1
00:00:01,440 --> 00:00:02,230
[Autogenerated] as promised.

2
00:00:02,230 --> 00:00:04,130
I wanted to finish with a little bit of cake.

3
00:00:04,130 --> 00:00:07,520
You well so let's go back to our log analytics workspace and

4
00:00:07,520 --> 00:00:10,600
in there we have an in browser based cakey.

5
00:00:10,600 --> 00:00:11,270
Well client,

6
00:00:11,270 --> 00:00:14,380
you just want to search for logs now we can get two logs

7
00:00:14,380 --> 00:00:18,010
from literally almost anywhere in the Azure portal and what

8
00:00:18,010 --> 00:00:18,950
I'm going to want to do here,

9
00:00:18,950 --> 00:00:22,480
I've created what's called a query pack again you can check the

10
00:00:22,480 --> 00:00:26,300
Pluralsight library for more guidance on how to use K Q L.

11
00:00:26,300 --> 00:00:30,470
But I created what's called a legacy query pack called update

12
00:00:30,470 --> 00:00:34,170
management and I share the file with you in the course files so

13
00:00:34,170 --> 00:00:37,580
don't worry about trying to jot down or worrying about jot down

14
00:00:37,580 --> 00:00:38,700
any of these queries.

15
00:00:38,700 --> 00:00:43,020
The basic structure of a k QL query is that we hit one or more virtual

16
00:00:43,020 --> 00:00:47,840
tables in this case we're interested in the update table and this query is

17
00:00:47,840 --> 00:00:50,930
going to find all Windows updates except anti male,

18
00:00:50,930 --> 00:00:53,110
where definition updates and drivers.

19
00:00:53,110 --> 00:00:56,680
So let me select the query and we get our results back and we can

20
00:00:56,680 --> 00:01:00,590
filter the columns that we want to see either graphically here or we

21
00:01:00,590 --> 00:01:03,110
can add the project keyword to our query,

22
00:01:03,110 --> 00:01:05,480
find newest updates per computer.

23
00:01:05,480 --> 00:01:07,550
This is just meant to give you a flavor,

24
00:01:07,550 --> 00:01:12,470
we can adjust the time range filter up here or you can do where time generated

25
00:01:12,470 --> 00:01:16,860
in your cake SQL query itself and so it just goes through I give you the

26
00:01:16,860 --> 00:01:20,520
reference here online to tim W dot info slash o R.

27
00:01:20,520 --> 00:01:20,800
One.

28
00:01:20,800 --> 00:01:24,080
All of these queries came from a really excellent blog post I

29
00:01:24,080 --> 00:01:26,650
found when I was doing research for this module.

30
00:01:26,650 --> 00:01:29,190
Now you can take these queries and you can save them

31
00:01:29,190 --> 00:01:32,700
and persist them in the portal, you can share them with your colleagues,

32
00:01:32,700 --> 00:01:36,190
you can share an email or slack message a link.

33
00:01:36,190 --> 00:01:39,390
You can generate alert rules based on a query.

34
00:01:39,390 --> 00:01:44,820
You can export your query results to a CSV file or just displayed columns.

35
00:01:44,820 --> 00:01:46,870
If you have a Power BI subscription,

36
00:01:46,870 --> 00:01:51,590
you can use the query to power a Power BI visualization or

37
00:01:51,590 --> 00:01:54,120
you can open the data directly and excel.

38
00:01:54,120 --> 00:01:57,930
I find that this cake ul editor in the portal works really great.

39
00:01:57,930 --> 00:01:58,450
In fact,

40
00:01:58,450 --> 00:02:03,370
I have yet to find honestly a good cake SQL editor outside of the Azure portal.

41
00:02:03,370 --> 00:02:07,000
If you know of one, please let me know. Okay.