使用诊断日志监视 Azure 数据资源管理器的引入、命令、查询和表Monitor Azure Data Explorer ingestion, commands, queries, and tables using diagnostic logs

02/08/2021

Azure 数据资源管理器是一项快速、完全托管的数据分析服务，用于实时分析从应用程序、网站和 IoT 设备等资源流式传输的海量数据。Azure Data Explorer is a fast, fully managed data analytics service for real-time analysis on large volumes of data streaming from applications, websites, IoT devices, and more. Azure Monitor 诊断日志提供有关 Azure 资源操作的数据。Azure Monitor diagnostic logs provide data about the operation of Azure resources. Azure 数据资源管理器使用诊断日志获取有关引入、命令、查询和表的见解。Azure Data Explorer uses diagnostic logs for insights on ingestion, commands, query, and tables. 可将操作日志导出到 Azure 存储、事件中心或 Log Analytics 以监视引入、命令和查询状态。You can export operation logs to Azure Storage, Event Hub, or Log Analytics to monitor ingestion, commands, and query status. 可将 Azure 存储和 Azure 事件中心的日志路由到 Azure 数据资源管理器群集中的某个表，以进一步分析。Logs from Azure Storage and Azure Event Hub can be routed to a table in your Azure Data Explorer cluster for further analysis.

重要

诊断日志数据可能包含敏感数据。Diagnostic log data may contain sensitive data. 请根据监视需求限制日志目标的权限。Restrict permissions of the logs destination according to your monitoring needs.

先决条件Prerequisites

如果没有 Azure 订阅，请创建一个 Azure 帐户。If you don't have an Azure subscription, create a Azure account.
登录到 Azure 门户。Sign in to the Azure portal.
创建群集和数据库。Create a cluster and database.

设置 Azure 数据资源管理器群集的诊断日志Set up diagnostic logs for an Azure Data Explorer cluster

诊断日志可用于配置以下日志数据的收集：Diagnostic logs can be used to configure the collection of the following log data:

备注

对于使用 SDK、数据连接和连接器将排队的引入内容引入到引入终结点，引入日志受支持。Ingestion logs are supported for queued ingestion to the ingestion endpoint using SDKs, data connections, and connectors.

对于流式引入、目标为引擎的直接引入、从查询进行的引入或者设置或追加命令，引入日志不受支持。Ingestion logs aren't supported for streaming ingestion, direct ingestion to the engine, ingestion from query, or set-or-append commands.

备注

只会针对引入操作的最终状态报告“失败引入”日志，这与引入结果指标不同，后者是针对在内部重试的暂时性故障发出的。Failed ingestion logs are only reported for the final state of an ingest operation, unlike the Ingestion result metric, which is emitted for transient failures that are retried internally.

成功的引入操作：这些日志包含有关已成功完成的引入操作的信息。Successful ingestion operations: These logs have information about successfully completed ingestion operations.
失败的引入操作：这些日志包含有关失败的引入操作的详细信息，包括错误详细信息。Failed ingestion operations: These logs have detailed information about failed ingestion operations including error details.
引入批处理操作：这些日志详细说明了可用于引入的批处理的统计信息（持续时间、批大小和 blob 计数）。Ingestion batching operations: These logs have detailed statistics of batches ready for ingestion (duration, batch size and blobs count).

TableUsageStatistics：这些日志包含已达到最终状态的命令和查询的详细使用情况信息。TableUsageStatistics: These logs have detailed information about usage of commands and queries that have reached a final state.

备注

TableUsageStatistics 日志数据不包含命令或查询文本。The TableUsageStatistics log data doesn't contain the command or query text.
TableDetails：这些日志包含有关群集的表的详细信息。TableDetails: These logs have detailed information about the cluster's tables.

然后可根据规范将数据存档到存储帐户、流式传输到事件中心，或发送到 Log Analytics。The data is then archived into a Storage account, streamed to an Event Hub, or sent to Log Analytics, as per your specifications.

