How to do it...

Let's begin with table-based queries.

1. Navigate to the Azure portal (http://portal.azure.com) and sign in.
2. In the Azure portal, type Log Analytics in the Search resources search field and select your workspace.

3. In the Log Analytics blade for your workspace, click the Log Search button to take you to the search field.

4. In the Log Search page, click on the Advanced Analytics link under the search box to take you to the Analytics portal:

5. In the Analytics portal, click on the + button to open a new query tab:

6. In the new query field, type search * into the search field and click the Go button in the upper right hand corner of your screen to return all records from all tables in the workspace.
7. Review the query result set. Note that by default, only the first 10,000 records are returned, and only data from the last 24 hours is returned. Also, note that the SCHEMA and FILTER panes on the left hand side of your screen display which tables and data types exist within the workspace:

8. Next, type the following query to return counts of all data types in the Log Analytics workspace, in no particular order, and click the Go button:

search *
| summarize AggregatedValue = count() by Type

9. Take note of the various data types returned and the aggregated count values for each data type:

10. Open a new search tab and type the following query into the search field. Click the Go button to scope your query to the data from the Heartbeat table in your Log Analytics workspace and return the aggregated count of the Heartbeat data:

Heartbeat
| summarize AggregatedValue = count() by Type

11. Revise the query by typing Heartbeat into the search field, so as to remove the filter in the second query line, and click the Go button to return all records in the Heartbeat table.
12. Run the query shown in the following screenshot to determine the breakdown of data based on the OSType column in the Heartbeat table:

Heartbeat
| summarize AggregatedValue = count() by OSType

The query aggregates the initial result set of records from the Heartbeat table, and returns a distribution of records based on the OSType column values in the Heartbeat table.