diff --git a/articles/azure-monitor/reference/index.md b/articles/azure-monitor/reference/index.md index ac2cbebc62..c24e85b69a 100644 --- a/articles/azure-monitor/reference/index.md +++ b/articles/azure-monitor/reference/index.md @@ -5,7 +5,7 @@ author: EdB-MSFT ms.author: edbaynash ms.service: azure-monitor ms.topic: reference -ms.date: 08/15/2024 +ms.date: 7/24/2023 --- # Azure Monitor data reference Welcome to the reference documentation for [Azure Monitor](/azure/azure-monitor/). This documentation includes details about data collected by Azure Monitor from different sources. @@ -17,3 +17,5 @@ The following sections are currently included in this documentation. - [**Supported metrics**](./metrics-index.md) - A list of all platform metrics currently available within Azure Monitor - [**Resource logs / Log Analytics log categories**](./logs-index.md) - A list of all resource logs available through Azure Monitor +- [**Log Analytics tables**](./tables-category.md) - Tables stored in Azure Monitor Logs. These are the same tables viewable and queryable through the Log Analytics interface in the Azure portal. +- [**Log Analytics sample queries**](./queries-by-table.md) - Sample queries to retrieve data from the log analytics tables. These queries are also available in the Log Analytics workspace. diff --git a/articles/azure-monitor/reference/queries-by-table.md b/articles/azure-monitor/reference/queries-by-table.md new file mode 100644 index 0000000000..281f1bee32 --- /dev/null +++ b/articles/azure-monitor/reference/queries-by-table.md @@ -0,0 +1,1846 @@ +--- +title: Azure Monitor log analytics queries by tables +description: Azure Monitor log analytics queries by tables +author: EdB-MSFT +ms.topic: reference +ms.service: azure-monitor +ms.date: 09/16/2024 +ms.author: edbaynash +ms.reviewer: lualderm + +--- + +# Azure Monitor log analytics sample queries. + +[Azure Monitor resource logs](/azure/azure-monitor/essentials/platform-logs-overview) are logs emitted by Azure services that describe the operation of those services or resources. When exported to a [Log Analytics workspace](/azure/azure-monitor/logs/log-analytics-workspace-overview) the logs are stored in tables. This set of articles contains sample queries to retrieve data from the log analytics tables. The queries are also available in the Log Analytics workspace. + + +## Sample queries by table + +## [AACAudit](./queries/AACAudit.md) + +- [Most recent delete key-value operations](./queries/AACAudit.md#most-recent-delete-key-value-operations) +- [Most recent client error](./queries/AACAudit.md#most-recent-client-error) + +## [AACHttpRequest](./queries/AACHttpRequest.md) + +- [Throttled Requests](./queries/AACHttpRequest.md#throttled-requests) +- [Most common server errors](./queries/AACHttpRequest.md#most-common-server-errors) +- [Most Active Clients by IP Address](./queries/AACHttpRequest.md#most-active-clients-by-ip-address) + +## [AADCustomSecurityAttributeAuditLogs](./queries/AADCustomSecurityAttributeAuditLogs.md) + +- [User's custom security attribute audits](./queries/AADCustomSecurityAttributeAuditLogs.md#users-custom-security-attribute-audits) + +## [AADDomainServicesAccountLogon](./queries/AADDomainServicesAccountLogon.md) + +- [Show logs from AADDomainServicesAccountLogon table](./queries/AADDomainServicesAccountLogon.md#show-logs-from-aaddomainservicesaccountlogon-table) + +## [AADDomainServicesAccountManagement](./queries/AADDomainServicesAccountManagement.md) + +- [Show logs from AADDomainServicesAccountManagement table](./queries/AADDomainServicesAccountManagement.md#show-logs-from-aaddomainservicesaccountmanagement-table) + +## [AADDomainServicesDirectoryServiceAccess](./queries/AADDomainServicesDirectoryServiceAccess.md) + +- [Show logs from AADDomainServicesDirectoryServiceAccess table](./queries/AADDomainServicesDirectoryServiceAccess.md#show-logs-from-aaddomainservicesdirectoryserviceaccess-table) + +## [AADDomainServicesLogonLogoff](./queries/AADDomainServicesLogonLogoff.md) + +- [Show logs from AADDomainServicesLogonLogoff table](./queries/AADDomainServicesLogonLogoff.md#show-logs-from-aaddomainserviceslogonlogoff-table) + +## [AADDomainServicesPolicyChange](./queries/AADDomainServicesPolicyChange.md) + +- [Show logs from AADDomainServicesPolicyChange table](./queries/AADDomainServicesPolicyChange.md#show-logs-from-aaddomainservicespolicychange-table) + +## [AADDomainServicesPrivilegeUse](./queries/AADDomainServicesPrivilegeUse.md) + +- [Show logs from AADDomainServicesPrivilegeUse table](./queries/AADDomainServicesPrivilegeUse.md#show-logs-from-aaddomainservicesprivilegeuse-table) + +## [AADManagedIdentitySignInLogs](./queries/AADManagedIdentitySignInLogs.md) + +- [Most active managed identities](./queries/AADManagedIdentitySignInLogs.md#most-active-managed-identities) + +## [AADNonInteractiveUserSignInLogs](./queries/AADNonInteractiveUserSignInLogs.md) + +- [Users with multiple cities](./queries/AADNonInteractiveUserSignInLogs.md#users-with-multiple-cities) +- [Most active ip addresses](./queries/AADNonInteractiveUserSignInLogs.md#most-active-ip-addresses) + +## [AADProvisioningLogs](./queries/AADProvisioningLogs.md) + +- [Provisioning actions for the last week](./queries/AADProvisioningLogs.md#provisioning-actions-for-the-last-week) +- [Provisioning errors](./queries/AADProvisioningLogs.md#provisioning-errors) +- [Provisioned objects by day](./queries/AADProvisioningLogs.md#provisioned-objects-by-day) + +## [AADRiskyUsers](./queries/AADRiskyUsers.md) + +- [High risk users](./queries/AADRiskyUsers.md#high-risk-users) + +## [AADServicePrincipalRiskEvents](./queries/AADServicePrincipalRiskEvents.md) + +- [Active service principal risk detections](./queries/AADServicePrincipalRiskEvents.md#active-service-principal-risk-detections) + +## [AADServicePrincipalSignInLogs](./queries/AADServicePrincipalSignInLogs.md) + +- [Most active service principals](./queries/AADServicePrincipalSignInLogs.md#most-active-service-principals) +- [Inactive service principals](./queries/AADServicePrincipalSignInLogs.md#inactive-service-principals) + +## [AADUserRiskEvents](./queries/AADUserRiskEvents.md) + +- [Recent user risk events](./queries/AADUserRiskEvents.md#recent-user-risk-events) +- [Active user risk detections](./queries/AADUserRiskEvents.md#active-user-risk-detections) + +## [ABSBotRequests](./queries/ABSBotRequests.md) + +- [Clients To Direct Line Channel](./queries/ABSBotRequests.md#clients-to-direct-line-channel) +- [Bot To Channels](./queries/ABSBotRequests.md#bot-to-channels) +- [Channels To Bot](./queries/ABSBotRequests.md#channels-to-bot) +- [Requests From Facebook To Azure Bot Service](./queries/ABSBotRequests.md#requests-from-facebook-to-azure-bot-service) +- [Requests From Azure Bot Service To Facebook API](./queries/ABSBotRequests.md#requests-from-azure-bot-service-to-facebook-api) +- [Activities Sent from Clients to Direct Line](./queries/ABSBotRequests.md#activities-sent-from-clients-to-direct-line) +- [Direct Line Channel Logs](./queries/ABSBotRequests.md#direct-line-channel-logs) +- [Failed Requests](./queries/ABSBotRequests.md#failed-requests) +- [Direct Line Channel Response Codes Line Chart](./queries/ABSBotRequests.md#direct-line-channel-response-codes-line-chart) +- [Requests Duration Line Chart](./queries/ABSBotRequests.md#requests-duration-line-chart) +- [Response Codes Line Chart](./queries/ABSBotRequests.md#response-codes-line-chart) +- [Response Codes PieChart](./queries/ABSBotRequests.md#response-codes-piechart) +- [Request Operations PieChart](./queries/ABSBotRequests.md#request-operations-piechart) + +## [ACICollaborationAudit](./queries/ACICollaborationAudit.md) + +- [How many times a resource was granted grants per pipeline run?](./queries/ACICollaborationAudit.md#how-many-times-a-resource-was-granted-grants-per-pipeline-run) +- [What entitlements was granted to my resource?](./queries/ACICollaborationAudit.md#what-entitlements-was-granted-to-my-resource) +- [What resources was granted accessed by an entitlement?](./queries/ACICollaborationAudit.md#what-resources-was-granted-accessed-by-an-entitlement) +- [Which participants was granted accessed to my resource?](./queries/ACICollaborationAudit.md#which-participants-was-granted-accessed-to-my-resource) + +## [ACRConnectedClientList](./queries/ACRConnectedClientList.md) + +- [Unique Redis client IP addresses](./queries/ACRConnectedClientList.md#unique-redis-client-ip-addresses) +- [Redis client connections per hour](./queries/ACRConnectedClientList.md#redis-client-connections-per-hour) + +## [ACREntraAuthenticationAuditLog](./queries/ACREntraAuthenticationAuditLog.md) + +- [Microsoft Entra authentication audit log](./queries/ACREntraAuthenticationAuditLog.md#microsoft-entra-authentication-audit-log) + +## [ACSAdvancedMessagingOperations](./queries/ACSAdvancedMessagingOperations.md) + +- [Advanced Messaging operations](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-operations) +- [Advanced Messaging operation duration percentiles](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-operation-duration-percentiles) +- [Advanced Messaging top 5 IP addresses per operation](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-top-5-ip-addresses-per-operation) +- [Advanced Messaging operational errors](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-operational-errors) +- [Advanced Messaging operation result counts](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-operation-result-counts) +- [Advanced Messaging channel activity](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-channel-activity) +- [Advanced Messaging message status count](./queries/ACSAdvancedMessagingOperations.md#advanced-messaging-message-status-count) + +## [ACSAuthIncomingOperations](./queries/ACSAuthIncomingOperations.md) + +- [List distinct auth operations](./queries/ACSAuthIncomingOperations.md#list-distinct-auth-operations) +- [Calculate auth operation duration percentiles](./queries/ACSAuthIncomingOperations.md#calculate-auth-operation-duration-percentiles) +- [Top 5 IP addresses per auth operation](./queries/ACSAuthIncomingOperations.md#top-5-ip-addresses-per-auth-operation) +- [Auth operational errors](./queries/ACSAuthIncomingOperations.md#auth-operational-errors) +- [Auth operation result counts](./queries/ACSAuthIncomingOperations.md#auth-operation-result-counts) + +## [ACSBillingUsage](./queries/ACSBillingUsage.md) + +- [Get long calls](./queries/ACSBillingUsage.md#get-long-calls) +- [Usage breakdown](./queries/ACSBillingUsage.md#usage-breakdown) +- [Record count breakdown](./queries/ACSBillingUsage.md#record-count-breakdown) +- [Participant Phone Numbers](./queries/ACSBillingUsage.md#participant-phone-numbers) + +## [ACSCallAutomationIncomingOperations](./queries/ACSCallAutomationIncomingOperations.md) + +- [Call Automation operations](./queries/ACSCallAutomationIncomingOperations.md#call-automation-operations) +- [Calculate Call Automation operation duration percentiles](./queries/ACSCallAutomationIncomingOperations.md#calculate-call-automation-operation-duration-percentiles) +- [Top 5 IP addresses per Call Automation operation](./queries/ACSCallAutomationIncomingOperations.md#top-5-ip-addresses-per-call-automation-operation) +- [Call Automation operational errors](./queries/ACSCallAutomationIncomingOperations.md#call-automation-operational-errors) +- [Call Automation operation result counts](./queries/ACSCallAutomationIncomingOperations.md#call-automation-operation-result-counts) +- [Call Automation logs for call connection ID](./queries/ACSCallAutomationIncomingOperations.md#call-automation-logs-for-call-connection-id) +- [Call Automation API operations on a call](./queries/ACSCallAutomationIncomingOperations.md#call-automation-api-operations-on-a-call) +- [CallDiagnostics log for CallAutomation API call](./queries/ACSCallAutomationIncomingOperations.md#calldiagnostics-log-for-callautomation-api-call) +- [CallSummary log for CallAutomation API call](./queries/ACSCallAutomationIncomingOperations.md#callsummary-log-for-callautomation-api-call) + +## [ACSCallAutomationMediaSummary](./queries/ACSCallAutomationMediaSummary.md) + +- [Loop play success rate](./queries/ACSCallAutomationMediaSummary.md#loop-play-success-rate) +- [Play to participant success rate](./queries/ACSCallAutomationMediaSummary.md#play-to-participant-success-rate) +- [Recognize success rate](./queries/ACSCallAutomationMediaSummary.md#recognize-success-rate) +- [Success rate by sub operation name](./queries/ACSCallAutomationMediaSummary.md#success-rate-by-sub-operation-name) + +## [ACSCallClientMediaStatsTimeSeries](./queries/ACSCallClientMediaStatsTimeSeries.md) + +- [Metrics per each media type](./queries/ACSCallClientMediaStatsTimeSeries.md#metrics-per-each-media-type) +- [Metric histogram per media type and direction](./queries/ACSCallClientMediaStatsTimeSeries.md#metric-histogram-per-media-type-and-direction) + +## [ACSCallClientOperations](./queries/ACSCallClientOperations.md) + +- [Count client operations by type](./queries/ACSCallClientOperations.md#count-client-operations-by-type) +- [Outgoing call failure reasons](./queries/ACSCallClientOperations.md#outgoing-call-failure-reasons) +- [Search calls by keyword](./queries/ACSCallClientOperations.md#search-calls-by-keyword) +- [Search all user facing diagnostics in a call](./queries/ACSCallClientOperations.md#search-all-user-facing-diagnostics-in-a-call) +- [Search all participants in a call](./queries/ACSCallClientOperations.md#search-all-participants-in-a-call) +- [Search all client operations in a call](./queries/ACSCallClientOperations.md#search-all-client-operations-in-a-call) + +## [ACSCallDiagnostics](./queries/ACSCallDiagnostics.md) + +- [Streams per call](./queries/ACSCallDiagnostics.md#streams-per-call) +- [Streams per call histogram](./queries/ACSCallDiagnostics.md#streams-per-call-histogram) +- [Media type ratio](./queries/ACSCallDiagnostics.md#media-type-ratio) +- [Transport type ratio](./queries/ACSCallDiagnostics.md#transport-type-ratio) +- [Average telemetry values](./queries/ACSCallDiagnostics.md#average-telemetry-values) +- [Jitter average histogram](./queries/ACSCallDiagnostics.md#jitter-average-histogram) +- [Jitter max histogram](./queries/ACSCallDiagnostics.md#jitter-max-histogram) +- [Packet loss rate average histogram](./queries/ACSCallDiagnostics.md#packet-loss-rate-average-histogram) +- [Packet loss rate max histogram](./queries/ACSCallDiagnostics.md#packet-loss-rate-max-histogram) +- [Round trip time