Skip to content

Commit

Permalink
Merge pull request #104 from MicrosoftDocs/main
Browse files Browse the repository at this point in the history 
Publish to live, Tuesday 4 AM PST, 9/17
  • Loading branch information
@ttorble
ttorble authored Sep 17, 2024
2 parents 583ab5c + 32a64ae commit 746f75e
Show file tree
Hide file tree
Showing 1,104 changed files with 53,272 additions and 1 deletion.
4 changes: 3 additions & 1 deletion articles/azure-monitor/reference/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ author: EdB-MSFT
ms.author: edbaynash
ms.service: azure-monitor
ms.topic: reference
ms.date: 08/15/2024
ms.date: 7/24/2023
---
# Azure Monitor data reference
Welcome to the reference documentation for [Azure Monitor](/azure/azure-monitor/). This documentation includes details about data collected by Azure Monitor from different sources.
Expand All @@ -17,3 +17,5 @@ The following sections are currently included in this documentation.

- [**Supported metrics**](./metrics-index.md) - A list of all platform metrics currently available within Azure Monitor
- [**Resource logs / Log Analytics log categories**](./logs-index.md) - A list of all resource logs available through Azure Monitor
- [**Log Analytics tables**](./tables-category.md) - Tables stored in Azure Monitor Logs. These are the same tables viewable and queryable through the Log Analytics interface in the Azure portal.
- [**Log Analytics sample queries**](./queries-by-table.md) - Sample queries to retrieve data from the log analytics tables. These queries are also available in the Log Analytics workspace.
1,846 changes: 1,846 additions & 0 deletions articles/azure-monitor/reference/queries-by-table.md
View file

Large diffs are not rendered by default.

49 changes: 49 additions & 0 deletions articles/azure-monitor/reference/queries/aacaudit.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---
title: Example log table queries for AACAudit
description: Example queries for AACAudit log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AACAudit table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Most recent delete key-value operations


List the most recent deleting key-value operations in App Config data plane.

```query
// This query helps retrieve the most recent 10 audit logs for deleting key-value operations in App Configuration data plane.
AACAudit
| where EventCategory == "ApplicationManagement" and OperationName == "delete-keyvalue"
| where TimeGenerated > ago(1h)
| sort by TimeGenerated desc
| limit 10
```



### Most recent client error


Lists the most recent failures because of client error.

```query
// This query helps list the most recent 10 audit logs for failures because of client error.
AACAudit
| where ResultType == "ClientError" and TimeGenerated > ago(1h)
| sort by TimeGenerated desc
| limit 10
```

65 changes: 65 additions & 0 deletions articles/azure-monitor/reference/queries/aachttprequest.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
title: Example log table queries for AACHttpRequest
description: Example queries for AACHttpRequest log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AACHttpRequest table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Throttled Requests


Lists of throttled requests to the App Config Service.

```query
// This query helps retrieve logs for throttled requests during past one hour.
AACHttpRequest
| where StatusCode == 429 and TimeGenerated > ago(1h)
| sort by TimeGenerated desc
```



### Most common server errors


Lists the most common error Status Code and a corresponding count.

```query
// This query helps retrieve logs for failed requests during past one hour by status code.
AACHttpRequest
| where StatusCode >= 500 and TimeGenerated > ago(1h)
| summarize ErrorCount=count() by StatusCode
| project StatusCode, ErrorCount
| sort by ErrorCount desc
```



### Most Active Clients by IP Address


Lists the most common IP Addresses to communicate with the App Config Service.

```query
// This query helps count requests by top 10 most active client IP addresses.
AACHttpRequest
| summarize Count=count() by ClientIPAddress
| project ClientIPAddress, Count
| sort by Count desc
| limit 10
```

30 changes: 30 additions & 0 deletions articles/azure-monitor/reference/queries/aadcustomsecurityattributeauditlogs.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
title: Example log table queries for AADCustomSecurityAttributeAuditLogs
description: Example queries for AADCustomSecurityAttributeAuditLogs log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADCustomSecurityAttributeAuditLogs table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### User's custom security attribute audits