启用诊断日志Enable diagnostic logs

诊断日志默认已禁用。Diagnostic logs are disabled by default. 若要启用诊断日志，请执行以下步骤：To enable diagnostic logs, do the following steps:

在 Azure 门户中，选择要监视的 Azure 数据资源管理器群集资源。In the Azure portal, select the Azure Data Explorer cluster resource that you want to monitor.
在“监视”下，选择“诊断设置” 。Under Monitoring, select Diagnostic settings.
选择“添加诊断设置”。 Select Add diagnostic setting.
在“诊断设置”窗口中，执行以下操作：In the Diagnostic settings window:
1. 输入一个诊断设置名称。Enter a Diagnostic setting name.
2. 选择一个或多个目标：Log Analytics 工作区、存储帐户或事件中心。Select one or more targets: a Log Analytics workspace, a storage account, or an Event Hub.
3. 选择要收集的日志：SucceededIngestion、FailedIngestion、IngestionBatching、Command、Query、TableUsageStatistics 或 TableDetails。Select logs to be collected: SucceededIngestion, FailedIngestion, IngestionBatching, Command, or Query, TableUsageStatistics, or TableDetails.
4. 选择要收集的指标（可选）。Select metrics to be collected (optional).
5. 选择“保存”以保存新的诊断日志设置和指标。 Select Save to save the new diagnostic logs settings and metrics.

在几分钟内即会完成新的设置。New settings will be set in a few minutes. 日志随后会显示在配置的存档目标（存储帐户、事件中心或 Log Analytics）中。Logs then appear in the configured archival target (Storage account, Event Hub, or Log Analytics).

备注

如果将日志发送到 Log Analytics，则 SucceededIngestion、FailedIngestion、IngestionBatching、Command、Query、TableUsageStatistics 和 TableDetails 日志会分别存储在名为 SucceededIngestion、FailedIngestion、ADXIngestionBatching、ADXCommand、ADXQuery、ADXTableUsageStatistics 和 ADXTableDetails 的 Log Analytics 表中。If you send logs to Log Analytics, the SucceededIngestion, FailedIngestion, IngestionBatching, Command, Query, TableUsageStatistics and TableDetails logs will be stored in Log Analytics tables named: SucceededIngestion, FailedIngestion, ADXIngestionBatching, ADXCommand, ADXQuery, ADXTableUsageStatistics and ADXTableDetails respectively.

诊断日志架构Diagnostic logs schema

所有 Azure Monitor 诊断日志共享一个通用的顶级架构。All Azure Monitor diagnostic logs share a common top-level schema. Azure 数据资源管理器对其自身的事件使用唯一属性。Azure Data Explorer has unique properties for their own events. 所有日志均以 JSON 格式存储。All logs are stored in a JSON format.

引入日志架构Ingestion logs schema

日志 JSON 字符串包含下表中列出的元素：Log JSON strings include elements listed in the following table:

名称Name	说明Description
timetime	报告时间Time of the report
ResourceIdresourceId	Azure Resource Manager 资源 IDAzure Resource Manager resource ID
operationNameoperationName	操作名称：'MICROSOFT.KUSTO/CLUSTERS/INGEST/ACTION'Name of the operation: 'MICROSOFT.KUSTO/CLUSTERS/INGEST/ACTION'
operationVersionoperationVersion	架构版本：'1.0'Schema version: '1.0'
categorycategory	操作类别。Category of the operation. `SucceededIngestion`、`FailedIngestion` 或 `IngestionBatching`。`SucceededIngestion`, `FailedIngestion` or `IngestionBatching`. 成功的操作、失败的操作或批处理操作的属性不同。Properties differ for successful operation, failed operation or batching operation.
propertiesproperties	操作的详细信息。Detailed information of the operation.

