I noted recently how with a welcome enhancement to Logs blade in Azure Sentinel (and any Azure service with a Logs blade) we also lost the data sampling “eyeball.” It wasn’t a complaint exactly, I was just lamenting its demise.
However, after that post, @roygalpro, Azure Monitor Logs product manager offered up a Logs blade tip to help ease the passing of the eyeball.
Got your feedback re the eyeball 🙂
Did you know you can control the double click action on a table? By default, double clicking a table name in the side bar will run the preview query in editor. You can control this action in settings.— Roy Gal PRO (@roygalpro) March 17, 2021
I hadn’t realized this setting was available and apparently I’m just clueless because it has existed since October 2020 according to: Double click a table in Log Analytics table side bar to run a preview query.
…but here’s how it works…
Tap or click the “gear” icon to access Settings.
In the Settings pane, change “Adds the table name to query editor” (the default value) to “Run preview query.”
Now, when you double-click a table in the table list it will automatically insert and execute a data sampling query that provides a random set of data from the past 24 hours.
<TableName>
| where TimeGenerated > ago(24h)
| limit 10
I prefer this and will keep it this way.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