Returns custom security attribute audit logs for a specific user.

```query
AADCustomSecurityAttributeAuditLogs
| extend targetUPN = parse_json(TargetResources)[0].userPrincipalName
| where targetUPN == 'CSALogTester@tenant.com'
| limit 100
```

28 changes: 28 additions & 0 deletions articles/azure-monitor/reference/queries/aaddomainservicesaccountlogon.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Example log table queries for AADDomainServicesAccountLogon
description: Example queries for AADDomainServicesAccountLogon log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADDomainServicesAccountLogon table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Show logs from AADDomainServicesAccountLogon table


Lists the latest logs in AADDomainServicesAccountLogon table, sorted by time (latest first).

```query
AADDomainServicesAccountLogon
| top 10 by TimeGenerated
```

28 changes: 28 additions & 0 deletions articles/azure-monitor/reference/queries/aaddomainservicesaccountmanagement.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Example log table queries for AADDomainServicesAccountManagement
description: Example queries for AADDomainServicesAccountManagement log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADDomainServicesAccountManagement table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Show logs from AADDomainServicesAccountManagement table


Lists the latest logs in AADDomainServicesAccountManagement table, sorted by time (latest first).

```query
AADDomainServicesAccountManagement
| top 10 by TimeGenerated
```

28 changes: 28 additions & 0 deletions ...cles/azure-monitor/reference/queries/aaddomainservicesdirectoryserviceaccess.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Example log table queries for AADDomainServicesDirectoryServiceAccess
description: Example queries for AADDomainServicesDirectoryServiceAccess log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADDomainServicesDirectoryServiceAccess table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Show logs from AADDomainServicesDirectoryServiceAccess table


Lists the latest logs in AADDomainServicesDirectoryServiceAccess table, sorted by time (latest first).

```query
AADDomainServicesDirectoryServiceAccess
| top 10 by TimeGenerated
```

28 changes: 28 additions & 0 deletions articles/azure-monitor/reference/queries/aaddomainserviceslogonlogoff.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Example log table queries for AADDomainServicesLogonLogoff
description: Example queries for AADDomainServicesLogonLogoff log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADDomainServicesLogonLogoff table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Show logs from AADDomainServicesLogonLogoff table


Lists the latest logs in AADDomainServicesLogonLogoff table, sorted by time (latest first).

```query
AADDomainServicesLogonLogoff
| top 10 by TimeGenerated
```

28 changes: 28 additions & 0 deletions articles/azure-monitor/reference/queries/aaddomainservicespolicychange.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Example log table queries for AADDomainServicesPolicyChange
description: Example queries for AADDomainServicesPolicyChange log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADDomainServicesPolicyChange table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Show logs from AADDomainServicesPolicyChange table


Lists the latest logs in AADDomainServicesPolicyChange table, sorted by time (latest first).

```query
AADDomainServicesPolicyChange
| top 10 by TimeGenerated
```

28 changes: 28 additions & 0 deletions articles/azure-monitor/reference/queries/aaddomainservicesprivilegeuse.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Example log table queries for AADDomainServicesPrivilegeUse
description: Example queries for AADDomainServicesPrivilegeUse log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADDomainServicesPrivilegeUse table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Show logs from AADDomainServicesPrivilegeUse table


Lists the latest logs in AADDomainServicesPrivilegeUse table, sorted by time (latest first).

```query
AADDomainServicesPrivilegeUse
| top 10 by TimeGenerated
```

31 changes: 31 additions & 0 deletions articles/azure-monitor/reference/queries/aadmanagedidentitysigninlogs.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
title: Example log table queries for AADManagedIdentitySignInLogs
description: Example queries for AADManagedIdentitySignInLogs log table
ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
ms.date: 09/16/2024

# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.

---

# Queries for the AADManagedIdentitySignInLogs table

For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).


### Most active managed identities


Gets list of top 100 most active managed identities for the last day.

```query
AADManagedIdentitySignInLogs
| where TimeGenerated > ago(1d)
| summarize CountPerManagedIdentity = count() by ServicePrincipalId
| order by CountPerManagedIdentity desc
| take 100
```

Loading

0 comments on commit 746f75e

Please sign in to comment.