成功引入操作日志Successful ingestion operation log

示例：Example:

{
    "time": "",
    "resourceId": "",
    "operationName": "MICROSOFT.KUSTO/CLUSTERS/INGEST/ACTION",
    "operationVersion": "1.0",
    "category": "SucceededIngestion",
    "properties":
    {
        "SucceededOn": "2019-05-27 07:55:05.3693628",
        "OperationId": "b446c48f-6e2f-4884-b723-92eb6dc99cc9",
        "Database": "Samples",
        "Table": "StormEvents",
        "IngestionSourceId": "66a2959e-80de-4952-975d-b65072fc571d",
        "IngestionSourcePath": "https://kustoingestionlogs.blob.core.chinacloudapi.cn/sampledata/events8347293.json",
        "RootActivityId": "d0bd5dd3-c564-4647-953e-05670e22a81d"
    }
}

成功操作诊断日志的属性Properties of a successful operation diagnostic log

名称Name	说明Description
SucceededOnSucceededOn	引入完成时间Time of ingestion completion
OperationIdOperationId	Azure 数据资源管理器引入操作 IDAzure Data Explorer ingestion operation ID
数据库Database	目标数据库的名称Name of the target database
表Table	目标表的名称Name of the target table
IngestionSourceIdIngestionSourceId	引入数据源的 IDID of the ingestion data source
IngestionSourcePathIngestionSourcePath	引入数据源或 Blob URI 的路径Path of the ingestion data source or blob URI
RootActivityIdRootActivityId	活动 IDActivity ID

失败引入操作日志Failed ingestion operation log

示例：Example:

{
    "time": "",
    "resourceId": "",
    "operationName": "MICROSOFT.KUSTO/CLUSTERS/INGEST/ACTION",
    "operationVersion": "1.0",
    "category": "FailedIngestion",
    "properties":
    {
        "failedOn": "2019-05-27 08:57:05.4273524",
        "operationId": "5956515d-9a48-4544-a514-cf4656fe7f95",
        "database": "Samples",
        "table": "StormEvents",
        "ingestionSourceId": "eee56f8c-2211-4ea4-93a6-be556e853e5f",
        "ingestionSourcePath": "https://kustoingestionlogs.blob.core.chinacloudapi.cn/sampledata/events5725592.json",
        "rootActivityId": "52134905-947a-4231-afaf-13d9b7b184d5",
        "details": "Permanent failure downloading blob. URI: ..., permanentReason: Download_SourceNotFound, DownloadFailedException: 'Could not find file ...'",
        "errorCode": "Download_SourceNotFound",
        "failureStatus": "Permanent",
        "originatesFromUpdatePolicy": false,
        "shouldRetry": false
    }
}

失败操作诊断日志的属性Properties of a failed operation diagnostic log

名称Name	说明Description
FailedOnFailedOn	引入完成时间Time of ingestion completion
OperationIdOperationId	Azure 数据资源管理器引入操作 IDAzure Data Explorer ingestion operation ID
数据库Database	目标数据库的名称Name of the target database
表Table	目标表的名称Name of the target table
IngestionSourceIdIngestionSourceId	引入数据源的 IDID of the ingestion data source
IngestionSourcePathIngestionSourcePath	引入数据源或 Blob URI 的路径Path of the ingestion data source or blob URI
RootActivityIdRootActivityId	活动 IDActivity ID
详细信息Details	失败和错误消息的详细说明Detailed description of the failure and error message
ErrorCodeErrorCode	错误代码Error code
FailureStatusFailureStatus	`Permanent` 或 `Transient`。`Permanent` or `Transient`. 重试暂时性故障可能会成功。Retry of a transient failure may succeed.
OriginatesFromUpdatePolicyOriginatesFromUpdatePolicy	如果故障源自更新策略，则为 TrueTrue if failure originates from an update policy
ShouldRetryShouldRetry	如果重试可以成功，则为 TrueTrue if retry may succeed

引入批处理操作日志Ingestion batching operation log

示例：Example:

{
  "resourceId": "/SUBSCRIPTIONS/12534EB3-8109-4D84-83AD-576C0D5E1D06/RESOURCEGROUPS/KEREN/PROVIDERS/MICROSOFT.KUSTO/CLUSTERS/KERENEUS",
  "time": "2020-05-27T07:55:05.3693628Z",
  "operationVersion": "1.0",
  "operationName": "MICROSOFT.KUSTO/CLUSTERS/INGESTIONBATCHING/ACTION",
  "category": "IngestionBatching",
  "correlationId": "2bb51038-c7dc-4ebd-9d7f-b34ece4cb735",
  "properties": {
    "Database": "Samples",
    "Table": "StormEvents",
    "BatchingType": "Size",
    "SourceCreationTime": "2020-05-27 07:52:04.9623640",
    "BatchTimeSeconds": 215.5,
    "BatchSizeBytes": 2356425,
    "DataSourcesInBatch": 4,
    "RootActivityId": "2bb51038-c7dc-4ebd-9d7f-b34ece4cb735"
  }
}

引入批处理操作诊断日志的属性Properties of an ingestion batching operation diagnostic log

名称Name	说明Description
TimeGeneratedTimeGenerated	生成此事件的时间 (UTC)The time (UTC) at which this event was generated
数据库Database	保存目标表的数据库的名称Name of the database holding the target table
表Table	数据引入到的目标表的名称Name of the target table into which the data is ingested
BatchingTypeBatchingType	批处理类型：批处理是否达到批处理策略设置的批处理时间、数据大小或文件数限制Type of batching: whether the batch reached batching time, data size, or number of files limit set by batching policy
SourceCreationTimeSourceCreationTime	此批中 blob 的最早创建时间 (UTC)Minimal time (UTC) at which blobs in this batch were created
BatchTimeSecondsBatchTimeSeconds	此批的总批处理时间（秒）Total batching time of this batch (seconds)
BatchSizeBytesBatchSizeBytes	此批中数据的未压缩大小总计（字节）Total uncompressed size of data in this batch (bytes)
DataSourcesInBatchDataSourcesInBatch	此批中的数据源数Number of data sources in this batch
RootActivityIdRootActivityId	操作的活动 IDThe operation's activity ID

命令和查询日志架构Commands and Queries logs schema

日志 JSON 字符串包含下表中列出的元素：Log JSON strings include elements listed in the following table:

名称Name	说明Description
timetime	报告时间Time of the report
ResourceIdresourceId	Azure Resource Manager 资源 IDAzure Resource Manager resource ID
operationNameoperationName	操作名称：“MICROSOFT.KUSTO/CLUSTERS/COMMAND/ACTION”或“MICROSOFT.KUSTO/CLUSTERS/QUERY/ACTION”。Name of the operation: 'MICROSOFT.KUSTO/CLUSTERS/COMMAND/ACTION' or "MICROSOFT.KUSTO/CLUSTERS/QUERY/ACTION". 命令和查询日志的属性不同。Properties differ for commands and query logs.
operationVersionoperationVersion	架构版本：'1.0'Schema version: '1.0'
categorycategory	操作类别：`Command` 或 `Query`。Category of the operation: `Command` or `Query`. 命令和查询日志的属性不同。Properties differ for commands and query logs.
propertiesproperties	操作的详细信息。Detailed information of the operation.

命令日志Command log

示例：Example:

{
    "time": "",
    "resourceId": "",
    "operationName": "MICROSOFT.KUSTO/CLUSTERS/COMMAND/ACTION",
    "operationVersion": "1.0",
    "category": "Command",
    "properties":
    {
        "RootActivityId": "d0bd5dd3-c564-4647-953e-05670e22a81d",
        "StartedOn": "2020-09-12T18:06:04.6898353Z",
        "LastUpdatedOn": "2020-09-12T18:06:04.6898353Z",
        "Database": "DatabaseSample",
        "State": "Completed",
        "FailureReason": "XXX",
        "TotalCpu": "00:01:30.1562500",
        "CommandType": "ExtentsDrop",
        "Application": "Kusto.WinSvc.DM.Svc",
        "ResourceUtilization": "{\"CacheStatistics\":{\"Memory\":{\"Hits\":0,\"Misses\":0},\"Disk\":{\"Hits\":0,\"Misses\":0},\"Shards\":{\"Hot\":{\"HitBytes\":0,\"MissBytes\":0,\"RetrieveBytes\":0},\"Cold\":{\"HitBytes\":0,\"MissBytes\":0,\"RetrieveBytes\":0},\"BypassBytes\":0}},\"TotalCpu\":\"00:00:00\",\"MemoryPeak\":0,\"ScannedExtentsStatistics\":{\"MinDataScannedTime\":null,\"MaxDataScannedTime\":null,\"TotalExtentsCount\":0,\"ScannedExtentsCount\":0,\"TotalRowsCount\":0,\"ScannedRowsCount\":0}}",
        "Duration": "00:03:30.1562500",
        "User": "AAD app id=0571b364-eeeb-4f28-ba74-90a8b4132b53",
        "Principal": "aadapp=0571b364-eeeb-4f28-ba74-90a3b4136b53;5c443533-c927-4410-a5d6-4d6a5443b64f"
    }
}