average histogram](./queries/ACSCallDiagnostics.md#round-trip-time-average-histogram) +- [Round trip time max histogram](./queries/ACSCallDiagnostics.md#round-trip-time-max-histogram) +- [Jitter quality ratio](./queries/ACSCallDiagnostics.md#jitter-quality-ratio) +- [Packet loss rate quality ratio](./queries/ACSCallDiagnostics.md#packet-loss-rate-quality-ratio) +- [Round trip time quality ratio](./queries/ACSCallDiagnostics.md#round-trip-time-quality-ratio) +- [CallDiagnostics log for CallAutomation API call](./queries/ACSCallDiagnostics.md#calldiagnostics-log-for-callautomation-api-call) +- [Search calls by keyword](./queries/ACSCallDiagnostics.md#search-calls-by-keyword) +- [Search all participants in a call](./queries/ACSCallDiagnostics.md#search-all-participants-in-a-call) + +## [ACSCallRecordingIncomingOperations](./queries/ACSCallRecordingIncomingOperations.md) + +- [Call Recording operations](./queries/ACSCallRecordingIncomingOperations.md#call-recording-operations) +- [Calculate Call Recording operation duration percentiles](./queries/ACSCallRecordingIncomingOperations.md#calculate-call-recording-operation-duration-percentiles) +- [Top 5 IP addresses per Call Recording operation](./queries/ACSCallRecordingIncomingOperations.md#top-5-ip-addresses-per-call-recording-operation) +- [Call Recording operational errors](./queries/ACSCallRecordingIncomingOperations.md#call-recording-operational-errors) +- [Call Recording operation result counts](./queries/ACSCallRecordingIncomingOperations.md#call-recording-operation-result-counts) +- [Call Recording logs by ID](./queries/ACSCallRecordingIncomingOperations.md#call-recording-logs-by-id) + +## [ACSCallRecordingSummary](./queries/ACSCallRecordingSummary.md) + +- [Call Recording duration histogram](./queries/ACSCallRecordingSummary.md#call-recording-duration-histogram) +- [Call Recording duration percentiles](./queries/ACSCallRecordingSummary.md#call-recording-duration-percentiles) +- [Call Recording's end reason ratio](./queries/ACSCallRecordingSummary.md#call-recordings-end-reason-ratio) +- [Daily Call Recordings](./queries/ACSCallRecordingSummary.md#daily-call-recordings) +- [Hourly Call Recordings](./queries/ACSCallRecordingSummary.md#hourly-call-recordings) +- [Call Recording's mode ratio](./queries/ACSCallRecordingSummary.md#call-recordings-mode-ratio) + +## [ACSCallSummary](./queries/ACSCallSummary.md) + +- [Participants per call](./queries/ACSCallSummary.md#participants-per-call) +- [Participant Phone Numbers](./queries/ACSCallSummary.md#participant-phone-numbers) +- [Participants per group call](./queries/ACSCallSummary.md#participants-per-group-call) +- [Call type ratio](./queries/ACSCallSummary.md#call-type-ratio) +- [Call duration histogram](./queries/ACSCallSummary.md#call-duration-histogram) +- [Call duration percentiles](./queries/ACSCallSummary.md#call-duration-percentiles) +- [Daily calls](./queries/ACSCallSummary.md#daily-calls) +- [Hourly calls](./queries/ACSCallSummary.md#hourly-calls) +- [Endpoints per call](./queries/ACSCallSummary.md#endpoints-per-call) +- [SDK version ratio](./queries/ACSCallSummary.md#sdk-version-ratio) +- [OS version ratio](./queries/ACSCallSummary.md#os-version-ratio) +- [CallSummary log for CallAutomation API call](./queries/ACSCallSummary.md#callsummary-log-for-callautomation-api-call) +- [Search calls by keyword](./queries/ACSCallSummary.md#search-calls-by-keyword) +- [Search all participants in a call](./queries/ACSCallSummary.md#search-all-participants-in-a-call) +- [Search all client operations in a call](./queries/ACSCallSummary.md#search-all-client-operations-in-a-call) + +## [ACSCallSurvey](./queries/ACSCallSurvey.md) + +- [Overall call rating](./queries/ACSCallSurvey.md#overall-call-rating) +- [Audio rating](./queries/ACSCallSurvey.md#audio-rating) +- [Video rating](./queries/ACSCallSurvey.md#video-rating) +- [Screenshare rating](./queries/ACSCallSurvey.md#screenshare-rating) +- [Overall call issues](./queries/ACSCallSurvey.md#overall-call-issues) +- [Audio issues](./queries/ACSCallSurvey.md#audio-issues) +- [Video issues](./queries/ACSCallSurvey.md#video-issues) +- [Screenshare issues](./queries/ACSCallSurvey.md#screenshare-issues) +- [Search calls by keyword](./queries/ACSCallSurvey.md#search-calls-by-keyword) +- [Search all participants in a call](./queries/ACSCallSurvey.md#search-all-participants-in-a-call) + +## [ACSChatIncomingOperations](./queries/ACSChatIncomingOperations.md) + +- [Chat operations](./queries/ACSChatIncomingOperations.md#chat-operations) +- [Calculate chat operation duration percentiles](./queries/ACSChatIncomingOperations.md#calculate-chat-operation-duration-percentiles) +- [Top 5 IP addresses per chat operation](./queries/ACSChatIncomingOperations.md#top-5-ip-addresses-per-chat-operation) +- [Chat operational errors](./queries/ACSChatIncomingOperations.md#chat-operational-errors) +- [Chat operation result counts](./queries/ACSChatIncomingOperations.md#chat-operation-result-counts) + +## [ACSEmailSendMailOperational](./queries/ACSEmailSendMailOperational.md) + +- [Email Send Request Summary](./queries/ACSEmailSendMailOperational.md#email-send-request-summary) + +## [ACSEmailStatusUpdateOperational](./queries/ACSEmailStatusUpdateOperational.md) + +- [Email failed deliveries by recipient ID](./queries/ACSEmailStatusUpdateOperational.md#email-failed-deliveries-by-recipient-id) +- [Email Failed Deliveries by Message Id](./queries/ACSEmailStatusUpdateOperational.md#email-failed-deliveries-by-message-id) +- [Email Bounced and Suppressed Recipients](./queries/ACSEmailStatusUpdateOperational.md#email-bounced-and-suppressed-recipients) + +## [ACSJobRouterIncomingOperations](./queries/ACSJobRouterIncomingOperations.md) + +- [Job Router operations](./queries/ACSJobRouterIncomingOperations.md#job-router-operations) +- [Calculate Job Router operation duration percentiles](./queries/ACSJobRouterIncomingOperations.md#calculate-job-router-operation-duration-percentiles) +- [Top 5 IP addresses per Job Router operation](./queries/ACSJobRouterIncomingOperations.md#top-5-ip-addresses-per-job-router-operation) +- [Job Router operational errors](./queries/ACSJobRouterIncomingOperations.md#job-router-operational-errors) +- [Job Router operation result counts](./queries/ACSJobRouterIncomingOperations.md#job-router-operation-result-counts) + +## [ACSRoomsIncomingOperations](./queries/ACSRoomsIncomingOperations.md) + +- [Rooms operational errors](./queries/ACSRoomsIncomingOperations.md#rooms-operational-errors) +- [Rooms operation result counts](./queries/ACSRoomsIncomingOperations.md#rooms-operation-result-counts) +- [Rooms operation summary](./queries/ACSRoomsIncomingOperations.md#rooms-operation-summary) + +## [ACSSMSIncomingOperations](./queries/ACSSMSIncomingOperations.md) + +- [List distinct SMS operations](./queries/ACSSMSIncomingOperations.md#list-distinct-sms-operations) +- [Calculate SMS operation duration percentiles](./queries/ACSSMSIncomingOperations.md#calculate-sms-operation-duration-percentiles) +- [Top 5 IP addresses per SMS operation](./queries/ACSSMSIncomingOperations.md#top-5-ip-addresses-per-sms-operation) +- [SMS operational errors](./queries/ACSSMSIncomingOperations.md#sms-operational-errors) +- [SMS operation result counts](./queries/ACSSMSIncomingOperations.md#sms-operation-result-counts) + +## [ADAssessmentRecommendation](./queries/ADAssessmentRecommendation.md) + +- [AD Recommendations by Focus Area](./queries/ADAssessmentRecommendation.md#ad-recommendations-by-focus-area) +- [AD Recommendations by Computer](./queries/ADAssessmentRecommendation.md#ad-recommendations-by-computer) +- [AD Recommendations by Forest](./queries/ADAssessmentRecommendation.md#ad-recommendations-by-forest) +- [AD Recommendations by Domain](./queries/ADAssessmentRecommendation.md#ad-recommendations-by-domain) +- [AD Recommendations by DomainController](./queries/ADAssessmentRecommendation.md#ad-recommendations-by-domaincontroller) +- [AD Recommendations by AffectedObjectType](./queries/ADAssessmentRecommendation.md#ad-recommendations-by-affectedobjecttype) +- [How many times did each unique AD Recommendation trigger?](./queries/ADAssessmentRecommendation.md#how-many-times-did-each-unique-ad-recommendation-trigger) +- [High priority AD Assessment security recommendations](./queries/ADAssessmentRecommendation.md#high-priority-ad-assessment-security-recommendations) + +## [ADFActivityRun](./queries/ADFActivityRun.md) + +- [Activity Runs Availability](./queries/ADFActivityRun.md#activity-runs-availability) +- [Activity runs latest Status](./queries/ADFActivityRun.md#activity-runs-latest-status) + +## [ADFPipelineRun](./queries/ADFPipelineRun.md) + +- [PipelineRuns Availability](./queries/ADFPipelineRun.md#pipelineruns-availability) +- [Pipeline runs latest Status](./queries/ADFPipelineRun.md#pipeline-runs-latest-status) + +## [ADFSSignInLogs](./queries/ADFSSignInLogs.md) + +- [Top ADFS account lockouts](./queries/ADFSSignInLogs.md#top-adfs-account-lockouts) + +## [ADFTriggerRun](./queries/ADFTriggerRun.md) + +- [TriggerRuns Availability](./queries/ADFTriggerRun.md#triggerruns-availability) +- [Trigger runs latest Status](./queries/ADFTriggerRun.md#trigger-runs-latest-status) + +## [ADTDataHistoryOperation](./queries/ADTDataHistoryOperation.md) + +- [Data History operation failure logs](./queries/ADTDataHistoryOperation.md#data-history-operation-failure-logs) +- [Data History egress latency](./queries/ADTDataHistoryOperation.md#data-history-egress-latency) + +## [ADTDigitalTwinsOperation](./queries/ADTDigitalTwinsOperation.md) + +- [DigitalTwin Error Summary](./queries/ADTDigitalTwinsOperation.md#digitaltwin-error-summary) +- [DigitalTwin API Usage](./queries/ADTDigitalTwinsOperation.md#digitaltwin-api-usage) + +## [ADTEventRoutesOperation](./queries/ADTEventRoutesOperation.md) + +- [EventRoutes API Usage](./queries/ADTEventRoutesOperation.md#eventroutes-api-usage) + +## [ADTModelsOperation](./queries/ADTModelsOperation.md) + +- [Model Error Summary](./queries/ADTModelsOperation.md#model-error-summary) +- [Model API Usage](./queries/ADTModelsOperation.md#model-api-usage) + +## [ADTQueryOperation](./queries/ADTQueryOperation.md) + +- [Query Error Summary](./queries/ADTQueryOperation.md#query-error-summary) + +## [ADXIngestionBatching](./queries/ADXIngestionBatching.md) + +- [Ingestion batching size](./queries/ADXIngestionBatching.md#ingestion-batching-size) +- [Ingestion batching summary](./queries/ADXIngestionBatching.md#ingestion-batching-summary) +- [Ingestion batching duration timechart](./queries/ADXIngestionBatching.md#ingestion-batching-duration-timechart) + +## [ADXTableUsageStatistics](./queries/ADXTableUsageStatistics.md) + +- [Table usage by number of queries](./queries/ADXTableUsageStatistics.md#table-usage-by-number-of-queries) +- [Table usage by application](./queries/ADXTableUsageStatistics.md#table-usage-by-application) +- [Table data scanned - top time windows](./queries/ADXTableUsageStatistics.md#table-data-scanned---top-time-windows) +- [Table data scanned - top tables](./queries/ADXTableUsageStatistics.md#table-data-scanned---top-tables) + +## [AEWComputePipelinesLogs](./queries/AEWComputePipelinesLogs.md) + +- [AEWComputePipelinesLogs get daily tasks count](./queries/AEWComputePipelinesLogs.md#aewcomputepipelineslogs-get-daily-tasks-count) +- [AEWComputePipelinesLogs get failed tasks detail](./queries/AEWComputePipelinesLogs.md#aewcomputepipelineslogs-get-failed-tasks-detail) +- [AEWComputePipelinesLogs get long running jobs](./queries/AEWComputePipelinesLogs.md#aewcomputepipelineslogs-get-long-running-jobs) +- [AEWComputePipelinesLogs get task E2E latency time](./queries/AEWComputePipelinesLogs.md#aewcomputepipelineslogs-get-task-e2e-latency-time) + +## [AFSAuditLogs](./queries/AFSAuditLogs.md) + +- [Aggregate operations query](./queries/AFSAuditLogs.md#aggregate-operations-query) +- [Unauthorized requests query](./queries/AFSAuditLogs.md#unauthorized-requests-query) + +## [AGCAccessLogs](./queries/AGCAccessLogs.md) + +- [Client requests per hour](./queries/AGCAccessLogs.md#client-requests-per-hour) +- [5xx HTTP responses per hour](./queries/AGCAccessLogs.md#5xx-http-responses-per-hour) +- [4xx HTTP responses per hour](./queries/AGCAccessLogs.md#4xx-http-responses-per-hour) + +## [AGSGrafanaLoginEvents](./queries/AGSGrafanaLoginEvents.md) + +- [Show login error events](./queries/AGSGrafanaLoginEvents.md#show-login-error-events) + +## [AHDSDicomAuditLogs](./queries/AHDSDicomAuditLogs.md) + +- [DICOM privileged operations](./queries/AHDSDicomAuditLogs.md#dicom-privileged-operations) + +## [AHDSDicomDiagnosticLogs](./queries/AHDSDicomDiagnosticLogs.md) + +- [Log count per log starting with Dicom100 error code and CorrelationId](./queries/AHDSDicomDiagnosticLogs.md#log-count-per-log-starting-with-dicom100-error-code-and-correlationid) + +## [AHDSMedTechDiagnosticLogs](./queries/AHDSMedTechDiagnosticLogs.md) + +- [Most recent actionable MedTech logs](./queries/AHDSMedTechDiagnosticLogs.md#most-recent-actionable-medtech-logs) +- [Log count per MedTech log or exception type](./queries/AHDSMedTechDiagnosticLogs.md#log-count-per-medtech-log-or-exception-type) +- [MedTech healthcheck exceptions](./queries/AHDSMedTechDiagnosticLogs.md#medtech-healthcheck-exceptions) +- [MedTech normalization stage logs](./queries/AHDSMedTechDiagnosticLogs.md#medtech-normalization-stage-logs) +- [MedTech FHIR conversion stage logs](./queries/AHDSMedTechDiagnosticLogs.md#medtech-fhir-conversion-stage-logs) + +## [AKSAudit](./queries/AKSAudit.md) + +- [Volume of Kubernetes audit events per SourceIp](./queries/AKSAudit.md#volume-of-kubernetes-audit-events-per-sourceip) + +## [AKSAuditAdmin](./queries/AKSAuditAdmin.md) + +- [Volume of admin Kubernetes audit events per username](./queries/AKSAuditAdmin.md#volume-of-admin-kubernetes-audit-events-per-username) +- [Admin Kubernetes audit events for deployment](./queries/AKSAuditAdmin.md#admin-kubernetes-audit-events-for-deployment) + +## [AKSControlPlane](./queries/AKSControlPlane.md) + +- [Cluster Autoscaler logs](./queries/AKSControlPlane.md#cluster-autoscaler-logs) +- [Kubernetes API server logs](./queries/AKSControlPlane.md#kubernetes-api-server-logs) + +## [ALBHealthEvent](./queries/ALBHealthEvent.md) + +- [Latest Snat Port Exhaustion Per LB Frontend](./queries/ALBHealthEvent.md#latest-snat-port-exhaustion-per-lb-frontend) + +## [AMSKeyDeliveryRequests](./queries/AMSKeyDeliveryRequests.md) + +- [Key delivery successful request count by key