Reputation: 1361
get size of my kube audit log ingested daily in azure
I would like to know how can I get the size (in terms of GB) of my kub audit log ingested on daily basis. Is there a KQL query which I can run in my log analytics workspace to find that out? The reason I want is because I would like to calculate the azure consumption. Thanks
Upvotes: 0
Views: 849
Answers (1)
Reputation: 51
By using the usage table, it is possible to review how much data was ingested into an LA workspace.
Scope spans from solutions to data types (which correlates usually to the destination table, but not always).
Kube-audit is only exportable by default to the AzureDiagnostic table, a table shared among many azure resources, hence - it is impossible to differentiate the source of each record within the total count.
for example, I've being using the following query to review how much data was ingested at the scope of my AzureDiagnostic table in the last 10 days:
Usage
| where TimeGenerated > startofday(ago(10d))
| where DataType == 'AzureDiagnostics'
| summarize IngestedGB = sum(Quantity) / 1000 by bin(TimeGenerated, 1h)
| render timechart
In my case all data originated from Kube-audit logs, but, it shouldn't be the case of most users:
AzureDiagnostics
| where TimeGenerated > startofday(ago(10d))
| summarize count() by bin(TimeGenerated, 1h), Category
| render timechart
Upvotes: 0
Related Questions
- Find logs of POD in AKS using Log Analytics Query
- Configure log in aks
- How can we fetch the datasize of a kusto query in Log Analytics Workspace?
- Access dashboard's time range and granularity from KQL
- How to query my Application Insights Logs (Analytics) from Kusto.Explorer?
- what is the kusto query to get all the logs from all services which gets logged into azure monitor
- Determine duration of events in Kusto?
- Azure Log Analytics KQL - Last log received (most recent)
- how to fetch audit log from a azure kubernetes cluster? later i want to use it to define using audit2rbac tool
- Query the ouput and get latest file name