命令诊断日志的属性Properties of a command diagnostic log

名称Name	说明Description
RootActivityIdRootActivityId	根活动 IDThe root activity ID
StartedOnStartedOn	该命令开始的时间 (UTC)Time (UTC) at which this command started
LastUpdatedOnLastUpdatedOn	该命令结束的时间 (UTC)Time (UTC) at which this command ended
数据库Database	运行命令的数据库的名称The name of the database the command ran on
状态State	命令结束的状态The state the command ended with
FailureReasonFailureReason	失败原因The failure reason
TotalCpuTotalCpu	CPU 总持续时间Total CPU duration
CommandTypeCommandType	命令类型Command type
应用程序Application	调用了命令的应用程序的名称Application name that invoked the command
ResourceUtilizationResourceUtilization	命令资源利用率Command resource utilization
DurationDuration	命令持续时间Command duration
用户User	调用了查询的用户The user that invoked the query
主体Principal	调用了查询的主体The principal that invoked the query

查询日志Query log

示例：Example:

{
    "time": "",
    "resourceId": "",
    "operationName": "MICROSOFT.KUSTO/CLUSTERS/QUERY/ACTION",
    "operationVersion": "1.0",
    "category": "Query",
    "properties": {
        "RootActivityId": "3e6e8814-e64f-455a-926d-bf16229f6d2d",
        "StartedOn": "2020-09-04T13:45:45.331925Z",
        "LastUpdatedOn": "2020-09-04T13:45:45.3484372Z",
        "Database": "DatabaseSample",
        "State": "Completed",
        "FailureReason": "[none]",
        "TotalCpu": "00:00:00",
        "ApplicationName": "MyApp",
        "MemoryPeak": 0,
        "Duration": "00:00:00.0165122",
        "User": "AAD app id=0571b364-eeeb-4f28-ba74-90a8b4132b53",
        "Principal": "aadapp=0571b364-eeeb-4f28-ba74-90a8b4132b53;5c823e4d-c927-4010-a2d8-6dda2449b6cf",
        "ScannedExtentsStatistics": {
            "MinDataScannedTime": "2020-07-27T08:34:35.3299941",
            "MaxDataScannedTime": "2020-07-27T08:34:41.991661",
            "TotalExtentsCount": 64,
            "ScannedExtentsCount": 64,
            "TotalRowsCount": 320,
            "ScannedRowsCount": 320
        },
        "CacheStatistics": {
            "Memory": {
                "Hits": 192,
                "Misses": 0
          },
            "Disk": {
                "Hits": 0,
                "Misses": 0
      },
            "Shards": {
                "Hot": {
                    "HitBytes": 0,
                    "MissBytes": 0,
                    "RetrieveBytes": 0
        },
                "Cold": {
                    "HitBytes": 0,
                    "MissBytes": 0,
                    "RetrieveBytes": 0
        },
            "BypassBytes": 0
      }
    },
    "ResultSetStatistics": {
        "TableCount": 1,
        "TablesStatistics": [
        {
          "RowCount": 1,
          "TableSize": 9
        }
      ]
    }
  }
}