type](./queries/AMSKeyDeliveryRequests.md#key-delivery-successful-request-count-by-key-type) +- [Key delivery failed requests](./queries/AMSKeyDeliveryRequests.md#key-delivery-failed-requests) +- [Key delivery requests latency at 95 and 99 percentiles](./queries/AMSKeyDeliveryRequests.md#key-delivery-requests-latency-at-95-and-99-percentiles) + +## [AMSLiveEventOperations](./queries/AMSLiveEventOperations.md) + +- [Live event ingest discontinuity operation count](./queries/AMSLiveEventOperations.md#live-event-ingest-discontinuity-operation-count) +- [Live event error operations](./queries/AMSLiveEventOperations.md#live-event-error-operations) + +## [AMSMediaAccountHealth](./queries/AMSMediaAccountHealth.md) + +- [Media account health events](./queries/AMSMediaAccountHealth.md#media-account-health-events) + +## [AMSStreamingEndpointRequests](./queries/AMSStreamingEndpointRequests.md) + +- [Streaming endpoint successful request count by client IP](./queries/AMSStreamingEndpointRequests.md#streaming-endpoint-successful-request-count-by-client-ip) +- [Streaming endpoint informational requests](./queries/AMSStreamingEndpointRequests.md#streaming-endpoint-informational-requests) + +## [AOIDatabaseQuery](./queries/AOIDatabaseQuery.md) + +- [Queries executed by a user on dataproduct](./queries/AOIDatabaseQuery.md#queries-executed-by-a-user-on-dataproduct) + +## [AOIDigestion](./queries/AOIDigestion.md) + +- [Row digestion errors](./queries/AOIDigestion.md#row-digestion-errors) +- [Failed file digestion by source](./queries/AOIDigestion.md#failed-file-digestion-by-source) + +## [AOIStorage](./queries/AOIStorage.md) + +- [Ingestion operation on storage](./queries/AOIStorage.md#ingestion-operation-on-storage) +- [Delete operation on storage](./queries/AOIStorage.md#delete-operation-on-storage) +- [Read operation on storage](./queries/AOIStorage.md#read-operation-on-storage) +- [Read operation on input storage](./queries/AOIStorage.md#read-operation-on-input-storage) + +## [ASCDeviceEvents](./queries/ASCDeviceEvents.md) + +- [Azure Sphere device authentication and attestation failures](./queries/ASCDeviceEvents.md#azure-sphere-device-authentication-and-attestation-failures) +- [Azure Sphere device events timeline](./queries/ASCDeviceEvents.md#azure-sphere-device-events-timeline) +- [Azure Sphere device heartbeat events timechart](./queries/ASCDeviceEvents.md#azure-sphere-device-heartbeat-events-timechart) +- [Azure Sphere devices not updated to latest OS](./queries/ASCDeviceEvents.md#azure-sphere-devices-not-updated-to-latest-os) +- [Azure Sphere device telemetry events summary](./queries/ASCDeviceEvents.md#azure-sphere-device-telemetry-events-summary) + +## [ASRJobs](./queries/ASRJobs.md) + +- [Get all test failover jobs run](./queries/ASRJobs.md#get-all-test-failover-jobs-run) + +## [ASRReplicatedItems](./queries/ASRReplicatedItems.md) + +- [Get replication health status history](./queries/ASRReplicatedItems.md#get-replication-health-status-history) + +## [ASimDnsActivityLogs](./queries/ASimDnsActivityLogs.md) + +- [Count DNS failures for a source by source and type](./queries/ASimDnsActivityLogs.md#count-dns-failures-for-a-source-by-source-and-type) +- [Identify excessive query for a nonexistent domain by a source](./queries/ASimDnsActivityLogs.md#identify-excessive-query-for-a-nonexistent-domain-by-a-source) + +## [AVNMConnectivityConfigurationChange](./queries/AVNMConnectivityConfigurationChange.md) + +- [Recent connectivity configuration changes](./queries/AVNMConnectivityConfigurationChange.md#recent-connectivity-configuration-changes) +- [Recent failed connectivity configuration changes](./queries/AVNMConnectivityConfigurationChange.md#recent-failed-connectivity-configuration-changes) + +## [AVNMIPAMPoolAllocationChange](./queries/AVNMIPAMPoolAllocationChange.md) + +- [AVNM IPAM pool allocation changes](./queries/AVNMIPAMPoolAllocationChange.md#avnm-ipam-pool-allocation-changes) +- [Failed AVNM IPAM pool allocation changes](./queries/AVNMIPAMPoolAllocationChange.md#failed-avnm-ipam-pool-allocation-changes) + +## [AVNMNetworkGroupMembershipChange](./queries/AVNMNetworkGroupMembershipChange.md) + +- [Get recent Network Group Membership changes](./queries/AVNMNetworkGroupMembershipChange.md#get-recent-network-group-membership-changes) +- [Failed Network Group Membership Changes](./queries/AVNMNetworkGroupMembershipChange.md#failed-network-group-membership-changes) + +## [AVNMRuleCollectionChange](./queries/AVNMRuleCollectionChange.md) + +- [Get recent security admin rule collection changes](./queries/AVNMRuleCollectionChange.md#get-recent-security-admin-rule-collection-changes) +- [Get recent failed security admin rule collection changes](./queries/AVNMRuleCollectionChange.md#get-recent-failed-security-admin-rule-collection-changes) + +## [AVSSyslog](./queries/AVSSyslog.md) + +- [Get DNS failures](./queries/AVSSyslog.md#get-dns-failures) +- [Get distributed Firewall logs](./queries/AVSSyslog.md#get-distributed-firewall-logs) +- [Get audit events for VM created](./queries/AVSSyslog.md#get-audit-events-for-vm-created) +- [Get audit events for VM deleted](./queries/AVSSyslog.md#get-audit-events-for-vm-deleted) +- [Get audit events for VM powered on](./queries/AVSSyslog.md#get-audit-events-for-vm-powered-on) +- [Get audit events for VM disconnected](./queries/AVSSyslog.md#get-audit-events-for-vm-disconnected) +- [Get audit events for VM rebooted](./queries/AVSSyslog.md#get-audit-events-for-vm-rebooted) +- [Get audit events for VM migrated](./queries/AVSSyslog.md#get-audit-events-for-vm-migrated) +- [Get audit events for host added](./queries/AVSSyslog.md#get-audit-events-for-host-added) +- [Get audit events for host shutdown](./queries/AVSSyslog.md#get-audit-events-for-host-shutdown) +- [Get audit events for host enter maintenance mode](./queries/AVSSyslog.md#get-audit-events-for-host-enter-maintenance-mode) +- [Get audit events for host exit maintenance mode](./queries/AVSSyslog.md#get-audit-events-for-host-exit-maintenance-mode) +- [Get audit events for host connected](./queries/AVSSyslog.md#get-audit-events-for-host-connected) +- [Get audit events for host connection lost](./queries/AVSSyslog.md#get-audit-events-for-host-connection-lost) +- [Get audit events for cluster](./queries/AVSSyslog.md#get-audit-events-for-cluster) +- [Get audit events count for NSX](./queries/AVSSyslog.md#get-audit-events-count-for-nsx) +- [Get audit events count for vCenter](./queries/AVSSyslog.md#get-audit-events-count-for-vcenter) +- [Get audit events for role added](./queries/AVSSyslog.md#get-audit-events-for-role-added) +- [Get AVS events with severity of Info](./queries/AVSSyslog.md#get-avs-events-with-severity-of-info) + +## [AWSCloudTrail](./queries/AWSCloudTrail.md) + +- [New users per region](./queries/AWSCloudTrail.md#new-users-per-region) +- [All AWS CloudTrail events](./queries/AWSCloudTrail.md#all-aws-cloudtrail-events) +- [AWSCT for user](./queries/AWSCloudTrail.md#awsct-for-user) +- [AWS console sign in](./queries/AWSCloudTrail.md#aws-console-sign-in) + +## [AWSGuardDuty](./queries/AWSGuardDuty.md) + +- [High severity findings](./queries/AWSGuardDuty.md#high-severity-findings) + +## [AWSVPCFlow](./queries/AWSVPCFlow.md) + +- [Rejected IPv4 actions](./queries/AWSVPCFlow.md#rejected-ipv4-actions) + +## [AZFWApplicationRule](./queries/AZFWApplicationRule.md) + +- [Application rule logs](./queries/AZFWApplicationRule.md#application-rule-logs) +- [All firewall decisions](./queries/AZFWApplicationRule.md#all-firewall-decisions) + +## [AZFWDnsQuery](./queries/AZFWDnsQuery.md) + +- [DNS proxy logs](./queries/AZFWDnsQuery.md#dns-proxy-logs) + +## [AZFWFatFlow](./queries/AZFWFatFlow.md) + +- [Azure Firewall Top Flow Logs](./queries/AZFWFatFlow.md#azure-firewall-top-flow-logs) + +## [AZFWFlowTrace](./queries/AZFWFlowTrace.md) + +- [Azure Firewall flow trace logs](./queries/AZFWFlowTrace.md#azure-firewall-flow-trace-logs) + +## [AZFWIdpsSignature](./queries/AZFWIdpsSignature.md) + +- [IDPS event logs](./queries/AZFWIdpsSignature.md#idps-event-logs) +- [All firewall decisions](./queries/AZFWIdpsSignature.md#all-firewall-decisions) + +## [AZFWInternalFqdnResolutionFailure](./queries/AZFWInternalFqdnResolutionFailure.md) + +- [Internal FQDN resolution failures](./queries/AZFWInternalFqdnResolutionFailure.md#internal-fqdn-resolution-failures) + +## [AZFWNatRule](./queries/AZFWNatRule.md) + +- [DNAT rule logs](./queries/AZFWNatRule.md#dnat-rule-logs) +- [All firewall decisions](./queries/AZFWNatRule.md#all-firewall-decisions) + +## [AZFWNetworkRule](./queries/AZFWNetworkRule.md) + +- [Network rule logs](./queries/AZFWNetworkRule.md#network-rule-logs) +- [All firewall decisions](./queries/AZFWNetworkRule.md#all-firewall-decisions) + +## [AZFWThreatIntel](./queries/AZFWThreatIntel.md) + +- [Threat intelligence logs](./queries/AZFWThreatIntel.md#threat-intelligence-logs) +- [All firewall decisions](./queries/AZFWThreatIntel.md#all-firewall-decisions) + +## [AZKVAuditLogs](./queries/AZKVAuditLogs.md) + +- [Are there any failures?](./queries/AZKVAuditLogs.md#are-there-any-failures) +- [Are there any slow requests?](./queries/AZKVAuditLogs.md#are-there-any-slow-requests) +- [How active has this KeyVault been?](./queries/AZKVAuditLogs.md#how-active-has-this-keyvault-been) +- [How fast is this KeyVault serving requests?](./queries/AZKVAuditLogs.md#how-fast-is-this-keyvault-serving-requests) +- [What changes occurred last month?](./queries/AZKVAuditLogs.md#what-changes-occurred-last-month) +- [Who is calling this KeyVault?](./queries/AZKVAuditLogs.md#who-is-calling-this-keyvault) + +## [AZMSDiagnosticErrorLogs](./queries/AZMSDiagnosticErrorLogs.md) + +- [Publish detailed error logs](./queries/AZMSDiagnosticErrorLogs.md#publish-detailed-error-logs) +- [Publish detailed error logs](./queries/AZMSDiagnosticErrorLogs.md#publish-detailed-error-logs) + +## [AZMSHybridConnectionsEvents](./queries/AZMSHybridConnectionsEvents.md) + +- [Publish HTTP send data for hybrid connection](./queries/AZMSHybridConnectionsEvents.md#publish-http-send-data-for-hybrid-connection) + +## [AZMSOperationalLogs](./queries/AZMSOperationalLogs.md) + +- [Publish success data for topics](./queries/AZMSOperationalLogs.md#publish-success-data-for-topics) +- [Publish failures for subscription](./queries/AZMSOperationalLogs.md#publish-failures-for-subscription) +- [Publish failures for namespace](./queries/AZMSOperationalLogs.md#publish-failures-for-namespace) +- [Publish success data for topics](./queries/AZMSOperationalLogs.md#publish-success-data-for-topics) +- [Publish failures for Topics](./queries/AZMSOperationalLogs.md#publish-failures-for-topics) +- [Publish failures for subscription](./queries/AZMSOperationalLogs.md#publish-failures-for-subscription) +- [Publish failures for namespace](./queries/AZMSOperationalLogs.md#publish-failures-for-namespace) + +## [AZMSRunTimeAuditLogs](./queries/AZMSRunTimeAuditLogs.md) + +- [Publish successful connection for AMQP protocol](./queries/AZMSRunTimeAuditLogs.md#publish-successful-connection-for-amqp-protocol) +- [Publish failed AAD logs](./queries/AZMSRunTimeAuditLogs.md#publish-failed-aad-logs) +- [Publish failed SAS logs](./queries/AZMSRunTimeAuditLogs.md#publish-failed-sas-logs) +- [Publish failure for send message](./queries/AZMSRunTimeAuditLogs.md#publish-failure-for-send-message) +- [Publish failure for Namespace](./queries/AZMSRunTimeAuditLogs.md#publish-failure-for-namespace) +- [[Classic] Errors in the last 7 days](./queries/AZMSRunTimeAuditLogs.md#classic-errors-in-the-last-7-days) +- [Publish successful connection for AMQP protocol](./queries/AZMSRunTimeAuditLogs.md#publish-successful-connection-for-amqp-protocol) +- [Publish failures for send message](./queries/AZMSRunTimeAuditLogs.md#publish-failures-for-send-message) +- [Publish failure for namespace](./queries/AZMSRunTimeAuditLogs.md#publish-failure-for-namespace) +- [Publish failed AAD logs](./queries/AZMSRunTimeAuditLogs.md#publish-failed-aad-logs) +- [Publish failed SAS logs](./queries/AZMSRunTimeAuditLogs.md#publish-failed-sas-logs) + +## [AZMSVnetConnectionEvents](./queries/AZMSVnetConnectionEvents.md) + +- [Publish deny connection by namespace](./queries/AZMSVnetConnectionEvents.md#publish-deny-connection-by-namespace) +- [Publish namespace vnet data](./queries/AZMSVnetConnectionEvents.md#publish-namespace-vnet-data) +- [Publish deny connection by namespace](./queries/AZMSVnetConnectionEvents.md#publish-deny-connection-by-namespace) +- [Publish virtual network events by namespace](./queries/AZMSVnetConnectionEvents.md#publish-virtual-network-events-by-namespace) +- [Publish deny connection by namespace](./queries/AZMSVnetConnectionEvents.md#publish-deny-connection-by-namespace) +- [Publish virtual network events by namespace](./queries/AZMSVnetConnectionEvents.md#publish-virtual-network-events-by-namespace) + +## [AddonAzureBackupJobs](./queries/AddonAzureBackupJobs.md) + +- [Distribution of Backup Jobs by Status](./queries/AddonAzureBackupJobs.md#distribution-of-backup-jobs-by-status) +- [Distribution of Restore Jobs by Status](./queries/AddonAzureBackupJobs.md#distribution-of-restore-jobs-by-status) +- [All Successful Jobs](./queries/AddonAzureBackupJobs.md#all-successful-jobs) +- [All Failed Jobs](./queries/AddonAzureBackupJobs.md#all-failed-jobs) + +## [AddonAzureBackupStorage](./queries/AddonAzureBackupStorage.md) + +- [Trend of total Cloud Storage consumed](./queries/AddonAzureBackupStorage.md#trend-of-total-cloud-storage-consumed) + +## [AegDataPlaneRequests](./queries/AegDataPlaneRequests.md) + +- [Unique unauthorized or forbidden client IP addresses](./queries/AegDataPlaneRequests.md#unique-unauthorized-or-forbidden-client-ip-addresses) + +## [AegDeliveryFailureLogs](./queries/AegDeliveryFailureLogs.md) + +- [Delivery failures by topic and error](./queries/AegDeliveryFailureLogs.md#delivery-failures-by-topic-and-error) +- [Delivery failures by topic and error](./queries/AegDeliveryFailureLogs.md#delivery-failures-by-topic-and-error) +- [Delivery failures by domain and error](./queries/AegDeliveryFailureLogs.md#delivery-failures-by-domain-and-error) +- [Topics Average Delivery Latency](./queries/AegDeliveryFailureLogs.md#topics-average-delivery-latency) +- [Domains Average Delivery Latency ](./queries/AegDeliveryFailureLogs.md#domains-average-delivery-latency) + +## [AegPublishFailureLogs](./queries/AegPublishFailureLogs.md) + +- [Publish failures by topic and error](./queries/AegPublishFailureLogs.md#publish-failures-by-topic-and-error) +- [Publish failures by topic and