Identities with Custom ID: A Simpler, Smarter Way to Manage Communication Users
July 23, 2025Hello? Computer? Conversational Interfaces are the Key, not the Keyboard
July 23, 2025A search job is an asynchronous query that runs on any data in your Log Analytics workspace, including data from the long-term retention, making the results available for further queries in a new Analytics table within your workspace.
To efficiently search massive datasets, Search Job divides queries into smaller time-based segments, processes them in parallel, and returns the results. This approach optimizes scalability and enables reliable analysis, even over petabytes of data.
We’re excited to announce significant enhancements to Search Jobs, designed to make large-scale data exploration faster, easier, and more efficient.
What’s New in Search Job
Our latest update includes several powerful improvements:
- Intuitive and streamlined UI experience for faster and simpler setup.
- Cost estimation preview before running a Search Job.
- Previously, we had system limitations in place to ensure stability. Now, as more customers use Search Job, we’re removing most of these limits to enhance your experience:
- Result limits are being increased, with support for up to 100 million records coming soon.
- Enhanced concurrency, allowing more jobs to run in parallel.
- Removed the search date-range limit, now supporting any date range over the table’s retention.
These updates make it easier to explore massive datasets while giving you greater control over costs and performance.
Explore the New UI Experience
Let’s walk through a familiar scenario to showcase the new UI. Imagine you want to check if a specific client IP address has repeatedly accessed your system over the past year, as part of investigating suspicious activity. With the new Search Job experience, scanning through massive volumes of logs is now fast, simple, and intuitive.
Step-by-Step:
- Start by typing your query or selecting the relevant table – here, we’re querying the SecurityEvent table for a suspicious IP address.
- Open the ellipsis menu (…) on the right and choose “Search Job”.
Use the time picker to set your date range. For example, select ‘Last year’ to view a full year of activity, or choose a longer period if needed.
Name your new results table, such as SecurityEventJuly25.
Before running the job, you’ll see an approximate cost estimation, helping you decide if you want to proceed with the query.
Click Run to launch the Search Job. A new table is created in your workspace, allowing you to analyze results efficiently without impacting performance.
This new UI flow makes it seamless to handle even large-scale investigations like this, with fewer clicks and better visibility along the way.
What’s Next?
We’re continuing to enhance Search Job with broader KQL operator support and additional features. Stay tuned for more updates!
For a deeper dive into all these improvements, check out the full documentation https://aka.ms/LogAnalyticsSearchJobs.
For questions or feedback, feel free to leave a comment on the blog or use the “Give feedback” form directly in the Logs UI.