diff --git a/README.md b/README.md
index e113804..c8a2e7b 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # aztail - cli to retrieve Azure logs
 
+![tests](https://github.com/bittrance/aztail/actions/workflows/pr.yaml/badge.svg?branch=main)
+
 aztail is an opinionated tool to retrieve logs from Azure App Insights and Azure Monitor Logs (also known as Log Analytics). These services are exposed as databases, but when debugging, you typically want to retrieve a the logs as a stream. aztail retrieves records from these databases and presents them as a log stream, picking fields that are likely to be relevant for each particular service. It also allows you to "tail" a log stream.
 
 ![aztail demo](./assets/aztail-min.gif)
@@ -15,6 +17,32 @@ Several more services are in the works: see the [sources](./examples/README.md)
 
 aztail is a single binary and can be downloaded from the repository [release page](https://github.com/bittrance/aztail/releases). aztail currently supports MacOS X, Linux and Windows x86-64. aztail depends on [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) as it does not itself handle authentication, but expect you to have used `az login` and `az account set` to provide it with a session.
 
+# Tutorial
+
+This simple `aztail` query returns logs for the last two minutes and proceeds to periodically requests logs that are newer than those already seen. This will request logs from all services that `aztail` knows how to present.
+
+```
+aztail --app-id 45cb2850-a0ed-4a3f-b616-c5fa650951d9 --start-time='-2 min' --follow
+```
+
+You can pass filters to scope down what logs are returned. Filters are OR:ed together so this returns logs from all functions in two function apps, but no logs from e.g. API management.
+
+```
+aztail --workspace d5886821-9c0d-4f08-b2f3-d6621f15c6f8 --start-time='-2 min' --function-app this-app --function-app that-app --follow
+```
+
+Start and end times accept both [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339) timestamps and colloquial time string, courtesy of [chrono-english](https://docs.rs/chrono-english/latest/chrono_english/) which tries to emulate the behavior of GNU date. This gives you logs for the last 24 hours.
+
+```
+aztail --workspace d5886821-9c0d-4f08-b2f3-d6621f15c6f8 --start-time='yesterday' --end-time='today'
+```
+
+If you want to explore the queries `aztail` asks, and the raw results that are returned, you can turn on debugging. Also useful when you want to report bugs.
+
+```
+aztail --workspace d5886821-9c0d-4f08-b2f3-d6621f15c6f8 --debug --follow
+```
+
 ## Usage
 
 ```