error](./queries/AegPublishFailureLogs.md#publish-failures-by-topic-and-error) +- [Publish failures by domain and error](./queries/AegPublishFailureLogs.md#publish-failures-by-domain-and-error) + +## [AgriFoodApplicationAuditLogs](./queries/AgriFoodApplicationAuditLogs.md) + +- [Failed authorization](./queries/AgriFoodApplicationAuditLogs.md#failed-authorization) + +## [AgriFoodFarmManagementLogs](./queries/AgriFoodFarmManagementLogs.md) + +- [Status of farm management operations for a farmer](./queries/AgriFoodFarmManagementLogs.md#status-of-farm-management-operations-for-a-farmer) +- [Status of all operations for a farmer](./queries/AgriFoodFarmManagementLogs.md#status-of-all-operations-for-a-farmer) +- [Usage trend for top 100 farmers based on the operations performed](./queries/AgriFoodFarmManagementLogs.md#usage-trend-for-top-100-farmers-based-on-the-operations-performed) + +## [AgriFoodJobProcessedLogs](./queries/AgriFoodJobProcessedLogs.md) + +- [Job execution statistics for a farmer](./queries/AgriFoodJobProcessedLogs.md#job-execution-statistics-for-a-farmer) + +## [AlertEvidence](./queries/AlertEvidence.md) + +- [Alerts involving a user](./queries/AlertEvidence.md#alerts-involving-a-user) + +## [AlertInfo](./queries/AlertInfo.md) + +- [Alerts by MITRE ATT&CK technique](./queries/AlertInfo.md#alerts-by-mitre-attck-technique) + +## [AmlComputeClusterEvent](./queries/AmlComputeClusterEvent.md) + +- [Get cluster events for clusters for specific VM size](./queries/AmlComputeClusterEvent.md#get-cluster-events-for-clusters-for-specific-vm-size) +- [Get number of running nodes](./queries/AmlComputeClusterEvent.md#get-number-of-running-nodes) +- [Graph of Running and Idle Node instances](./queries/AmlComputeClusterEvent.md#graph-of-running-and-idle-node-instances) + +## [AmlComputeCpuGpuUtilization](./queries/AmlComputeCpuGpuUtilization.md) + +- [Plot compute cluster utilization](./queries/AmlComputeCpuGpuUtilization.md#plot-compute-cluster-utilization) + +## [AmlComputeJobEvent](./queries/AmlComputeJobEvent.md) + +- [Get failed jobs](./queries/AmlComputeJobEvent.md#get-failed-jobs) +- [Get records for a job](./queries/AmlComputeJobEvent.md#get-records-for-a-job) +- [Display top 5 longest job runs](./queries/AmlComputeJobEvent.md#display-top-5-longest-job-runs) + +## [AmlDataSetEvent](./queries/AmlDataSetEvent.md) + +- [Count datasets reads](./queries/AmlDataSetEvent.md#count-datasets-reads) + +## [AmlEnvironmentEvent](./queries/AmlEnvironmentEvent.md) + +- [Request the history of accessing environment](./queries/AmlEnvironmentEvent.md#request-the-history-of-accessing-environment) + +## [AmlModelsEvent](./queries/AmlModelsEvent.md) + +- [Found users who accessed models](./queries/AmlModelsEvent.md#found-users-who-accessed-models) + +## [AmlOnlineEndpointConsoleLog](./queries/AmlOnlineEndpointConsoleLog.md) + +- [Online endpoint console logs](./queries/AmlOnlineEndpointConsoleLog.md#online-endpoint-console-logs) + +## [AmlOnlineEndpointEventLog](./queries/AmlOnlineEndpointEventLog.md) + +- [Online endpoint failure events](./queries/AmlOnlineEndpointEventLog.md#online-endpoint-failure-events) + +## [AmlOnlineEndpointTrafficLog](./queries/AmlOnlineEndpointTrafficLog.md) + +- [Online endpoint failed requests](./queries/AmlOnlineEndpointTrafficLog.md#online-endpoint-failed-requests) + +## [AmlRegistryWriteEventsLog](./queries/AmlRegistryWriteEventsLog.md) + +- [All WRITE events](./queries/AmlRegistryWriteEventsLog.md#all-write-events) + +## [Anomalies](./queries/Anomalies.md) + +- [Get Production Anomalies (last day)](./queries/Anomalies.md#get-production-anomalies-last-day) +- [Get Flighting Anomalies (last day)](./queries/Anomalies.md#get-flighting-anomalies-last-day) + +## [ApiManagementGatewayLogs](./queries/ApiManagementGatewayLogs.md) + +- [Number of requests](./queries/ApiManagementGatewayLogs.md#number-of-requests) +- [Logs of the last 100 calls](./queries/ApiManagementGatewayLogs.md#logs-of-the-last-100-calls) +- [Number of calls by APIs](./queries/ApiManagementGatewayLogs.md#number-of-calls-by-apis) +- [Bandwidth consumed](./queries/ApiManagementGatewayLogs.md#bandwidth-consumed) +- [Request sizes](./queries/ApiManagementGatewayLogs.md#request-sizes) +- [Response sizes](./queries/ApiManagementGatewayLogs.md#response-sizes) +- [Client TLS versions](./queries/ApiManagementGatewayLogs.md#client-tls-versions) +- [Error reasons breakdown](./queries/ApiManagementGatewayLogs.md#error-reasons-breakdown) +- [Last 100 failed requests](./queries/ApiManagementGatewayLogs.md#last-100-failed-requests) +- [Get failed requests due to issues related to the backend](./queries/ApiManagementGatewayLogs.md#get-failed-requests-due-to-issues-related-to-the-backend) +- [Get failed requests due to issues not related to the backend](./queries/ApiManagementGatewayLogs.md#get-failed-requests-due-to-issues-not-related-to-the-backend) +- [Overall latency](./queries/ApiManagementGatewayLogs.md#overall-latency) +- [Backend latency](./queries/ApiManagementGatewayLogs.md#backend-latency) +- [Client latency](./queries/ApiManagementGatewayLogs.md#client-latency) +- [Cache hit ratio](./queries/ApiManagementGatewayLogs.md#cache-hit-ratio) + +## [AppDependencies](./queries/AppDependencies.md) + +- [Failing dependencies](./queries/AppDependencies.md#failing-dependencies) + +## [AppEnvSpringAppConsoleLogs](./queries/AppEnvSpringAppConsoleLogs.md) + +- [Latest Container App first party Spring App errors](./queries/AppEnvSpringAppConsoleLogs.md#latest-container-app-first-party-spring-app-errors) + +## [AppExceptions](./queries/AppExceptions.md) + +- [Top 3 browser exceptions](./queries/AppExceptions.md#top-3-browser-exceptions) + +## [AppPageViews](./queries/AppPageViews.md) + +- [Page views trend](./queries/AppPageViews.md#page-views-trend) +- [Slowest pages](./queries/AppPageViews.md#slowest-pages) + +## [AppPlatformLogsforSpring](./queries/AppPlatformLogsforSpring.md) + +- [Show the application logs which contain the "error" or "exception" terms](./queries/AppPlatformLogsforSpring.md#show-the-application-logs-which-contain-the-error-or-exception-terms) +- [Show the error and exception number of each application](./queries/AppPlatformLogsforSpring.md#show-the-error-and-exception-number-of-each-application) + +## [AppPlatformSystemLogs](./queries/AppPlatformSystemLogs.md) + +- [Show the config server logs](./queries/AppPlatformSystemLogs.md#show-the-config-server-logs) +- [Show the service registry logs](./queries/AppPlatformSystemLogs.md#show-the-service-registry-logs) +- [Show the Spring Cloud Gateway logs](./queries/AppPlatformSystemLogs.md#show-the-spring-cloud-gateway-logs) +- [Show the API portal logs](./queries/AppPlatformSystemLogs.md#show-the-api-portal-logs) +- [Show the Application Configuration Service logs](./queries/AppPlatformSystemLogs.md#show-the-application-configuration-service-logs) +- [Show the Spring Cloud Gateway operator logs](./queries/AppPlatformSystemLogs.md#show-the-spring-cloud-gateway-operator-logs) + +## [AppRequests](./queries/AppRequests.md) + +- [Response time trend](./queries/AppRequests.md#response-time-trend) +- [Request count trend](./queries/AppRequests.md#request-count-trend) +- [Response time buckets](./queries/AppRequests.md#response-time-buckets) +- [Operations performance](./queries/AppRequests.md#operations-performance) +- [Top 10 countries by traffic](./queries/AppRequests.md#top-10-countries-by-traffic) +- [Failed requests – top 10](./queries/AppRequests.md#failed-requests--top-10) +- [Failed operations](./queries/AppRequests.md#failed-operations) +- [Exceptions causing request failures](./queries/AppRequests.md#exceptions-causing-request-failures) + +## [AppServiceAppLogs](./queries/AppServiceAppLogs.md) + +- [Count app logs by severity](./queries/AppServiceAppLogs.md#count-app-logs-by-severity) +- [App logs for each App Service](./queries/AppServiceAppLogs.md#app-logs-for-each-app-service) + +## [AppServiceAuditLogs](./queries/AppServiceAuditLogs.md) + +- [Audit Logs relating to unexpected users](./queries/AppServiceAuditLogs.md#audit-logs-relating-to-unexpected-users) + +## [AppServiceAuthenticationLogs](./queries/AppServiceAuthenticationLogs.md) + +- [Most recent errors from App Service Authentication](./queries/AppServiceAuthenticationLogs.md#most-recent-errors-from-app-service-authentication) +- [Most recent warnings from App Service Authentication](./queries/AppServiceAuthenticationLogs.md#most-recent-warnings-from-app-service-authentication) +- [Top 100 most frequent errors and warnings from App Service Authentication](./queries/AppServiceAuthenticationLogs.md#top-100-most-frequent-errors-and-warnings-from-app-service-authentication) + +## [AppServiceConsoleLogs](./queries/AppServiceConsoleLogs.md) + +- [Find console logs relating to application startup](./queries/AppServiceConsoleLogs.md#find-console-logs-relating-to-application-startup) + +## [AppServiceFileAuditLogs](./queries/AppServiceFileAuditLogs.md) + +- [File Audit Logs relating to a "Delete" operation](./queries/AppServiceFileAuditLogs.md#file-audit-logs-relating-to-a-delete-operation) + +## [AppServiceHTTPLogs](./queries/AppServiceHTTPLogs.md) + +- [App Service Health](./queries/AppServiceHTTPLogs.md#app-service-health) +- [Failure Categorization](./queries/AppServiceHTTPLogs.md#failure-categorization) +- [Response times of requests](./queries/AppServiceHTTPLogs.md#response-times-of-requests) +- [Top 5 Clients](./queries/AppServiceHTTPLogs.md#top-5-clients) +- [Top 5 Machines](./queries/AppServiceHTTPLogs.md#top-5-machines) + +## [AutoscaleEvaluationsLog](./queries/AutoscaleEvaluationsLog.md) + +- [Review Autoscale evaluations](./queries/AutoscaleEvaluationsLog.md#review-autoscale-evaluations) + +## [AutoscaleScaleActionsLog](./queries/AutoscaleScaleActionsLog.md) + +- [Display top Autoscale 50 logs](./queries/AutoscaleScaleActionsLog.md#display-top-autoscale-50-logs) +- [Autoscale operation status](./queries/AutoscaleScaleActionsLog.md#autoscale-operation-status) +- [Autoscale failed operations](./queries/AutoscaleScaleActionsLog.md#autoscale-failed-operations) + +## [AzureActivity](./queries/AzureActivity.md) + +- [[Classic] Find In AzureActivity](./queries/AzureActivity.md#classic-find-in-azureactivity) +- [Shut down Virtual Machines](./queries/AzureActivity.md#shut-down-virtual-machines) +- [Latest 50 logs](./queries/AzureActivity.md#latest-50-logs) +- [Operations' status](./queries/AzureActivity.md#operations-status) +- [Recent Azure Activity logs](./queries/AzureActivity.md#recent-azure-activity-logs) +- [Failed operations](./queries/AzureActivity.md#failed-operations) +- [Resources creation](./queries/AzureActivity.md#resources-creation) +- [Find In AzureActivity](./queries/AzureActivity.md#find-in-azureactivity) +- [Show logs from AzureActivity table](./queries/AzureActivity.md#show-logs-from-azureactivity-table) +- [Show logs from AzureActivity table](./queries/AzureActivity.md#show-logs-from-azureactivity-table) +- [Display top 50 Activity log events](./queries/AzureActivity.md#display-top-50-activity-log-events) +- [Display Activity log Administrative events](./queries/AzureActivity.md#display-activity-log-administrative-events) +- [VM creation](./queries/AzureActivity.md#vm-creation) +- [Display Activity log events generated from Policy](./queries/AzureActivity.md#display-activity-log-events-generated-from-policy) +- [List callers and their associated action in last 48 hours](./queries/AzureActivity.md#list-callers-and-their-associated-action-in-last-48-hours) +- [All Azure Activity](./queries/AzureActivity.md#all-azure-activity) +- [Azure Activity for user](./queries/AzureActivity.md#azure-activity-for-user) +- [Successful key enumaration](./queries/AzureActivity.md#successful-key-enumaration) +- [Network Access JIT initiation](./queries/AzureActivity.md#network-access-jit-initiation) +- [Azure Activity operation statistics](./queries/AzureActivity.md#azure-activity-operation-statistics) + +## [AzureAttestationDiagnostics](./queries/AzureAttestationDiagnostics.md) + +- [Are there any authorization failures?](./queries/AzureAttestationDiagnostics.md#are-there-any-authorization-failures) +- [Are there any slow requests?](./queries/AzureAttestationDiagnostics.md#are-there-any-slow-requests) +- [How active has this Attestation provider been?](./queries/AzureAttestationDiagnostics.md#how-active-has-this-attestation-provider-been) +- [Who is calling this attestation provider?](./queries/AzureAttestationDiagnostics.md#who-is-calling-this-attestation-provider) +- [Have there been any changes to attestation policy?](./queries/AzureAttestationDiagnostics.md#have-there-been-any-changes-to-attestation-policy) +- [Have there been any errors attempting to configure the attestation policy?](./queries/AzureAttestationDiagnostics.md#have-there-been-any-errors-attempting-to-configure-the-attestation-policy) + +## [AzureBackupOperations](./queries/AzureBackupOperations.md) + +- [Get all backup operations](./queries/AzureBackupOperations.md#get-all-backup-operations) + +## [AzureDiagnostics](./queries/AzureDiagnostics.md) + +- [Errors in automation jobs](./queries/AzureDiagnostics.md#errors-in-automation-jobs) +- [Find logs reporting errors in automation jobs from the last day](./queries/AzureDiagnostics.md#find-logs-reporting-errors-in-automation-jobs-from-the-last-day) +- [Azure Automation jobs that are failed, suspended, or stopped](./queries/AzureDiagnostics.md#azure-automation-jobs-that-are-failed-suspended-or-stopped) +- [Runbook completed successfully with errors](./queries/AzureDiagnostics.md#runbook-completed-successfully-with-errors) +- [View historical job status](./queries/AzureDiagnostics.md#view-historical-job-status) +- [Azure Automation jobs that are Completed](./queries/AzureDiagnostics.md#azure-automation-jobs-that-are-completed) +- [Successful tasks per job](./queries/AzureDiagnostics.md#successful-tasks-per-job) +- [Failed tasks per job](./queries/AzureDiagnostics.md#failed-tasks-per-job) +- [Task durations](./queries/AzureDiagnostics.md#task-durations) +- [Pool resizes](./queries/AzureDiagnostics.md#pool-resizes) +- [Pool resize failures](./queries/AzureDiagnostics.md#pool-resize-failures) +- [[Microsoft CDN (classic)] Requests per hour](./queries/AzureDiagnostics.md#microsoft-cdn-classic-requests-per-hour) +- [[Microsoft CDN (classic)] Traffic by URL](./queries/AzureDiagnostics.md#microsoft-cdn-classic-traffic-by-url) +- [[Microsoft CDN (classic)] 4XX error rate by