Skip to main content

Program Execution Log Analysis - KQL Queries

This document provides a curated set of Kusto Query Language (KQL) queries designed to analyze and track program execution logs captured by Azure Application Insights.

The logs include both structured exceptions and custom application traces, enabling developers and support teams to monitor program execution, troubleshoot issues, and validate runtime behaviors for specific programs, tenants, and instances.

Note:
The Application Insights log queries in this section are applicable to deployments where Azure Application Insights is enabled (typically Azure-hosted environments).

What These Queries Track

The queries included here specifically target program execution logs by filtering on key dimensions like:

  • TenantId
  • ProgramId
  • ProgramName
  • InstanceId

They help answer questions like:

  • When did a particular program run for a tenant?
  • Were there any exceptions or errors during execution?
  • What messages and checkpoints were logged during program processing?

Application Insights Log Tables

Azure Application Insights stores log data primarily in these tables:

  • exceptions — structured logs when an error/exception occurs.
  • traces — general logs for application info, warnings, debug, and other messages.
  • You can also combine these tables using the union operator to get a consolidated view of program activity.

📑 Example Queries for Traces, Exceptions, and Combined Logs

🔍 1️⃣ Queries for Exceptions

These queries fetch structured exception events logged by Application Insights.

📌 1. Exceptions for a particular TenantId and ProgramId

exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programId == "<YourProgramId>"
| order by timestamp asc

📌 2. Exceptions for a particular TenantId, ProgramId, and InstanceId

exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programId)
  and isnotempty(customDimensions.instanceId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programId == "<YourProgramId>"
  and customDimensions.instanceId == "<YourInstanceId>"
| order by timestamp asc

📌 3. Exceptions for a particular TenantId and ProgramName

exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programName)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programName == "<YourProgramName>"
| order by timestamp asc

📌 4. Logs for a TenantId, ProgramName, and InstanceId

exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programName)
  and isnotempty(customDimensions.instanceId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programName == "<YourProgramName>"
  and customDimensions.instanceId == "<YourInstanceId>"
| order by timestamp asc

🔍 2️⃣ Queries for Traces

These queries fetch general application trace logs.

📌 1. Traces for a particular TenantId and ProgramId

traces
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programId == "<YourProgramId>"
| order by timestamp asc

📌 2. Traces for a particular TenantId, ProgramId, and InstanceId

traces
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programId)
  and isnotempty(customDimensions.instanceId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programId == "<YourProgramId>"
  and customDimensions.instanceId == "<YourInstanceId>"
| order by timestamp asc

📌 3. Traces for a particular TenantId and ProgramName

traces
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programName)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programName == "<YourProgramName>"
| order by timestamp asc

📌 4. Logs for a TenantId, ProgramName, and InstanceId

traces
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programName)
  and isnotempty(customDimensions.instanceId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programName == "<YourProgramName>"
  and customDimensions.instanceId == "<YourInstanceId>"
| order by timestamp asc

🔍 3️⃣ Union Queries (Combine Traces + Exceptions)

These queries merge logs from both exceptions and traces tables for unified visibility.

📌 1. Logs for a TenantId and ProgramId

union traces, exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programId == "<YourProgramId>"
| order by timestamp asc

📌 2. Logs for a TenantId, ProgramId, and InstanceId

union traces, exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programId)
  and isnotempty(customDimensions.instanceId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programId == "<YourProgramId>"
  and customDimensions.instanceId == "<YourInstanceId>"
| order by timestamp asc

📌 3. Logs for a TenantId and ProgramName

union traces, exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programName)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programName == "<YourProgramName>"
| order by timestamp asc

📌 4. Logs for a TenantId, ProgramName, and InstanceId

union traces, exceptions
| where isnotempty(customDimensions.TenantId)
  and isnotempty(customDimensions.programName)
  and isnotempty(customDimensions.instanceId)
  and customDimensions.TenantId == "<YourTenantId>"
  and customDimensions.programName == "<YourProgramName>"
  and customDimensions.instanceId == "<YourInstanceId>"
| order by timestamp asc

📌 Notes:

  • Replace <YourTenantId>, <YourProgramId>, <YourInstanceId>, and <YourProgramName> with your actual values.
  • Replace <YourTenantId> with the actual client tenant ID (e.g., '73').
  • Use exceptions table for structured error logs, and traces table for application messages.
  • Use union traces, exceptions if you want to view both in one query.
  • All queries are sorted by timestamp in ascending order for chronological analysis.
  • No aggregations are applied — queries fetch raw log records for granular review.