查询诊断日志的属性Properties of a query diagnostic log

名称Name	说明Description
RootActivityIdRootActivityId	根活动 IDThe root activity ID
StartedOnStartedOn	该命令开始的时间 (UTC)Time (UTC) at which this command started
LastUpdatedOnLastUpdatedOn	该命令结束的时间 (UTC)Time (UTC) at which this command ended
数据库Database	运行命令的数据库的名称The name of the database the command ran on
状态State	命令结束的状态The state the command ended with
FailureReasonFailureReason	失败原因The failure reason
TotalCpuTotalCpu	CPU 总持续时间Total CPU duration
ApplicationNameApplicationName	调用了查询的应用程序的名称Application name that invoked the query
MemoryPeakMemoryPeak	内存峰值Memory peak
DurationDuration	命令持续时间Command duration
用户User	调用了查询的用户The user that invoked the query
主体Principal	调用了查询的主体The principal that invoked the query
ScannedExtentsStatisticsScannedExtentsStatistics	包含扫描的盘区统计信息Contains scanned extent statistics
MinDataScannedTimeMinDataScannedTime	最短数据扫描时间Minimum data scan time
MaxDataScannedTimeMaxDataScannedTime	最长数据扫描时间Maximum data scan time
TotalExtentsCountTotalExtentsCount	盘区总数Total extent count
ScannedExtentsCountScannedExtentsCount	扫描的盘区计数Scanned extent count
TotalRowsCountTotalRowsCount	总行计数Total rows count
ScannedRowsCountScannedRowsCount	扫描的行计数Scanned rows count
CacheStatisticsCacheStatistics	包含缓存统计信息Contains cache statistics
内存Memory	包含缓存内存统计信息Contains cache memory statistics
命中数Hits	内存缓存命中数Memory cache hits
未命中数Misses	内存缓存未命中数Memory cache misses
磁盘Disk	包含缓存磁盘统计信息Contains cache disk statistics
命中数Hits	磁盘缓存命中数Disk cache hits
未命中数Misses	磁盘缓存未命中数Disk cache misses
ShardsShards	包含热和冷分片缓存统计信息Contains hot and cold shards cache statistics
热Hot	包含热分片缓存统计信息Contains hot shards cache statistics
HitBytesHitBytes	分片热缓存命中数Shards hot cache hits
MissBytesMissBytes	分片热缓存未命中数Shards hot cache misses
RetrieveBytesRetrieveBytes	分片热缓存检索的字节数Shards hot cache retrieved bytes
冷Cold	包含冷分片缓存统计信息Contains cold shards cache statistics
HitBytesHitBytes	分片冷缓存命中数Shards cold cache hits
MissBytesMissBytes	分片冷缓存未命中数Shards cold cache misses
RetrieveBytesRetrieveBytes	分片冷缓存检索的字节数Shards cold cache retrieved bytes
BypassBytesBypassBytes	分片缓存绕过字节数Shards cache bypass bytes
ResultSetStatisticsResultSetStatistics	包含结果集统计信息Contains result set statistics
TableCountTableCount	结果集表计数Result set table count
TablesStatisticsTablesStatistics	包含结果集表统计信息Contains result set table statistics
RowCountRowCount	结果集表行计数Result set table row count
TableSizeTableSize	结果集表行计数Result set table row count

TableUsageStatistics 和 TableDetails 日志架构TableUsageStatistics and TableDetails logs schema

日志 JSON 字符串包含下表中列出的元素：Log JSON strings include elements listed in the following table:

名称Name	说明Description
timetime	报告时间Time of the report
ResourceIdresourceId	Azure Resource Manager 资源 IDAzure Resource Manager resource ID
operationNameoperationName	操作名称：“MICROSOFT.KUSTO/CLUSTERS/DATABASE/SCHEMA/READ”。Name of the operation: 'MICROSOFT.KUSTO/CLUSTERS/DATABASE/SCHEMA/READ'. TableUsageStatistics 和 TableDetails 的属性相同。Properties are the same for TableUsageStatistics and TableDetails.
operationVersionoperationVersion	架构版本：'1.0'Schema version: '1.0'
propertiesproperties	操作的详细信息Detailed information of the operation