URL](./queries/AzureDiagnostics.md#microsoft-cdn-classic-4xx-error-rate-by-url) +- [[Microsoft CDN (classic)] Request errors by user agent](./queries/AzureDiagnostics.md#microsoft-cdn-classic-request-errors-by-user-agent) +- [[Microsoft CDN (classic)] Top 10 URL request count](./queries/AzureDiagnostics.md#microsoft-cdn-classic-top-10-url-request-count) +- [[Microsoft CDN (classic)] Unique IP request count](./queries/AzureDiagnostics.md#microsoft-cdn-classic-unique-ip-request-count) +- [[Microsoft CDN (classic)] Top 10 client IPs and HTTP versions](./queries/AzureDiagnostics.md#microsoft-cdn-classic-top-10-client-ips-and-http-versions) +- [[Azure Front Door Standard/Premium] Top 20 blocked clients by IP and rule](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-top-20-blocked-clients-by-ip-and-rule) +- [[Azure Front Door Standard/Premium] Requests to origin by route](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-requests-to-origin-by-route) +- [[Azure Front Door Standard/Premium] Request errors by user agent](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-request-errors-by-user-agent) +- [[Azure Front Door Standard/Premium] Top 10 client IPs and http versions](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-top-10-client-ips-and-http-versions) +- [[Azure Front Door Standard/Premium] Request errors by host and path](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-request-errors-by-host-and-path) +- [[Azure Front Door Standard/Premium] Firewall blocked request count per hour](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-firewall-blocked-request-count-per-hour) +- [[Azure Front Door Standard/Premium] Firewall request count by host, path, rule, and action](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-firewall-request-count-by-host-path-rule-and-action) +- [[Azure Front Door Standard/Premium] Requests per hour](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-requests-per-hour) +- [[Azure Front Door Standard/Premium] Top 10 URL request count](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-top-10-url-request-count) +- [ [Azure Front Door Standard/Premium] Top 10 URL request count ](./queries/AzureDiagnostics.md#azure-front-door-standardpremium-top-10-url-request-count) +- [[Azure Front Door Standard/Premium] Unique IP request count](./queries/AzureDiagnostics.md#azure-front-door-standardpremium--unique-ip-request-count) +- [Find In AzureDiagnostics](./queries/AzureDiagnostics.md#find-in-azurediagnostics) +- [Execution time exceeding a threshold](./queries/AzureDiagnostics.md#execution-time-exceeding-a-threshold) +- [Show the Slowest queries ](./queries/AzureDiagnostics.md#show-the-slowest-queries) +- [Show Query's statistics](./queries/AzureDiagnostics.md#show-querys-statistics) +- [Review audit log events in GENERAL class ](./queries/AzureDiagnostics.md#review-audit-log-events-in-general-class) +- [Review audit log events in CONNECTION class ](./queries/AzureDiagnostics.md#review-audit-log-events-in-connection-class) +- [Execution time exceeding a threshold](./queries/AzureDiagnostics.md#execution-time-exceeding-a-threshold) +- [Show the Slowest queries ](./queries/AzureDiagnostics.md#show-the-slowest-queries) +- [Show Query's statistics](./queries/AzureDiagnostics.md#show-querys-statistics) +- [Review audit log events in GENERAL class ](./queries/AzureDiagnostics.md#review-audit-log-events-in-general-class) +- [Review audit log events in CONNECTION class ](./queries/AzureDiagnostics.md#review-audit-log-events-in-connection-class) +- [Autovacuum events](./queries/AzureDiagnostics.md#autovacuum-events) +- [Server restarts](./queries/AzureDiagnostics.md#server-restarts) +- [Find Errors](./queries/AzureDiagnostics.md#find-errors) +- [Unauthorized connections](./queries/AzureDiagnostics.md#unauthorized-connections) +- [Deadlocks](./queries/AzureDiagnostics.md#deadlocks) +- [Lock contention](./queries/AzureDiagnostics.md#lock-contention) +- [Audit logs](./queries/AzureDiagnostics.md#audit-logs) +- [Audit logs for table(s) and event type(s)](./queries/AzureDiagnostics.md#audit-logs-for-tables-and-event-types) +- [Queries with execution time exceeding a threshold](./queries/AzureDiagnostics.md#queries-with-execution-time-exceeding-a-threshold) +- [Slowest queries](./queries/AzureDiagnostics.md#slowest-queries) +- [Query statistics](./queries/AzureDiagnostics.md#query-statistics) +- [Execution count trends](./queries/AzureDiagnostics.md#execution-count-trends) +- [Top wait events](./queries/AzureDiagnostics.md#top-wait-events) +- [Wait event trends](./queries/AzureDiagnostics.md#wait-event-trends) +- [Connectvity errors](./queries/AzureDiagnostics.md#connectvity-errors) +- [Devices with most throttling errors](./queries/AzureDiagnostics.md#devices-with-most-throttling-errors) +- [Dead endpoints](./queries/AzureDiagnostics.md#dead-endpoints) +- [Error summary](./queries/AzureDiagnostics.md#error-summary) +- [Recently connected devices](./queries/AzureDiagnostics.md#recently-connected-devices) +- [SDK version of devices](./queries/AzureDiagnostics.md#sdk-version-of-devices) +- [Consumed RU/s in last 24 hours](./queries/AzureDiagnostics.md#consumed-rus-in-last-24-hours) +- [Collections with throttles (429) in past 24 hours](./queries/AzureDiagnostics.md#collections-with-throttles-429-in-past-24-hours) +- [Top operations by consumed Request Units (RUs) in last 24 hours](./queries/AzureDiagnostics.md#top-operations-by-consumed-request-units-rus-in-last-24-hours) +- [Top logical partition keys by storage](./queries/AzureDiagnostics.md#top-logical-partition-keys-by-storage) +- [[Classic] Duration of Capture failure](./queries/AzureDiagnostics.md#classic-duration-of-capture-failure) +- [[Classic] Join request for client](./queries/AzureDiagnostics.md#classic-join-request-for-client) +- [[Classic] Access to keyvault - key not found](./queries/AzureDiagnostics.md#classic-access-to-keyvault---key-not-found) +- [[Classic] Operation performed with keyvault](./queries/AzureDiagnostics.md#classic-operation-performed-with-keyvault) +- [Errors in the last 7 days](./queries/AzureDiagnostics.md#errors-in-the-last-7-days) +- [Duration of Capture failure](./queries/AzureDiagnostics.md#duration-of-capture-failure) +- [Join request for client](./queries/AzureDiagnostics.md#join-request-for-client) +- [Access to keyvault - key not found](./queries/AzureDiagnostics.md#access-to-keyvault---key-not-found) +- [Operation performed with keyvault](./queries/AzureDiagnostics.md#operation-performed-with-keyvault) +- [[Classic] How active has this KeyVault been?](./queries/AzureDiagnostics.md#classic-how-active-has-this-keyvault-been) +- [[Classic] Who is calling this KeyVault?](./queries/AzureDiagnostics.md#classic-who-is-calling-this-keyvault) +- [[Classic] Are there any slow requests?](./queries/AzureDiagnostics.md#classic-are-there-any-slow-requests) +- [[Classic] How fast is this KeyVault serving requests?](./queries/AzureDiagnostics.md#classic-how-fast-is-this-keyvault-serving-requests) +- [[Classic] Are there any failures?](./queries/AzureDiagnostics.md#classic-are-there-any-failures) +- [[Classic] What changes occurred last month?](./queries/AzureDiagnostics.md#classic-what-changes-occurred-last-month) +- [[Classic] List all input deserialization errors](./queries/AzureDiagnostics.md#classic-list-all-input-deserialization-errors) +- [[Classic] Find In AzureDiagnostics](./queries/AzureDiagnostics.md#classic-find-in-azurediagnostics) +- [Total billable executions](./queries/AzureDiagnostics.md#total-billable-executions) +- [Logic App execution distribution by workflows](./queries/AzureDiagnostics.md#logic-app-execution-distribution-by-workflows) +- [Logic App execution distribution by status](./queries/AzureDiagnostics.md#logic-app-execution-distribution-by-status) +- [Triggered failures count](./queries/AzureDiagnostics.md#triggered-failures-count) +- [Requests per hour](./queries/AzureDiagnostics.md#requests-per-hour) +- [Non-SSL requests per hour](./queries/AzureDiagnostics.md#non-ssl-requests-per-hour) +- [Failed requests per hour](./queries/AzureDiagnostics.md#failed-requests-per-hour) +- [Errors by user agent](./queries/AzureDiagnostics.md#errors-by-user-agent) +- [Errors by URI](./queries/AzureDiagnostics.md#errors-by-uri) +- [Top 10 Client IPs](./queries/AzureDiagnostics.md#top-10-client-ips) +- [Top HTTP versions](./queries/AzureDiagnostics.md#top-http-versions) +- [Network security events](./queries/AzureDiagnostics.md#network-security-events) +- [Requests per hour](./queries/AzureDiagnostics.md#requests-per-hour) +- [Forwarded backend requests by routing rule](./queries/AzureDiagnostics.md#forwarded-backend-requests-by-routing-rule) +- [Request errors by host and path](./queries/AzureDiagnostics.md#request-errors-by-host-and-path) +- [Request errors by user agent](./queries/AzureDiagnostics.md#request-errors-by-user-agent) +- [Top 10 client IPs and http versions](./queries/AzureDiagnostics.md#top-10-client-ips-and-http-versions) +- [Firewall blocked request count per hour](./queries/AzureDiagnostics.md#firewall-blocked-request-count-per-hour) +- [Top 20 blocked clients by IP and rule](./queries/AzureDiagnostics.md#top-20-blocked-clients-by-ip-and-rule) +- [Firewall request count by host, path, rule, and action](./queries/AzureDiagnostics.md#firewall-request-count-by-host-path-rule-and-action) +- [Application rule log data](./queries/AzureDiagnostics.md#application-rule-log-data) +- [Network rule log data](./queries/AzureDiagnostics.md#network-rule-log-data) +- [Threat Intelligence rule log data](./queries/AzureDiagnostics.md#threat-intelligence-rule-log-data) +- [Azure Firewall log data](./queries/AzureDiagnostics.md#azure-firewall-log-data) +- [Azure Firewall DNS proxy log data](./queries/AzureDiagnostics.md#azure-firewall-dns-proxy-log-data) +- [BGP route table](./queries/AzureDiagnostics.md#bgp-route-table) +- [BGP informational messages](./queries/AzureDiagnostics.md#bgp-informational-messages) +- [Endpoints with monitoring Status down](./queries/AzureDiagnostics.md#endpoints-with-monitoring-status-down) +- [Successful P2S connections](./queries/AzureDiagnostics.md#successful-p2s-connections) +- [Failed P2S connections](./queries/AzureDiagnostics.md#failed-p2s-connections) +- [Gateway configuration changes](./queries/AzureDiagnostics.md#gateway-configuration-changes) +- [S2S tunnel connet/disconnect events](./queries/AzureDiagnostics.md#s2s-tunnel-connetdisconnect-events) +- [BGP route updates](./queries/AzureDiagnostics.md#bgp-route-updates) +- [Show logs from AzureDiagnostics table](./queries/AzureDiagnostics.md#show-logs-from-azurediagnostics-table) +- [Failed backup jobs](./queries/AzureDiagnostics.md#failed-backup-jobs) +- [[Classic] List Management operations](./queries/AzureDiagnostics.md#classic-list-management-operations) +- [[Classic] Error Summary](./queries/AzureDiagnostics.md#classic-error-summary) +- [[Classic] Keyvault access attempt - key not found](./queries/AzureDiagnostics.md#classic-keyvault-access-attempt---key-not-found) +- [[Classic] AutoDeleted entities](./queries/AzureDiagnostics.md#classic-autodeleted-entities) +- [[Classic] Keyvault performed operational](./queries/AzureDiagnostics.md#classic-keyvault-performed-operational) +- [Management operations in the last 7 days](./queries/AzureDiagnostics.md#management-operations-in-the-last-7-days) +- [Errors summary](./queries/AzureDiagnostics.md#errors-summary) +- [Keyvault access attempt - key not found](./queries/AzureDiagnostics.md#keyvault-access-attempt---key-not-found) +- [AutoDeleted entities](./queries/AzureDiagnostics.md#autodeleted-entities) +- [Keyvault performed operational](./queries/AzureDiagnostics.md#keyvault-performed-operational) +- [Storage on managed instances above 90%](./queries/AzureDiagnostics.md#storage-on-managed-instances-above-90) +- [CPU utilization treshold above 95% on managed instances](./queries/AzureDiagnostics.md#cpu-utilization-treshold-above-95-on-managed-instances) +- [Display all active intelligent insights](./queries/AzureDiagnostics.md#display-all-active-intelligent-insights) +- [Wait stats](./queries/AzureDiagnostics.md#wait-stats) +- [List all input data errors](./queries/AzureDiagnostics.md#list-all-input-data-errors) +- [List all input deserialization errors](./queries/AzureDiagnostics.md#list-all-input-deserialization-errors) +- [List all InvalidInputTimeStamp errors](./queries/AzureDiagnostics.md#list-all-invalidinputtimestamp-errors) +- [List all InvalidInputTimeStampKey errors](./queries/AzureDiagnostics.md#list-all-invalidinputtimestampkey-errors) +- [Events that arrived late](./queries/AzureDiagnostics.md#events-that-arrived-late) +- [Events that arrived early](./queries/AzureDiagnostics.md#events-that-arrived-early) +- [Events that arrived out of order](./queries/AzureDiagnostics.md#events-that-arrived-out-of-order) +- [All output data errors](./queries/AzureDiagnostics.md#all-output-data-errors) +- [List all RequiredColumnMissing errors](./queries/AzureDiagnostics.md#list-all-requiredcolumnmissing-errors) +- [List all ColumnNameInvalid errors](./queries/AzureDiagnostics.md#list-all-columnnameinvalid-errors) +- [List all TypeConversionError errors](./queries/AzureDiagnostics.md#list-all-typeconversionerror-errors) +- [List all RecordExceededSizeLimit errors](./queries/AzureDiagnostics.md#list-all-recordexceededsizelimit-errors) +- [List all DuplicateKey errors](./queries/AzureDiagnostics.md#list-all-duplicatekey-errors) +- [All logs with level "Error"](./queries/AzureDiagnostics.md#all-logs-with-level-error) +- [Operations that have "Failed"](./queries/AzureDiagnostics.md#operations-that-have-failed) +- [Output Throttling logs (Cosmos DB, Power BI, Event Hubs)](./queries/AzureDiagnostics.md#output-throttling-logs-cosmos-db-power-bi-event-hubs) +- [Transient input and output errors](./queries/AzureDiagnostics.md#transient-input-and-output-errors) +- [Summary of all data errors in the last 7 days](./queries/AzureDiagnostics.md#summary-of-all-data-errors-in-the-last-7-days) +- [Summary of all errors in the last 7 days](./queries/AzureDiagnostics.md#summary-of-all-errors-in-the-last-7-days) +- [Summary of 'Failed' operations in the last 7 days](./queries/AzureDiagnostics.md#summary-of-failed-operations-in-the-last-7-days) + +## [AzureLoadTestingOperation](./queries/AzureLoadTestingOperation.md) + +- [Azure load test creation count](./queries/AzureLoadTestingOperation.md#azure-load-test-creation-count) +- [Azure load test run creation