalCPU) / 1s), top-nested 10000 of ApplicationName with others=\"Others\" by sum(totimespan(TotalCPU) / 1s)\r\n | extend PercentOfTotalClusterCpuUsed = aggregated_ApplicationName / toreal(totalCPU)\r\n;\r\ntopMemory\r\n| join kind = fullouter(topCpu) on User, ApplicationName\r\n| extend BothPercentages = PercentOfTotalClusterMemoryUsed + PercentOfTotalClusterCpuUsed\r\n| top 10 by BothPercentages desc\r\n| extend User = case(ApplicationName == \"Kusto.WinSvc.DM.Svc\", strcat(\"Kusto Data Management \", \"(\", User, \")\"),\r\n ApplicationName == \"KustoQueryRunner\", strcat(\"Kusto Query Runner \", \"(\", User, \")\"),\r\n User == \"AAD app id=e0331ea9-83fc-4409-a17d-6375364c3280\", \"DataMap Agent 001 (app id: e0331ea9-83fc-4409-a17d-6375364c3280)\", // Used for internal MS clusters \r\n User)\r\n| extend PercentOfTotalClusterMemoryUsed_display = iff(isnan(PercentOfTotalClusterMemoryUsed * 100), toreal(0), PercentOfTotalClusterMemoryUsed * 100)\r\n| extend PercentOfTotalClusterCpuUsed_display = iff(isnan(PercentOfTotalClusterCpuUsed * 100), toreal(0), PercentOfTotalClusterCpuUsed * 100)\r\n| where not (ApplicationName == \"Others\" and PercentOfTotalClusterMemoryUsed_display == 0 and PercentOfTotalClusterCpuUsed_display == 0)\r\n| project User, ApplicationName, PercentOfTotalClusterMemoryUsed_display, PercentOfTotalClusterCpuUsed_display", "resultFormat": "time_series", "workspace": "$ws" }, "azureMonitor": { "aggOptions": ["Average"], "aggregation": "Average", "allowedTimeGrainsMs": [60000, 300000, 900000, 1800000, 3600000, 21600000, 43200000, 86400000], "dimensionFilter": "*", "dimensionFilters": [], "dimensions": [ { "text": "Component Type", "value": "ComponentType" }, { "text": "Component Name", "value": "ComponentName" } ], "metricDefinition": "$ns", "metricName": "DiscoveryLatency", "metricNamespace": "Microsoft.Kusto/clusters", "resourceGroup": "$rg", "resourceName": "$resource", "timeGrain": "auto", "timeGrains": [ { "text": "auto", "value": "auto" }, { "text": "1 minute", "value": "PT1M" }, { "text": "5 minutes", "value": "PT5M" }, { "text": "15 minutes", "value": "PT15M" }, { "text": "30 minutes", "value": "PT30M" }, { "text": "1 hour", "value": "PT1H" }, { "text": "6 hours", "value": "PT6H" }, { "text": "12 hours", "value": "PT12H" }, { "text": "1 day", "value": "P1D" } ], "top": "10" }, "insightsAnalytics": { "query": "", "resultFormat": "time_series" }, "queryType": "Azure Log Analytics", "refId": "A", "subscription": "$sub" } ], "timeFrom": null, "timeShift": null, "title": "Top resource consumers (within the CPU and memory consumption of the cluster)", "transparent": true, "type": "table" }, { "datasource": "$ds", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": null, "filterable": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 10, "x": 14, "y": 66 }, "id": 44, "options": { "showHeader": true }, "pluginVersion": "7.4.3", "targets": [ { "appInsights": { "dimension": [], "metricName": "select", "timeGrain": "auto" }, "azureLogAnalytics": { "query": "let system_databases = dynamic(['KustoMonitoringPersistentDatabase', '$systemdb']); \r\nlet system_users = dynamic(['AAD app id=b753584e-c468-4503-852a-374280ce7a62', 'KustoServiceBuiltInPrincipal']); // b753584e-c468-4503-852a-374280ce7a62 is Kusto Query Runner\r\nlet system_cluster_management_applications = dynamic(['Kusto.WinSvc.CM.Svc']); // Kusto Cluster Management\r\nlet CommandTable = ADXCommand\r\n | extend MemoryPeak = tolong(ResourceUtilization.MemoryPeak)\r\n | where LastUpdatedOn > ago(7d)\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ((false == \"false\" and ApplicationName != 'Kusto.WinSvc.DM.Svc') or false == \"true\")\r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | project-away ResourceUtilization;\r\nlet QueryTable = ADXQuery\r\n | where LastUpdatedOn > ago(7d)\r\n | where DatabaseName !in (system_databases) and User !in (system_users) and ApplicationName !in (system_cluster_management_applications)\r\n | where ((false == \"false\" and ApplicationName != 'Kusto.WinSvc.DM.Svc') or false == \"true\")\r\n | extend MemoryPeak = tolong(MemoryPeak)\r\n | parse _ResourceId with * \"providers/microsoft.kusto/clusters/\" cluster_name\r\n | extend CommandType = 'Query';\r\nlet dataset_commands_queries = CommandTable\r\n | union (QueryTable)\r\n | project CommandType, DatabaseName, StartedOn, LastUpdatedOn, Duration, State,\r\n FailureReason, RootActivityId, User, ApplicationName, Principal, TotalCPU, MemoryPeak, CorrelationId, cluster_name;\r\nlet dataset = dataset_commands_queries\r\n | where cluster_name == 'mitulktest'\r\n | where CommandType != 'TableSetOrAppend'\r\n | summarize Count=count() by User, ApplicationName\r\n | project User, ApplicationName, Count\r\n | extend User = case(ApplicationName == \"Kusto.WinSvc.DM.Svc\", strcat(\"Kusto Data Management \", \"(\", User, \")\"),\r\n User == \"AAD app id=e0331ea9-83fc-4409-a17d-6375364c3280\", \"DataMap Agent 001 (app id: e0331ea9-83fc-4409-a17d-6375364c3280)\", // Used for internal MS clusters\r\n User)\r\n | top 10 by Count;\r\n//| order by Count desc\r\n//