There has been inconsistency in Azure log analytics results
Hi team, This question has 2 problems.
first problem:
- We are querying log analytics every minute, when we invoke the query from power shell, we are seeing the data.
But one instance showed only one record, but when see it in the portal in Log Analytics, we could see more records.
FYI - We used below query with where condition, start data and end date are time stamps:
$query =
'Event
| where EventLog == "Application" and EventID in ("6901","6902","6908")
| where TimeGenerated >= todatetime("'+$startDate+'") and TimeGenerated < todatetime("'+$endDate+'")
| project EventID, RenderedDescription'
Sample data: (always 1 minute difference)
$startDate = "9/15/2020 6:40:00 AM"
$endDate = "9/15/2020 6:41:00 AM"
P.S: The data in the log analytics store is coming from an on-premises server, we used MMA on server to sync the event log data to azure log analytics store.
Kindly let us know what is the maximum time that could take to sync the data to server, we see it in milli-seconds every time
second problem:
we created a webhook for a runbook in automation account, this gets invoked every minute, every time the process used to take only less than a minute, it used to be completed in few seconds.
but we saw an instance where it took 10mins, but when we see logs, the powershell logs in runbook show that it got invoked after 10 mins, but the history - the job created 10 mins back timestamo.
Please see below timestamp for reference: job created at : 08:01:00 and the process started at : 08:11:19