count](./queries/AzureLoadTestingOperation.md#azure-load-test-run-creation-count) + +## [AzureMetrics](./queries/AzureMetrics.md) + +- [Pie chart of HTTP response codes](./queries/AzureMetrics.md#pie-chart-of-http-response-codes) +- [Line chart of response times](./queries/AzureMetrics.md#line-chart-of-response-times) +- [[Classic] Find In AzureMetrics](./queries/AzureMetrics.md#classic-find-in-azuremetrics) +- [Latest metrics](./queries/AzureMetrics.md#latest-metrics) +- [Find In AzureMetrics](./queries/AzureMetrics.md#find-in-azuremetrics) +- [ExpressRoute Circuit BitsInPerSecond traffic graph](./queries/AzureMetrics.md#expressroute-circuit-bitsinpersecond-traffic-graph) +- [ExpressRoute Circuit BitsOutPerSecond traffic graph](./queries/AzureMetrics.md#expressroute-circuit-bitsoutpersecond-traffic-graph) +- [ExpressRoute Circuit ArpAvailablility graph](./queries/AzureMetrics.md#expressroute-circuit-arpavailablility-graph) +- [ExpressRoute Circuit BGP availability](./queries/AzureMetrics.md#expressroute-circuit-bgp-availability) +- [Avg CPU usage](./queries/AzureMetrics.md#avg-cpu-usage) +- [Performance troubleshooting](./queries/AzureMetrics.md#performance-troubleshooting) +- [Loading Data](./queries/AzureMetrics.md#loading-data) +- [P2S connection count](./queries/AzureMetrics.md#p2s-connection-count) +- [P2S bandwidth utilization](./queries/AzureMetrics.md#p2s-bandwidth-utilization) +- [Gateway throughput](./queries/AzureMetrics.md#gateway-throughput) +- [Show logs from AzureMetrics table](./queries/AzureMetrics.md#show-logs-from-azuremetrics-table) +- [Show logs from AzureMetrics table](./queries/AzureMetrics.md#show-logs-from-azuremetrics-table) +- [Cluster availability (KeepAlive)](./queries/AzureMetrics.md#cluster-availability-keepalive) + +## [CCFApplicationLogs](./queries/CCFApplicationLogs.md) + +- [CCF application errors](./queries/CCFApplicationLogs.md#ccf-application-errors) + +## [CHSMManagementAuditLogs](./queries/CHSMManagementAuditLogs.md) + +- [Aggregate operations query](./queries/CHSMManagementAuditLogs.md#aggregate-operations-query) +- [Failed operations count](./queries/CHSMManagementAuditLogs.md#failed-operations-count) +- [Operations per user](./queries/CHSMManagementAuditLogs.md#operations-per-user) + +## [CHSMServiceOperationAuditLogs](./queries/CHSMServiceOperationAuditLogs.md) + +- [Are there any slow requests?](./queries/CHSMServiceOperationAuditLogs.md#are-there-any-slow-requests) +- [How active has this Cloud HSM been?](./queries/CHSMServiceOperationAuditLogs.md#how-active-has-this-cloud-hsm-been) +- [Are there any failures?](./queries/CHSMServiceOperationAuditLogs.md#are-there-any-failures) +- [Who is calling this Cloud HSM?](./queries/CHSMServiceOperationAuditLogs.md#who-is-calling-this-cloud-hsm) + +## [CIEventsAudit](./queries/CIEventsAudit.md) + +- [CIEventsAudit - API response codes line chart](./queries/CIEventsAudit.md#cieventsaudit---api-response-codes-line-chart) +- [CIEventsAudit - result type ClientError](./queries/CIEventsAudit.md#cieventsaudit---result-type-clienterror) +- [CIEventsAudit - security level Error](./queries/CIEventsAudit.md#cieventsaudit---security-level-error) +- [CIEvents - all events for a specific correlation id](./queries/CIEventsAudit.md#cievents---all-events-for-a-specific-correlation-id) +- [CIEventsAudit - all events for a specific instance ID](./queries/CIEventsAudit.md#cieventsaudit---all-events-for-a-specific-instance-id) + +## [CIEventsOperational](./queries/CIEventsOperational.md) + +- [CIEventsOperational - event type ApiEvent](./queries/CIEventsOperational.md#cieventsoperational---event-type-apievent) +- [CIEventsOperational- event type WorkflowEvent](./queries/CIEventsOperational.md#cieventsoperational--event-type-workflowevent) +- [CIEvents - all events for a specific correlation id](./queries/CIEventsOperational.md#cievents---all-events-for-a-specific-correlation-id) +- [CIEventsOperational - all events for a specific instance ID](./queries/CIEventsOperational.md#cieventsoperational---all-events-for-a-specific-instance-id) + +## [CassandraLogs](./queries/CassandraLogs.md) + +- [Cassandra logs](./queries/CassandraLogs.md#cassandra-logs) +- [Cassandra errors or warnings](./queries/CassandraLogs.md#cassandra-errors-or-warnings) + +## [ChaosStudioExperimentEventLogs](./queries/ChaosStudioExperimentEventLogs.md) + +- [Failed experiment runs](./queries/ChaosStudioExperimentEventLogs.md#failed-experiment-runs) +- [Experiment events on last experiment run](./queries/ChaosStudioExperimentEventLogs.md#experiment-events-on-last-experiment-run) + +## [CloudAppEvents](./queries/CloudAppEvents.md) + +- [File name extension change](./queries/CloudAppEvents.md#file-name-extension-change) + +## [CommonSecurityLog](./queries/CommonSecurityLog.md) + +- [Palo Alto collector machine usage](./queries/CommonSecurityLog.md#palo-alto-collector-machine-usage) +- [Cisco ASA events type usage](./queries/CommonSecurityLog.md#cisco-asa-events-type-usage) +- [Device events volume statistics](./queries/CommonSecurityLog.md#device-events-volume-statistics) + +## [ConfidentialWatchlist](./queries/ConfidentialWatchlist.md) + +- [Get confidential Watchlist aliases](./queries/ConfidentialWatchlist.md#get-confidential-watchlist-aliases) +- [Lookup events using a confidential Watchlist](./queries/ConfidentialWatchlist.md#lookup-events-using-a-confidential-watchlist) + +## [ConfigurationChange](./queries/ConfigurationChange.md) + +- [Stopped Windows services ](./queries/ConfigurationChange.md#stopped-windows-services) +- [Software changes](./queries/ConfigurationChange.md#software-changes) +- [Service changes](./queries/ConfigurationChange.md#service-changes) +- [Software change type per computer](./queries/ConfigurationChange.md#software-change-type-per-computer) +- [Stopped services](./queries/ConfigurationChange.md#stopped-services) +- [Software change count per category](./queries/ConfigurationChange.md#software-change-count-per-category) +- [Removed software changes](./queries/ConfigurationChange.md#removed-software-changes) + +## [ConfigurationData](./queries/ConfigurationData.md) + +- [Recent stopped auto services](./queries/ConfigurationData.md#recent-stopped-auto-services) + +## [ContainerAppConsoleLogs](./queries/ContainerAppConsoleLogs.md) + +- [Latest Container App user errors](./queries/ContainerAppConsoleLogs.md#latest-container-app-user-errors) + +## [ContainerImageInventory](./queries/ContainerImageInventory.md) + +- [Image inventory](./queries/ContainerImageInventory.md#image-inventory) +- [Find In ContainerImageInventory](./queries/ContainerImageInventory.md#find-in-containerimageinventory) + +## [ContainerInventory](./queries/ContainerInventory.md) + +- [Container Lifecycle Information](./queries/ContainerInventory.md#container-lifecycle-information) + +## [ContainerLog](./queries/ContainerLog.md) + +- [Find a value in Container Logs Table](./queries/ContainerLog.md#find-a-value-in-container-logs-table) +- [Billable Log Data by log-type](./queries/ContainerLog.md#billable-log-data-by-log-type) +- [List container logs per namespace](./queries/ContainerLog.md#list-container-logs-per-namespace) +- [Find In ContainerLog](./queries/ContainerLog.md#find-in-containerlog) + +## [ContainerLogV2](./queries/ContainerLogV2.md) + +- [Find In ContainerLogV2](./queries/ContainerLogV2.md#find-in-containerlogv2) + +## [ContainerNodeInventory](./queries/ContainerNodeInventory.md) + +- [Find In ContainerNodeInventory](./queries/ContainerNodeInventory.md#find-in-containernodeinventory) + +## [ContainerRegistryLoginEvents](./queries/ContainerRegistryLoginEvents.md) + +- [Show login events reported over the last hour](./queries/ContainerRegistryLoginEvents.md#show-login-events-reported-over-the-last-hour) + +## [ContainerRegistryRepositoryEvents](./queries/ContainerRegistryRepositoryEvents.md) + +- [Show registry events reported over the last hour](./queries/ContainerRegistryRepositoryEvents.md#show-registry-events-reported-over-the-last-hour) + +## [ContainerServiceLog](./queries/ContainerServiceLog.md) + +- [Find In ContainerServiceLog](./queries/ContainerServiceLog.md#find-in-containerservicelog) + +## [CoreAzureBackup](./queries/CoreAzureBackup.md) + +- [Backup Items by Vault and Backup item type](./queries/CoreAzureBackup.md#backup-items-by-vault-and-backup-item-type) + +## [DCRLogErrors](./queries/DCRLogErrors.md) + +- [Ingestion and Transformation errors from data collection rules](./queries/DCRLogErrors.md#ingestion-and-transformation-errors-from-data-collection-rules) + +## [DNSQueryLogs](./queries/DNSQueryLogs.md) + +- [DNS queries by virtual network and return code](./queries/DNSQueryLogs.md#dns-queries-by-virtual-network-and-return-code) + +## [DataTransferOperations](./queries/DataTransferOperations.md) + +- [Discovered object](./queries/DataTransferOperations.md#discovered-object) +- [Terminal object state](./queries/DataTransferOperations.md#terminal-object-state) + +## [DatabricksWorkspaceLogs](./queries/DatabricksWorkspaceLogs.md) + +- [List all Databricks Diagnostic Settings categories](./queries/DatabricksWorkspaceLogs.md#list-all-databricks-diagnostic-settings-categories) + +## [DataverseActivity](./queries/DataverseActivity.md) + +- [Dataverse events filtered by operation type](./queries/DataverseActivity.md#dataverse-events-filtered-by-operation-type) + +## [DevCenterDiagnosticLogs](./queries/DevCenterDiagnosticLogs.md) + +- [Failed actions query](./queries/DevCenterDiagnosticLogs.md#failed-actions-query) + +## [DevCenterResourceOperationLogs](./queries/DevCenterResourceOperationLogs.md) + +- [Hibernate Unsupported Check](./queries/DevCenterResourceOperationLogs.md#hibernate-unsupported-check) + +## [DeviceCalendar](./queries/DeviceCalendar.md) + +- [Exchange Error](./queries/DeviceCalendar.md#exchange-error) + +## [DeviceCleanup](./queries/DeviceCleanup.md) + +- [Cleanup Failure](./queries/DeviceCleanup.md#cleanup-failure) + +## [DeviceHardwareHealth](./queries/DeviceHardwareHealth.md) + +- [Hardware Minor](./queries/DeviceHardwareHealth.md#hardware-minor) +- [Hardware Alert](./queries/DeviceHardwareHealth.md#hardware-alert) + +## [DeviceHealth](./queries/DeviceHealth.md) + +- [Software Alert](./queries/DeviceHealth.md#software-alert) + +## [DeviceSkypeHeartbeat](./queries/DeviceSkypeHeartbeat.md) + +- [Skype Error](./queries/DeviceSkypeHeartbeat.md#skype-error) + +## [DeviceTvmSecureConfigurationAssessment](./queries/DeviceTvmSecureConfigurationAssessment.md) + +- [Devices with antivirus configurations issue](./queries/DeviceTvmSecureConfigurationAssessment.md#devices-with-antivirus-configurations-issue) + +## [DeviceTvmSoftwareInventory](./queries/DeviceTvmSoftwareInventory.md) + +- [Unsupported software titles](./queries/DeviceTvmSoftwareInventory.md#unsupported-software-titles) + +## [DeviceTvmSoftwareVulnerabilities](./queries/DeviceTvmSoftwareVulnerabilities.md) + +- [Devices affected by a specific vulnerability](./queries/DeviceTvmSoftwareVulnerabilities.md#devices-affected-by-a-specific-vulnerability) + +## [DnsEvents](./queries/DnsEvents.md) + +- [Clients Resolving Malicious Domains](./queries/DnsEvents.md#clients-resolving-malicious-domains) + +## [EGNFailedHttpDataPlaneOperations](./queries/EGNFailedHttpDataPlaneOperations.md) + +- [TLS 1.3 Lower query](./queries/EGNFailedHttpDataPlaneOperations.md#tls-13-lower-query) + +## [EGNFailedMqttConnections](./queries/EGNFailedMqttConnections.md) + +- [Authentication error query](./queries/EGNFailedMqttConnections.md#authentication-error-query) + +## [EGNMqttDisconnections](./queries/EGNMqttDisconnections.md) + +- [Disconnections reason query](./queries/EGNMqttDisconnections.md#disconnections-reason-query) +- [Session disconnections query](./queries/EGNMqttDisconnections.md#session-disconnections-query) + +## [EGNSuccessfulHttpDataPlaneOperations](./queries/EGNSuccessfulHttpDataPlaneOperations.md) + +- [TLS 1.3 Lower query](./queries/EGNSuccessfulHttpDataPlaneOperations.md#tls-13-lower-query) + +## [EGNSuccessfulMqttConnections](./queries/EGNSuccessfulMqttConnections.md) + +- [Session connections query](./queries/EGNSuccessfulMqttConnections.md#session-connections-query) + +## [EmailAttachmentInfo](./queries/EmailAttachmentInfo.md) + +- [Files from malicious sender](./queries/EmailAttachmentInfo.md#files-from-malicious-sender) +- [Emails to external domains with attachments](./queries/EmailAttachmentInfo.md#emails-to-external-domains-with-attachments) + +## [EmailEvents](./queries/EmailEvents.md) + +- [Phishing emails from the top 10 sender domains](./queries/EmailEvents.md#phishing-emails-from-the-top-10-sender-domains) +- [Emails with malware](./queries/EmailEvents.md#emails-with-malware) + +## [EmailPostDeliveryEvents](./queries/EmailPostDeliveryEvents.md) + +- [Post-delivery administrator actions](./queries/EmailPostDeliveryEvents.md#post-delivery-administrator-actions) +- [Unremediated post-delivery phishing email detections](./queries/EmailPostDeliveryEvents.md#unremediated-post-delivery-phishing-email-detections) +- [Full email processing details](./queries/EmailPostDeliveryEvents.md#full-email-processing-details) + +## [EmailUrlInfo](./queries/EmailUrlInfo.md) + +- [URLs in an email](./queries/EmailUrlInfo.md#urls-in-an-email) + +## [Event](./queries/Event.md) + +- [Memory usage percentage](./queries/Event.md#memory-usage-percentage) +- [Avg node CPU usage percentage](./queries/Event.md#avg-node-cpu-usage-percentage) +- [Virtual machines failed](./queries/Event.md#virtual-machines-failed) +- [Total virtual machines in a cluster.](./queries/Event.md#total-virtual-machines-in-a-cluster) +- [Available volume capacity in a cluster.](./queries/Event.md#available-volume-capacity-in-a-cluster) +- [Volume latency](./queries/Event.md#volume-latency) +- [Volume IOPS](./queries/Event.md#volume-iops) +- [Volume throughput](./queries/Event.md#volume-throughput) +- [Cluster node down](./queries/Event.md#cluster-node-down) +- [Memory usage percentage](./queries/Event.md#memory-usage-percentage) +- [Ingestion latency (end-to-end) timechart - Event table](./queries/Event.md#ingestion-latency-end-to-end-timechart---event-table) +- [Show the trend of a selected event](./queries/Event.md#show-the-trend-of-a-selected-event) +- [Error event on computer missing security co critical update](./queries/Event.md#error-event-on-computer-missing-security-co-critical-update) +- [All Events in the past hour](./queries/Event.md#all-events-in-the-past-hour) +- [Events started](./queries/Event.md#events-started) +- [Events by event