Looking Into Azure Diagnostics Logs The Right Way

30 October 2015

Talking about the Azure Diagnostics Logs - these are the WADLogsTable you can set up to trace errors, info and warning messages, etc. as described here.

Setting up the logging is one thing, but reading the logs to diagnose an issue is another, and it turns out I've been doing it wrong all this time.

I was selecting the output of the logs based on the Timestamp column, but there's two things wrong with this approach:

  1. The Timestamp is not necessarily an indicator of when the event actually occured; it's just when the record was persisted to Azure Storage.
  2. Only the PartitionKey and RowKey columns are indexed in Azure Storage, by design - so selecting by the Timestamp column can actually get really, really slow

What you're actually meant to do is construct a query and select via the PartitionKey, which is stored as the number of Ticks of the DateTime for the logged event. For example:

Azure Diagnostics Logs

This shows me selecting all events from 10.23am to 10.25am on 30th Oct 2015. The values 0635817973800000000 and 0635817975000000000 can be found with code similar to:

DateTime startBound = new DateTime(2015,10,30,10,23,0);
DateTime endBound = new DateTime(2015,10,30,10,25,0);
Console.WriteLine(startBound.Ticks);
Console.WriteLine(endBound.Ticks);

That outputs 635817973800000000 and 635817975000000000, so you just have to append the extra 0 in front.

Thanks to this blog post for enlightening me!

Tags: Azure, diagnostics, logging

Add a Comment

No Comments