Order Azure Log-Analytics result columns

Problem

When doing a Kusto query in Azure Log Analytics the result set (Grid) gets rebuild every single time a query is executed. The default order of the columns is somewhat random. This normally means that I have to reorder the important columns like level, message etc. manually by dragging them to the first position. If they are not even shown I first need to show them using the column picker drop-down.

This is no fun and I finally found the trick to build my “perfect” query so in don’t have to fiddle with the grid every time.

Solution

One of my favorite query is to query all our logs (union *) for a given Correlation-ID (where) over the past days (ago(…)) and show the most important props as the first columns and then include all other columns / log values (project-reorder) so I can expand a log row and still get all the log properties for this log entry. I order the list using the Timestamp value as this one is more precise then TimeGenerated.

Here is my query:

union *
| where LogProperties_CorrelationId_g == "4869ea08-a9cf-49ed-a281-b5217655b65f"  and Timestamp_t > ago(7d)
| order by Timestamp_t desc nulls last 
| project-reorder TimeGenerated, Type, LogLevel_s, LogMessage_s, LogException_Message_s

Hope this helps others.

Let me know your cool and handy Kusto tricks!