I am looking at Azure log analytics for a web app, and I have multiple out-of-the-box "tables" containing data: traces, requests, exceptions, etc.
Can I construct a query that runs on data from multiple tables? I don't want to join data from different sources, I just want to concatenate/interleave it, so I can look for e.g. "all traces and exceptions that contain the string 'SQL'".
Notionally, something like:
traces, exceptions
| where * contains "SQL"
| order by timestamp desc
| limit 100
Is this possible?
you can use union. Something I found very useful is to union all tables with union *. For example:
union *
| where * contains "SQL"
This way you will search in all tables for any column that contains SQL
If you want specific tables (for example traces and exceptions):
traces
| union exceptions
| where * contains "SQL"
[Edit] There is also a newer command, with the same result (no benefits or cons with the previous one)
search in (table1, table2, table3) "SQL"
| where timestamp > ago(6h)