I noted recently how with a welcome enhancement to Logs blade in Azure Sentinel (and any Azure service with a Logs blade) we also lost the data sampling “eyeball.” It wasn’t a complaint exactly, I was just lamenting its demise.
However, after that post, @roygalpro, Azure Monitor Logs product manager offered up a Logs blade tip to help ease the passing of the eyeball.
I hadn’t realized this setting was available and apparently I’m just clueless because it has existed since October 2020 according to: Double click a table in Log Analytics table side bar to run a preview query.
…but here’s how it works…
Tap or click the “gear” icon to access Settings.
In the Settings pane, change “Adds the table name to query editor” (the default value) to “Run preview query.”
Now, when you double-click a table in the table list it will automatically insert and execute a data sampling query that provides a random set of data from the past 24 hours.
<TableName> | where TimeGenerated > ago(24h) | limit 10
I prefer this and will keep it this way.