In August 2017 Microsoft released a new query language for Log Analytics which will be the default query language as of late October (*see the graphic below for the message you get if you haven’t upgraded your workspace yet*).
With this change, all blog posts which I have written about Log Analytics prior to that release which had contained the older query language have been deprecated, updated or replaced. I have reviewed and taken steps for all of my historical blog posts related to OMS which are listed below.
This blog post should serve two purposes:
- To provide a quick index of all blog posts which I have done related to Log Analytics which include sample queries.
- To show a quick way to convert other examples of the old query language – wherever you find them.
Log Analytics related blog posts with query samples:
The following posts already have the new query language:
The following have been replaced with an updated blog posts:
The following blog posts have been updated:
The following blog post have been deprecated:
The old way to get data from Log Analytics into Power BI: https://www.catapultsystems.com/cfuller/archive/2016/03/29/using-power-bi-and-oms-for-security-dashboards-and-reports/
How to convert the original query language into the new one:
Until these blogs posts can be converted (or replaced or deprecated), you can use the following approach to take the original query language and convert it to the new one:
- Copy the existing query language into Log Search.
- Choose the option to “Show legacy language converter”
- Paste the original query in (such as the simple * query which converted to “search *”) and choose the option to convert the query.
This approach will provide a quick workaround for the majority of queries which still exist from the original language in my blog or other sources.
Summary: This blog post details blogs which I have written that include Log Analytics queries. If you find additional changes which would be useful or blog posts which I missed please reply with a comment to this blog post. If you need to use deprecated posts which include the original query language, use the steps shown in this blog post to convert them to the new query language.