source](./queries/Event.md#events-by-event-source) +- [Events by event ID](./queries/Event.md#events-by-event-id) +- [Warning events](./queries/Event.md#warning-events) +- [Count of warning events](./queries/Event.md#count-of-warning-events) +- [Events in OM between 2000 to 3000](./queries/Event.md#events-in-om-between-2000-to-3000) +- [Windows Fireawall policy settings](./queries/Event.md#windows-fireawall-policy-settings) +- [Windows Fireawall policy settings changed by machines](./queries/Event.md#windows-fireawall-policy-settings-changed-by-machines) + +## [FailedIngestion](./queries/FailedIngestion.md) + +- [Failed ingestions by errors](./queries/FailedIngestion.md#failed-ingestions-by-errors) +- [Failed ingestions timechart](./queries/FailedIngestion.md#failed-ingestions-timechart) +- [Failed Ingestions](./queries/FailedIngestion.md#failed-ingestions) + +## [FunctionAppLogs](./queries/FunctionAppLogs.md) + +- [Show application logs from Function Apps](./queries/FunctionAppLogs.md#show-application-logs-from-function-apps) +- [Show logs with warnings or exceptions](./queries/FunctionAppLogs.md#show-logs-with-warnings-or-exceptions) +- [Error and exception count](./queries/FunctionAppLogs.md#error-and-exception-count) +- [Function activity over time](./queries/FunctionAppLogs.md#function-activity-over-time) +- [Function results](./queries/FunctionAppLogs.md#function-results) +- [Function Error rate](./queries/FunctionAppLogs.md#function-error-rate) + +## [GCPAuditLogs](./queries/GCPAuditLogs.md) + +- [PubSub subscription logs with severity info](./queries/GCPAuditLogs.md#pubsub-subscription-logs-with-severity-info) + +## [Heartbeat](./queries/Heartbeat.md) + +- [Count heartbeats](./queries/Heartbeat.md#count-heartbeats) +- [Last heartbeat of each computer](./queries/Heartbeat.md#last-heartbeat-of-each-computer) +- [Ingestion latency (end-to-end) spikes - Heartbeat table](./queries/Heartbeat.md#ingestion-latency-end-to-end-spikes---heartbeat-table) +- [Agent latency spikes - Heartbeat table](./queries/Heartbeat.md#agent-latency-spikes---heartbeat-table) +- [Recently stopped heartbeats - Heartbeat table](./queries/Heartbeat.md#recently-stopped-heartbeats---heartbeat-table) +- [Computers availability today](./queries/Heartbeat.md#computers-availability-today) +- [Unavailable computers](./queries/Heartbeat.md#unavailable-computers) +- [Availability rate](./queries/Heartbeat.md#availability-rate) +- [Not reporting VMs](./queries/Heartbeat.md#not-reporting-vms) +- [Computers list](./queries/Heartbeat.md#computers-list) +- [Find In Heartbeat](./queries/Heartbeat.md#find-in-heartbeat) + +## [IdentityDirectoryEvents](./queries/IdentityDirectoryEvents.md) + +- [Group Membership changed](./queries/IdentityDirectoryEvents.md#group-membership-changed) +- [Password change event](./queries/IdentityDirectoryEvents.md#password-change-event) + +## [IdentityLogonEvents](./queries/IdentityLogonEvents.md) + +- [LDAP authentication processes with cleartext passwords](./queries/IdentityLogonEvents.md#ldap-authentication-processes-with-cleartext-passwords) + +## [IdentityQueryEvents](./queries/IdentityQueryEvents.md) + +- [SAMR queries to Active Directory](./queries/IdentityQueryEvents.md#samr-queries-to-active-directory) + +## [InsightsMetrics](./queries/InsightsMetrics.md) + +- [IoT Edge: Device offline or not sending messages upstream at expected rate](./queries/InsightsMetrics.md#iot-edge-device-offline-or-not-sending-messages-upstream-at-expected-rate) +- [IoT Edge: Edge Hub queue size over threshold](./queries/InsightsMetrics.md#iot-edge-edge-hub-queue-size-over-threshold) +- [Maximum node disk ](./queries/InsightsMetrics.md#maximum-node-disk) +- [Prometheus disk read per second per node](./queries/InsightsMetrics.md#prometheus-disk-read-per-second-per-node) +- [Find In InsightsMetrics](./queries/InsightsMetrics.md#find-in-insightsmetrics) +- [What data is being collected?](./queries/InsightsMetrics.md#what-data-is-being-collected) +- [Virtual Machine available memory](./queries/InsightsMetrics.md#virtual-machine-available-memory) +- [Chart CPU usage trends by computer](./queries/InsightsMetrics.md#chart-cpu-usage-trends-by-computer) +- [Virtual Machine free disk space ](./queries/InsightsMetrics.md#virtual-machine-free-disk-space) +- [Track VM Availability using Heartbeat ](./queries/InsightsMetrics.md#track-vm-availability-using-heartbeat) +- [Top 10 Virtual Machines by CPU utilization](./queries/InsightsMetrics.md#top-10-virtual-machines-by-cpu-utilization) +- [Bottom 10 Free disk space %](./queries/InsightsMetrics.md#bottom-10-free-disk-space-) + +## [KubeEvents](./queries/KubeEvents.md) + +- [Kubernetes events](./queries/KubeEvents.md#kubernetes-events) +- [Find In KubeEvents](./queries/KubeEvents.md#find-in-kubeevents) + +## [KubeMonAgentEvents](./queries/KubeMonAgentEvents.md) + +- [Find In KubeMonAgentEvents](./queries/KubeMonAgentEvents.md#find-in-kubemonagentevents) + +## [KubeNodeInventory](./queries/KubeNodeInventory.md) + +- [Avg node CPU usage percentage per minute ](./queries/KubeNodeInventory.md#avg-node-cpu-usage-percentage-per-minute) +- [Avg node memory usage percentage per minute](./queries/KubeNodeInventory.md#avg-node-memory-usage-percentage-per-minute) +- [Readiness status per node](./queries/KubeNodeInventory.md#readiness-status-per-node) +- [Find In KubeNodeInventory](./queries/KubeNodeInventory.md#find-in-kubenodeinventory) + +## [KubePodInventory](./queries/KubePodInventory.md) + +- [Pods in crash loop](./queries/KubePodInventory.md#pods-in-crash-loop) +- [Pods in pending state](./queries/KubePodInventory.md#pods-in-pending-state) +- [Find In KubePodInventory](./queries/KubePodInventory.md#find-in-kubepodinventory) + +## [KubeServices](./queries/KubeServices.md) + +- [Find In KubeServices](./queries/KubeServices.md#find-in-kubeservices) + +## [LAQueryLogs](./queries/LAQueryLogs.md) + +- [Most Requested ResourceIds](./queries/LAQueryLogs.md#most-requested-resourceids) +- [Unauthorized Users](./queries/LAQueryLogs.md#unauthorized-users) +- [Throttled Users](./queries/LAQueryLogs.md#throttled-users) +- [Request Count by ResponseCode](./queries/LAQueryLogs.md#request-count-by-responsecode) +- [Top 10 resource intensive queries](./queries/LAQueryLogs.md#top-10-resource-intensive-queries) +- [Top 10 longest time range queries](./queries/LAQueryLogs.md#top-10-longest-time-range-queries) + +## [LASummaryLogs](./queries/LASummaryLogs.md) + +- [Bin Rules Query Duration](./queries/LASummaryLogs.md#bin-rules-query-duration) + +## [LogicAppWorkflowRuntime](./queries/LogicAppWorkflowRuntime.md) + +- [Count of failed workflow operations from Logic App Workflow Runtime](./queries/LogicAppWorkflowRuntime.md#count-of-failed-workflow-operations-from-logic-app-workflow-runtime) + +## [MDCDetectionDNSEvents](./queries/MDCDetectionDNSEvents.md) + +- [All DNS events where the domain queried was 'www.google.com' ordered by time](./queries/MDCDetectionDNSEvents.md#all-dns-events-where-the-domain-queried-was-wwwgooglecom-ordered-by-time) +- [All recent Gating validation events](./queries/MDCDetectionDNSEvents.md#all-recent-gating-validation-events) + +## [MDCDetectionFimEvents](./queries/MDCDetectionFimEvents.md) + +- [All FIM events for directories](./queries/MDCDetectionFimEvents.md#all-fim-events-for-directories) + +## [MNFDeviceUpdates](./queries/MNFDeviceUpdates.md) + +- [Find all entries where value is active](./queries/MNFDeviceUpdates.md#find-all-entries-where-value-is-active) +- [Find all entries where value is up](./queries/MNFDeviceUpdates.md#find-all-entries-where-value-is-up) +- [Find all events of the type VxlanVlanToVniVlan](./queries/MNFDeviceUpdates.md#find-all-events-of-the-type-vxlanvlantovnivlan) +- [Find all entries where afisafiname is not of the type L2VPN_EVPN](./queries/MNFDeviceUpdates.md#find-all-entries-where-afisafiname-is-not-of-the-type-l2vpn_evpn) +- [Find all entries where network instance name is of the type workload-mgmt](./queries/MNFDeviceUpdates.md#find-all-entries-where-network-instance-name-is-of-the-type-workload-mgmt) + +## [MNFSystemSessionHistoryUpdates](./queries/MNFSystemSessionHistoryUpdates.md) + +- [Find all entries where session update user is admin](./queries/MNFSystemSessionHistoryUpdates.md#find-all-entries-where-session-update-user-is-admin) + +## [MNFSystemStateMessageUpdates](./queries/MNFSystemStateMessageUpdates.md) + +- [Find all errors from Syslog](./queries/MNFSystemStateMessageUpdates.md#find-all-errors-from-syslog) + +## [MicrosoftDataShareReceivedSnapshotLog](./queries/MicrosoftDataShareReceivedSnapshotLog.md) + +- [List received snapshots by duration](./queries/MicrosoftDataShareReceivedSnapshotLog.md#list-received-snapshots-by-duration) +- [Count failed received snapshots](./queries/MicrosoftDataShareReceivedSnapshotLog.md#count-failed-received-snapshots) +- [Frequent errors in received snapshots](./queries/MicrosoftDataShareReceivedSnapshotLog.md#frequent-errors-in-received-snapshots) +- [Chart of daily received snapshots](./queries/MicrosoftDataShareReceivedSnapshotLog.md#chart-of-daily-received-snapshots) + +## [MicrosoftDataShareSentSnapshotLog](./queries/MicrosoftDataShareSentSnapshotLog.md) + +- [List sent snapshots by duration](./queries/MicrosoftDataShareSentSnapshotLog.md#list-sent-snapshots-by-duration) +- [Count failed sent snapshots](./queries/MicrosoftDataShareSentSnapshotLog.md#count-failed-sent-snapshots) +- [Frequent errors in sent snapshots](./queries/MicrosoftDataShareSentSnapshotLog.md#frequent-errors-in-sent-snapshots) +- [Chart of daily sent snapshots](./queries/MicrosoftDataShareSentSnapshotLog.md#chart-of-daily-sent-snapshots) + +## [MicrosoftGraphActivityLogs](./queries/MicrosoftGraphActivityLogs.md) + +- [Frequent users endpoint callers](./queries/MicrosoftGraphActivityLogs.md#frequent-users-endpoint-callers) +- [Failed groups endpoint requests](./queries/MicrosoftGraphActivityLogs.md#failed-groups-endpoint-requests) + +## [MicrosoftPurviewInformationProtection](./queries/MicrosoftPurviewInformationProtection.md) + +- [Microsoft Purview Information Protection events](./queries/MicrosoftPurviewInformationProtection.md#microsoft-purview-information-protection-events) + +## [NGXOperationLogs](./queries/NGXOperationLogs.md) + +- [Show NGINXaaS access logs](./queries/NGXOperationLogs.md#show-nginxaas-access-logs) +- [Show NGINXaaS error logs](./queries/NGXOperationLogs.md#show-nginxaas-error-logs) + +## [NGXSecurityLogs](./queries/NGXSecurityLogs.md) + +- [Show NGINXaaS security logs](./queries/NGXSecurityLogs.md#show-nginxaas-security-logs) + +## [NWConnectionMonitorPathResult](./queries/NWConnectionMonitorPathResult.md) + +- [Path diagnostics](./queries/NWConnectionMonitorPathResult.md#path-diagnostics) + +## [NWConnectionMonitorTestResult](./queries/NWConnectionMonitorTestResult.md) + +- [Failed tests](./queries/NWConnectionMonitorTestResult.md#failed-tests) +- [Tests performance](./queries/NWConnectionMonitorTestResult.md#tests-performance) + +## [NetworkSessions](./queries/NetworkSessions.md) + +- [Get traffic to non standard ports](./queries/NetworkSessions.md#get-traffic-to-non-standard-ports) +- [High volume traffic to uncommon domains](./queries/NetworkSessions.md#high-volume-traffic-to-uncommon-domains) + +## [OEPAirFlowTask](./queries/OEPAirFlowTask.md) + +- [DAG type vs DAG runs summary statitics](./queries/OEPAirFlowTask.md#dag-type-vs-dag-runs-summary-statitics) +- [Correlation IDs of all DAG runs](./queries/OEPAirFlowTask.md#correlation-ids-of-all-dag-runs) +- [Logs of a DAG run](./queries/OEPAirFlowTask.md#logs-of-a-dag-run) +- [Error logs of a DAG run](./queries/OEPAirFlowTask.md#error-logs-of-a-dag-run) + +## [OLPSupplyChainEntityOperations](./queries/OLPSupplyChainEntityOperations.md) + +- [Count of successful warehouse delete requests](./queries/OLPSupplyChainEntityOperations.md#count-of-successful-warehouse-delete-requests) + +## [OfficeActivity](./queries/OfficeActivity.md) + +- [All Office Activity](./queries/OfficeActivity.md#all-office-activity) +- [Users accessing files](./queries/OfficeActivity.md#users-accessing-files) +- [File upload operation](./queries/OfficeActivity.md#file-upload-operation) +- [Office activity for user](./queries/OfficeActivity.md#office-activity-for-user) +- [Creation of Forward rule](./queries/OfficeActivity.md#creation-of-forward-rule) +- [Suspicious file name](./queries/OfficeActivity.md#suspicious-file-name) + +## [Perf](./queries/Perf.md) + +- [Non-RDMA activity](./queries/Perf.md#non-rdma-activity) +- [RDMA activity](./queries/Perf.md#rdma-activity) +- [What data is being collected?](./queries/Perf.md#what-data-is-being-collected) +- [Memory and CPU usage](./queries/Perf.md#memory-and-cpu-usage) +- [CPU usage trends over the last day](./queries/Perf.md#cpu-usage-trends-over-the-last-day) +- [Top 10 computers with the highest disk space](./queries/Perf.md#top-10-computers-with-the-highest-disk-space) +- [What data is being collected?](./queries/Perf.md#what-data-is-being-collected) +- [Virtual Machine available memory](./queries/Perf.md#virtual-machine-available-memory) +- [Chart CPU usage trends](./queries/Perf.md#chart-cpu-usage-trends) +- [Virtual Machine free disk space](./queries/Perf.md#virtual-machine-free-disk-space) +- [Top 10 Virtual Machines by CPU utilization](./queries/Perf.md#top-10-virtual-machines-by-cpu-utilization) +- [Bottom 10 Free disk space %](./queries/Perf.md#bottom-10-free-disk-space-) +- [Container CPU](./queries/Perf.md#container-cpu) +- [Container memory](./queries/Perf.md#container-memory) +- [Instances Avg CPU usage growth from last week](./queries/Perf.md#instances-avg-cpu-usage-growth-from-last-week) +- [Find In Perf](./queries/Perf.md#find-in-perf) + +## [PowerAppsActivity](./queries/PowerAppsActivity.md) + +- [Power Apps events filtered activity type](./queries/PowerAppsActivity.md#power-apps-events-filtered-activity-type) + +## [PowerAutomateActivity](./queries/PowerAutomateActivity.md) + +- [Power Automate events filtered by activity type](./queries/PowerAutomateActivity.md#power-automate-events-filtered-by-activity-type) + +## [PowerBIActivity](./queries/PowerBIActivity.md) + +- [PowerBI events filtered by organization ID](./queries/PowerBIActivity.md#powerbi-events-filtered-by-organization-id) + +## [PowerPlatformAdminActivity](./queries/PowerPlatformAdminActivity.md) + +- [Power Platform administration events](./queries/PowerPlatformAdminActivity.md#power-platform-administration-events) + +## [PowerPlatformConnectorActivity](./queries/PowerPlatformConnectorActivity.md) + +- [Power