Visualizing the trend of performance counters in Log Analytics using Linear Regression | Quisitive
Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Products
EmPerform
Provide people managers with flexible employee performance management software.
PowerGov
Engage citizens with a community development app for city maintenance and management.
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
AMS
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Spyglass®
Take a proactive, continuous approach to optimizing your security environment and strategy.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
Data & Analytics Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
AI Managed Services
Support for your AI technologies & ongoing strategic coaching to take your AI initiatives to the next level.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Quisitive Flex
Routine support services and environment management for critical Microsoft systems
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Learning Channels
Events
News
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Awards & Recognition
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Products
Back
Products
EmPerform
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
AMS
Spyglass®
Managed Services
Back
Managed Services
Azure Management Services
AI Managed Services
Security Program
Power Platform Program
Digital Workplace Program
Data & Analytics Program
Dynamics Program
App Dev Program
Quisitive Flex
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy
Visualizing the trend of performance counters in Log Analytics using Linear Regression
May 23, 2018
Cameron Fuller
How to visualize the trend of performance counters in Log Analytics using Linear Regression. Read below.

It’s easy to visualize performance information in Log Analytics, but how can you create indicate the trend of these counters? This blog post will showcase how the Linear Regression functionality can be used in Log Analytics to provide a trend line as one example for this functionality.

This blog post will show:

  • How Server performance information is displayed in a dashboard
  • How to create a trend line for processor utilization for a single system
  • How to create a trend line for processor utilization for a group of systems

Server Performance Dashboards

In the Server Performance dashboards for Log Analytics we can easily see the KPI’s for your various servers in a single view. This includes processor utilization as an example.

In the solution you can drill down to see a second level chart which shows all of the computers stacked for their usage. You can also create a simple query which would show processor usage for a specific system like the one below.

Perf

| where (ObjectName == “Processor” or ObjectName == “System”) and CounterName == “% Processor Time” and Computer == “<Computername>”

| summarize AggregatedValue = percentile(CounterValue, 90) by bin(TimeGenerated, 1h), Computer

| sort by TimeGenerated desc

| render timechart

Below is a slightly more complex version of this query is below where we can establish variables for the object, counter, start date, end date, and computer name.

let Object = “Processor”;

let Counter = “% Processor Time”;

let StartDate = now(-160d);

let EndDate = now();

let Comp = “<Computername>”;

Perf

| where TimeGenerated between (StartDate..EndDate) and (ObjectName == Object) and CounterName == Counter and Computer == Comp

| project CounterValue, TimeGenerated

| sort by TimeGenerated asc

| render timechart

A sample output for a system is shown below.

Creating a trend line for processor utilization

But what if we to know the trend for this counter? We can take the query above and extend them with some very cool features in Log Analytics. In this case we are going to use Linear Regression to create a trend line. We take the original query and add the make-series capability combined with a series_fit_line to accomplish this change.

let Object = “Processor”;

let Counter = “% Processor Time”;

let StartDate = now(-160d);

let EndDate = now();

let Comp = “<Computername>”;

Perf

| where TimeGenerated between (StartDate..EndDate) and (ObjectName == Object) and CounterName == Counter and Computer == Comp

| make-series PerfCounter = avg(CounterValue) on TimeGenerated in range(StartDate,EndDate, 1d)

| extend (RSquare,Slope,Variance,RVariance,Interception,TrendLine)=series_fit_line(PerfCounter)

| render timechart

The results is below, % Processor Time for a system – with a trend line added! The first one shows a short timeframe (a couple of weeks for one system) where the trend line is decreasing.

The second one shows a longer duration for the same counter where the trend line is slowly increasing.

Creating a trend line for free disk space

The query in this blog post is designed to be able to be used with any performance counter collected by Log Analytics by just changing the variables. The following an example showing free disk space over time. The only change is to alter the values for Object and Counter.

let Object = “LogicalDisk“;

let Counter = “% Free Space“;

let StartDate = now(-160d);

let EndDate = now();

let Comp = “<Computername>”;

Perf

| where TimeGenerated between (StartDate..EndDate) and (ObjectName == Object) and CounterName == Counter and Computer == Comp

| make-series PerfCounter = avg(CounterValue) on TimeGenerated in range(StartDate,EndDate, 1d)

| extend (RSquare,Slope,Variance,RVariance,Interception,TrendLine)=series_fit_line(PerfCounter)

| render timechart

Here’s the trend line for logical disk free space.

Creating a trend line for processor utilization for multiple systems

A trend line can also be created for multiple computer systems. The example below shows overall processor utilization trends.

let Object = “Processor”;

let Counter = “% Processor Time”;

let StartDate = now(-7d);

let EndDate = now();

Perf

| where ObjectName == Object and CounterName == Counter

| summarize AvgCounter = avg(CounterValue) by bin(TimeGenerated, 1h), CounterName

| make-series PerfCounter = avg(AvgCounter) on TimeGenerated in range(StartDate,EndDate, 1d)

| extend (RSquare,Slope,Variance,RVariance,Interception,TrendLine)=series_fit_line(PerfCounter)

| render timechart

Summary: Providing a trend line for your data is pretty easy once you know the trick (or just use my sample). Thank you to Brian Wren who pointed me to this functionality!

Related posts
|
Read more
PDF Preview Image - Azure VMWare Proof of Concept Solution Sheet
Infrastructure | 17 Sep
Solution Sheet: Azure VMware Proof of Concept
Read more
CFSA Case Study Feature Image - dc.gov logo
Infrastructure | 7 Dec
Quisitive helps CFSA Launch Kinship Navigator Platform
Read more
Greene-Tweed-Smart-Factory-Case-Study-Feature-Image-AI in Manufacturing example
Infrastructure | 12 Aug
Greene Tweed Develops and Deploys Smart Factory with Quisitive
Read more