Home » Kusto
Category Archives: Kusto
What if you need to monitor something that require a custom script? For example a sequence of checks? That is possible with a PowerShell script that do all the checks, and then submit the result to the workspace. In this example I will monitor port 25565 on a Minecraft server with a PowerShell script. Monitoring a network port is possible with the network insight feature, but it is still a good example as you can change the PowerShell script do do almost anything.
The first step was to create an Azure Automation runbook to check if the port is open. The runbook submit the result to Log Analytics through the data collector API.
A challenge with the runbook is schedules only allow it to run once per hour. To trigger the runbook more often, for example every five minutes, we can trigger it from a Logic Apps.
The PowerShell based runbook is now triggered to run every five minutes, sending its result to the Log Analytic workspace. Once the data is in the workspace, we can query it with a query, and for example show availability of the network port. As you can see on line six in the query, I have comment (for demo purpose) the line that shows only events from yesterday. The following blog post, Return data only during office hours and workdays , explains the query in details.
let totalevents = (24 * 12); Custom_Port_CL | extend localTimestamp = TimeGenerated + 2h | where Port_s == "Minecraft Port" | where Result_s == "Success" // | where localTimestamp between (startofday(now(-1d)) .. endofday(now(-1d)) ) | summarize sum01 = count() by Port_s | extend percentage = (todouble(sum01) * 100 / todouble(totalevents)) | project Port_s, percentage, events=sum01, possible_events=totalevents
The query will show percentage availability based on one event expected every five minutes.
In the workbook published yesterday we used one graph for %Used Space from Linux servers, and one graph for %Free Space from Windows servers. But for some scenarios you might want to show disk space from both server types in the same graph. The following query convert Linux %Used Space to %Free Space, so they can be visualized together with %Free Space with data from Windows servers.
Perf | where TimeGenerated between (ago(1d) .. now() ) | where CounterName == "% Used Space" or CounterName == "% Free Space" | where InstanceName != "_Total" | where InstanceName !contains "HarddiskVolume" | extend FreeSpace = iff(CounterName == "% Used Space", 100-CounterValue, CounterValue) | extend localTimestamp = TimeGenerated + 2h | extend description = strcat(Computer, " ", InstanceName) | summarize avg(FreeSpace) by bin(localTimestamp, 10m), description | sort by localTimestamp desc | render timechart
Thanks to Vanessa for good conversation and ideas 🙂