TableUsageStatistics 日志TableUsageStatistics log

示例：Example:

{
    "resourceId": "/SUBSCRIPTIONS/0571b364-eeeb-4f28-ba74-90a8b4132b53/RESOURCEGROUPS/MYRG/PROVIDERS/MICROSOFT.KUSTO/CLUSTERS/MYKUSTOCLUSTER",
    "time": "08-04-2020 16:42:29",
    "operationName": "MICROSOFT.KUSTO/CLUSTERS/DATABASE/SCHEMA/READ",
    "correlationId": "MyApp.Kusto.DM.MYKUSTOCLUSTER.ShowTableUsageStatistics.e10fe80b-6f4d-4b7e-9756-b87720f88901",
    "properties": {
        "RootActivityId": "3e6e8814-e64f-455a-926d-bf16229f6d2d",
        "StartedOn": "2020-08-19T11:51:41.1258308Z",
        "Database": "MyDB",
        "Table": "MyTable",
        "MinCreatedOn": "2020-07-20T09:16:00.9906347Z",
        "MaxCreatedOn": "2020-08-19T11:50:37.1233374Z",
        "Application": "MyApp",
        "User": "AAD app id=0571b364-eeeb-4f28-ba74-90a8b4132b53",
        "Principal": "aadapp=0571b364-eeeb-4f28-ba74-90a8b4132b53;5c823e4d-c927-4010-a2d8-6dda2449b6cf"
    }
}

TableUsageStatistics 诊断日志的属性Properties of a TableUsageStatistics diagnostic log

名称Name	说明Description
RootActivityIdRootActivityId	根活动 IDThe root activity ID
StartedOnStartedOn	该命令开始的时间 (UTC)Time (UTC) at which this command started
数据库Database	数据库的名称The name of the database
TableNameTableName	表的名称The name of the table
MinCreatedOnMinCreatedOn	表的最早区时间Oldest extent time of the table
MaxCreatedOnMaxCreatedOn	表的最新区时间Latest extent time of the table
ApplicationNameApplicationName	调用了该命令的应用程序的名称application name that invoked the command
用户User	调用了查询的用户The user that invoked the query
主体Principal	调用了查询的主体The principal that invoked the query

TableDetails 日志TableDetails log

示例：Example:

{
    "resourceId": "/SUBSCRIPTIONS/0571b364-eeeb-4f28-ba74-90a8b4132b53/RESOURCEGROUPS/MYRG/PROVIDERS/MICROSOFT.KUSTO/CLUSTERS/MYKUSTOCLUSTER",
    "time": "08-04-2020 16:42:29",
    "operationName": "MICROSOFT.KUSTO/CLUSTERS/DATABASE/SCHEMA/READ",
    "correlationId": "MyApp.Kusto.DM.MYKUSTOCLUSTER.ShowTableUsageStatistics.e10fe80b-6f4d-4b7e-9756-b87720f88901",
    "properties": {
        "RootActivityId": "3e6e8814-e64f-455a-926d-bf16229f6d2d",
        "TableName": "MyTable",
        "DatabaseName": "MyDB",
        "TotalExtentSize": 9632.0,
        "TotalOriginalSize": 4143.0,
        "HotExtentSize": 0.0,
        "RetentionPolicyOrigin": "table",
        "RetentionPolicy": "{\"SoftDeletePeriod\":\"90.00:00:00\",\"Recoverability\":\"Disabled\"}",
        "CachingPolicyOrigin": "database",
        "CachingPolicy": "{\"DataHotSpan\":\"7.00:00:00\",\"IndexHotSpan\":\"7.00:00:00\",\"ColumnOverrides\":[]}",
        "MaxExtentsCreationTime": "2020-08-30T02:44:43.9824696Z",
        "MinExtentsCreationTime": "2020-08-30T02:38:42.3031288Z",
        "TotalExtentCount": 1164,
        "TotalRowCount": 223325,
        "HotExtentCount": 29,
        "HotOriginalSize": 1388213,
        "HotRowCount": 5117
  }
}

TableDetails 诊断日志的属性Properties of a TableDetails diagnostic log

名称Name	说明Description
RootActivityIdRootActivityId	根活动 IDThe root activity ID
TableNameTableName	表的名称The name of the table
DatabaseNameDatabaseName	数据库的名称he name of the database
TotalExtentSizeTotalExtentSize	表中数据的原始总大小（以字节为单位）The total original size of data in the table (in bytes)
HotExtentSizeHotExtentSize	表中的区（存储在热缓存中）的总大小（压缩大小和索引大小），以字节为单位。The total size in bytes of extents (compressed size and index size) in the table, stored in the hot cache.
RetentionPolicyOriginRetentionPolicyOrigin	保留策略源实体（表/数据库/群集）Retention policy origin entity (table/database/cluster)
RetentionPolicyRetentionPolicy	表的有效实体保留策略，已序列化为 JSONThe table's effective entity retention policy, serialized as JSON
CachingPolicyOriginCachingPolicyOrigin	缓存策略源实体（表/数据库/群集）Caching policy origin entity (table/database/cluster)
CachingPolicyCachingPolicy	表的有效实体缓存策略，已序列化为 JSONThe table's effective entity caching policy, serialized as JSON
MaxExtentsCreationTimeMaxExtentsCreationTime	表中的区的最大创建时间（如果没有区，则为 NULL）The maximum creation time of an extent in the table (or null, if there are no extents)
MinExtentsCreationTimeMinExtentsCreationTime	表中的区的最小创建时间（如果没有区，则为 NULL）The minimum creation time of an extent in the table (or null, if there are no extents)
TotalExtentCountTotalExtentCount	表中的总区数The total number of extents in the table
TotalRowCountTotalRowCount	表中的总行数The total number of rows in the table
MinDataScannedTimeMinDataScannedTime	最短数据扫描时间Minimum data scan time
MaxDataScannedTimeMaxDataScannedTime	最长数据扫描时间Maximum data scan time
TotalExtentsCountTotalExtentsCount	盘区总数Total extent count
ScannedExtentsCountScannedExtentsCount	扫描的盘区计数Scanned extent count
TotalRowsCountTotalRowsCount	总行计数Total rows count
HotExtentCountHotExtentCount	表中的区（存储在热缓存中）的总数The total number of extents in the table, stored in the hot cache
HotOriginalSizeHotOriginalSize	表中的数据（存储在热缓存中）的原始总大小（以字节为单位）The total original size in bytes of data in the table, stored in the hot cache
HotRowCountHotRowCount	表中的行（存储在热缓存中）的总数The total number of rows in the table, stored in the hot cache

后续步骤Next steps

使用指标来监视群集运行状况Use metrics to monitor cluster health
教程：在 Azure 数据资源管理器中引入和查询监视数据，可帮助获取引入诊断日志Tutorial: Ingest and query monitoring data in Azure Data Explorer for ingestion diagnostic logs

使用诊断日志监视 Azure 数据资源管理器的引入、命令、查询和表Monitor Azure Data Explorer ingestion, commands, queries, and tables using diagnostic logs

先决条件Prerequisites

设置 Azure 数据资源管理器群集的诊断日志Set up diagnostic logs for an Azure Data Explorer cluster

启用诊断日志Enable diagnostic logs

诊断日志架构Diagnostic logs schema

引入日志架构Ingestion logs schema

成功引入操作日志Successful ingestion operation log

失败引入操作日志Failed ingestion operation log

引入批处理操作日志Ingestion batching operation log

命令和查询日志架构Commands and Queries logs schema

命令日志Command log

查询日志Query log

TableUsageStatistics 和 TableDetails 日志架构TableUsageStatistics and TableDetails logs schema

TableUsageStatistics 日志TableUsageStatistics log

TableDetails 日志TableDetails log

后续步骤Next steps

此页面有帮助吗?

此页面有帮助吗?