Platform Connector events filtered by by activity type](./queries/PowerPlatformConnectorActivity.md#power-platform-connector-events-filtered-by-by-activity-type) + +## [PowerPlatformDlpActivity](./queries/PowerPlatformDlpActivity.md) + +- [Power Platform DLP events filtered by by activity type](./queries/PowerPlatformDlpActivity.md#power-platform-dlp-events-filtered-by-by-activity-type) + +## [ProjectActivity](./queries/ProjectActivity.md) + +- [MS Project events filtered by organization ID](./queries/ProjectActivity.md#ms-project-events-filtered-by-organization-id) + +## [ProtectionStatus](./queries/ProtectionStatus.md) + +- [Signatures out of date](./queries/ProtectionStatus.md#signatures-out-of-date) +- [Protection Status updates](./queries/ProtectionStatus.md#protection-status-updates) +- [Malware detection](./queries/ProtectionStatus.md#malware-detection) + +## [PurviewSecurityLogs](./queries/PurviewSecurityLogs.md) + +- [Audit collection delete events](./queries/PurviewSecurityLogs.md#audit-collection-delete-events) + +## [REDConnectionEvents](./queries/REDConnectionEvents.md) + +- [Unique authenticated Redis client IP addresses](./queries/REDConnectionEvents.md#unique-authenticated-redis-client-ip-addresses) +- [Redis client authentication requests per hour](./queries/REDConnectionEvents.md#redis-client-authentication-requests-per-hour) +- [Redis client connections per hour](./queries/REDConnectionEvents.md#redis-client-connections-per-hour) +- [Redis client disconnections per hour](./queries/REDConnectionEvents.md#redis-client-disconnections-per-hour) +- [Unsuccessful authentication attempts on Redis cache](./queries/REDConnectionEvents.md#unsuccessful-authentication-attempts-on-redis-cache) + +## [ResourceManagementPublicAccessLogs](./queries/ResourceManagementPublicAccessLogs.md) + +- [Group number of requests based on the IP address](./queries/ResourceManagementPublicAccessLogs.md#group-number-of-requests-based-on-the-ip-address) +- [Number of opertions triggered](./queries/ResourceManagementPublicAccessLogs.md#number-of-opertions-triggered) +- [Calls based on the target URI](./queries/ResourceManagementPublicAccessLogs.md#calls-based-on-the-target-uri) +- [Calls based on operation name](./queries/ResourceManagementPublicAccessLogs.md#calls-based-on-operation-name) +- [Calls based on user](./queries/ResourceManagementPublicAccessLogs.md#calls-based-on-user) + +## [SQLAssessmentRecommendation](./queries/SQLAssessmentRecommendation.md) + +- [SQL Recommendations by Focus Area](./queries/SQLAssessmentRecommendation.md#sql-recommendations-by-focus-area) +- [SQL Recommendations by Computer](./queries/SQLAssessmentRecommendation.md#sql-recommendations-by-computer) +- [SQL Recommendations by Instance](./queries/SQLAssessmentRecommendation.md#sql-recommendations-by-instance) +- [SQL Recommendations by Database](./queries/SQLAssessmentRecommendation.md#sql-recommendations-by-database) +- [SQL Recommendations by AffectedObjectType](./queries/SQLAssessmentRecommendation.md#sql-recommendations-by-affectedobjecttype) +- [How many times did each unique SQL Recommendation trigger?](./queries/SQLAssessmentRecommendation.md#how-many-times-did-each-unique-sql-recommendation-trigger) +- [High priority SQL Assessment recommendations](./queries/SQLAssessmentRecommendation.md#high-priority-sql-assessment-recommendations) + +## [SecurityAttackPathData](./queries/SecurityAttackPathData.md) + +- [All attack paths by specific risk level](./queries/SecurityAttackPathData.md#all-attack-paths-by-specific-risk-level) + +## [SecurityEvent](./queries/SecurityEvent.md) + +- [Security Events most common event IDs](./queries/SecurityEvent.md#security-events-most-common-event-ids) +- [Members added to security groups](./queries/SecurityEvent.md#members-added-to-security-groups) +- [Uses of clear text password](./queries/SecurityEvent.md#uses-of-clear-text-password) +- [Windows failed logins](./queries/SecurityEvent.md#windows-failed-logins) +- [All Security Activities](./queries/SecurityEvent.md#all-security-activities) +- [Security Activities on the Device](./queries/SecurityEvent.md#security-activities-on-the-device) +- [Security Activities for Admin](./queries/SecurityEvent.md#security-activities-for-admin) +- [Logon Activity by Device](./queries/SecurityEvent.md#logon-activity-by-device) +- [Devices With More Than 10 Logons](./queries/SecurityEvent.md#devices-with-more-than-10-logons) +- [Accounts Terminated Antimalware](./queries/SecurityEvent.md#accounts-terminated-antimalware) +- [Devices with Antimalware Terminated](./queries/SecurityEvent.md#devices-with-antimalware-terminated) +- [Devices Where Hash Was Executed](./queries/SecurityEvent.md#devices-where-hash-was-executed) +- [Process Names Executed](./queries/SecurityEvent.md#process-names-executed) +- [Devices With Security Log Cleared](./queries/SecurityEvent.md#devices-with-security-log-cleared) +- [Logon Activity by Account](./queries/SecurityEvent.md#logon-activity-by-account) +- [Accounts With Less Than 5 Times Logons](./queries/SecurityEvent.md#accounts-with-less-than-5-times-logons) +- [Remoted Logged Accounts on Devices](./queries/SecurityEvent.md#remoted-logged-accounts-on-devices) +- [Computers With Guest Account Logons](./queries/SecurityEvent.md#computers-with-guest-account-logons) +- [Members Added to Security Enabled Groups](./queries/SecurityEvent.md#members-added-to-security-enabled-groups) +- [Domain Security Policy Changes](./queries/SecurityEvent.md#domain-security-policy-changes) +- [System Audit Policy Changes](./queries/SecurityEvent.md#system-audit-policy-changes) +- [Suspicious Executables](./queries/SecurityEvent.md#suspicious-executables) +- [Logons With Clear Text Password](./queries/SecurityEvent.md#logons-with-clear-text-password) +- [Computers With Cleaned Event Logs](./queries/SecurityEvent.md#computers-with-cleaned-event-logs) +- [Accounts Failed to Logon](./queries/SecurityEvent.md#accounts-failed-to-logon) +- [Locked Accounts](./queries/SecurityEvent.md#locked-accounts) +- [Change or Reset Passwords Attempts](./queries/SecurityEvent.md#change-or-reset-passwords-attempts) +- [Groups Created or Modified](./queries/SecurityEvent.md#groups-created-or-modified) +- [Remote Procedure Call Attempts](./queries/SecurityEvent.md#remote-procedure-call-attempts) +- [User Accounts Changed](./queries/SecurityEvent.md#user-accounts-changed) + +## [SentinelAudit](./queries/SentinelAudit.md) + +- [Failures updating Office365-Sharepoint related Sentinel resources](./queries/SentinelAudit.md#failures-updating-office365-sharepoint-related-sentinel-resources) + +## [SignalRServiceDiagnosticLogs](./queries/SignalRServiceDiagnosticLogs.md) + +- [Client connection IDs](./queries/SignalRServiceDiagnosticLogs.md#client-connection-ids) +- [Connection close reasons](./queries/SignalRServiceDiagnosticLogs.md#connection-close-reasons) +- [IP addresses](./queries/SignalRServiceDiagnosticLogs.md#ip-addresses) +- [Logs relating to specific connection ID](./queries/SignalRServiceDiagnosticLogs.md#logs-relating-to-specific-connection-id) +- [Logs relating to specific message tracing ID](./queries/SignalRServiceDiagnosticLogs.md#logs-relating-to-specific-message-tracing-id) +- [Logs relating to specific user ID](./queries/SignalRServiceDiagnosticLogs.md#logs-relating-to-specific-user-id) +- [Logs with warning or exceptions](./queries/SignalRServiceDiagnosticLogs.md#logs-with-warning-or-exceptions) +- [Server connection IDs](./queries/SignalRServiceDiagnosticLogs.md#server-connection-ids) +- [Time chart of operation names](./queries/SignalRServiceDiagnosticLogs.md#time-chart-of-operation-names) +- [Transport types](./queries/SignalRServiceDiagnosticLogs.md#transport-types) +- [User IDs](./queries/SignalRServiceDiagnosticLogs.md#user-ids) + +## [SigninLogs](./queries/SigninLogs.md) + +- [All SiginLogs events](./queries/SigninLogs.md#all-siginlogs-events) +- [Resources accessed by user](./queries/SigninLogs.md#resources-accessed-by-user) +- [User count per Resource](./queries/SigninLogs.md#user-count-per-resource) +- [User count per Application](./queries/SigninLogs.md#user-count-per-application) +- [Failed Signin reasons](./queries/SigninLogs.md#failed-signin-reasons) +- [Failed MFA challenge](./queries/SigninLogs.md#failed-mfa-challenge) +- [Failed App tried silent signin](./queries/SigninLogs.md#failed-app-tried-silent-signin) +- [Failed login Count](./queries/SigninLogs.md#failed-login-count) +- [Signin Locations](./queries/SigninLogs.md#signin-locations) +- [Logins To Resource](./queries/SigninLogs.md#logins-to-resource) + +## [StorageBlobLogs](./queries/StorageBlobLogs.md) + +- [Most common errors](./queries/StorageBlobLogs.md#most-common-errors) +- [Operations causing most errors](./queries/StorageBlobLogs.md#operations-causing-most-errors) +- [Operations with the highest latency](./queries/StorageBlobLogs.md#operations-with-the-highest-latency) +- [Operations causing server side throttling](./queries/StorageBlobLogs.md#operations-causing-server-side-throttling) +- [Show anonymous requests](./queries/StorageBlobLogs.md#show-anonymous-requests) +- [Frequent operations chart](./queries/StorageBlobLogs.md#frequent-operations-chart) + +## [StorageCacheOperationEvents](./queries/StorageCacheOperationEvents.md) + +- [Failed operation](./queries/StorageCacheOperationEvents.md#failed-operation) +- [Failed priming job](./queries/StorageCacheOperationEvents.md#failed-priming-job) +- [Completed long-running asynchronous operations](./queries/StorageCacheOperationEvents.md#completed-long-running-asynchronous-operations) + +## [StorageCacheUpgradeEvents](./queries/StorageCacheUpgradeEvents.md) + +- [Upgrade events](./queries/StorageCacheUpgradeEvents.md#upgrade-events) + +## [StorageCacheWarningEvents](./queries/StorageCacheWarningEvents.md) + +- [Active warning events](./queries/StorageCacheWarningEvents.md#active-warning-events) + +## [StorageMalwareScanningResults](./queries/StorageMalwareScanningResults.md) + +- [Malicious blobs per storage account](./queries/StorageMalwareScanningResults.md#malicious-blobs-per-storage-account) +- [Unsuccessful Scans](./queries/StorageMalwareScanningResults.md#unsuccessful-scans) + +## [SucceededIngestion](./queries/SucceededIngestion.md) + +- [Succeeded ingestions](./queries/SucceededIngestion.md#succeeded-ingestions) +- [Succeeded ingestions timechart](./queries/SucceededIngestion.md#succeeded-ingestions-timechart) + +## [SynapseLinkEvent](./queries/SynapseLinkEvent.md) + +- [Synapse Link table fail events](./queries/SynapseLinkEvent.md#synapse-link-table-fail-events) + +## [Syslog](./queries/Syslog.md) + +- [Find Linux kernel events](./queries/Syslog.md#find-linux-kernel-events) +- [All Syslog](./queries/Syslog.md#all-syslog) +- [All Syslog with errors](./queries/Syslog.md#all-syslog-with-errors) +- [All Syslog by facility](./queries/Syslog.md#all-syslog-by-facility) +- [All Syslog by process name](./queries/Syslog.md#all-syslog-by-process-name) +- [Users Added to Linux Group by Computer](./queries/Syslog.md#users-added-to-linux-group-by-computer) +- [New Linux Group Created by Computer](./queries/Syslog.md#new-linux-group-created-by-computer) +- [Failed Linux User Password Change](./queries/Syslog.md#failed-linux-user-password-change) +- [Computers With Failed Ssh Logons](./queries/Syslog.md#computers-with-failed-ssh-logons) +- [Computers With Failed Su Logons](./queries/Syslog.md#computers-with-failed-su-logons) +- [Computers With Failed Sudo Logons](./queries/Syslog.md#computers-with-failed-sudo-logons) + +## [TSIIngress](./queries/TSIIngress.md) + +- [Show event source connection errors](./queries/TSIIngress.md#show-event-source-connection-errors) +- [10 latest Ingress logs](./queries/TSIIngress.md#10-latest-ingress-logs) +- [Show deserialization errors](./queries/TSIIngress.md#show-deserialization-errors) + +## [UCDOAggregatedStatus](./queries/UCDOAggregatedStatus.md) + +- [Content distribution in Gigabytes](./queries/UCDOAggregatedStatus.md#content-distribution-in-gigabytes) + +## [UCDOStatus](./queries/UCDOStatus.md) + +- [Device configuration](./queries/UCDOStatus.md#device-configuration) + +## [Update](./queries/Update.md) + +- [Missing security or critical updates](./queries/Update.md#missing-security-or-critical-updates) +- [Updates available for Windows machines](./queries/Update.md#updates-available-for-windows-machines) +- [Updates available for Linux machines](./queries/Update.md#updates-available-for-linux-machines) +- [Missing updates summary](./queries/Update.md#missing-updates-summary) +- [Missing updates list](./queries/Update.md#missing-updates-list) +- [Computer with missing updates](./queries/Update.md#computer-with-missing-updates) +- [Missing required updates for server](./queries/Update.md#missing-required-updates-for-server) +- [Missing critical security updates](./queries/Update.md#missing-critical-security-updates) +- [Missing security or critical where update is manual](./queries/Update.md#missing-security-or-critical-where-update-is-manual) +- [Missing update rollups](./queries/Update.md#missing-update-rollups) +- [Distinct missing updates cross computers](./queries/Update.md#distinct-missing-updates-cross-computers) + +## [UpdateRunProgress](./queries/UpdateRunProgress.md) + +- [Patch installation failure for your machines](./queries/UpdateRunProgress.md#patch-installation-failure-for-your-machines) + +## [UpdateSummary](./queries/UpdateSummary.md) + +- [Summary of updates available across machines](./queries/UpdateSummary.md#summary-of-updates-available-across-machines) +- [Missing update specific product](./queries/UpdateSummary.md#missing-update-specific-product) +- [Automatic update configuration](./queries/UpdateSummary.md#automatic-update-configuration) +- [Automatic update configuration is disabled](./queries/UpdateSummary.md#automatic-update-configuration-is-disabled) + +## [UrlClickEvents](./queries/UrlClickEvents.md) + +- [Links where a user was allowed to proceed](./queries/UrlClickEvents.md#links-where-a-user-was-allowed-to-proceed) + +## [Usage](./queries/Usage.md) + +- [Usage by data types](./queries/Usage.md#usage-by-data-types) +- [Billable performance data](./queries/Usage.md#billable-performance-data) +- [Volume of solutions' data](./queries/Usage.md#volume-of-solutions-data) +- [Total workspace ingestion over the last 24 hours](./queries/Usage.md#total-workspace-ingestion-over-the-last-24-hours) +- [Container Insight solution billable data](./queries/Usage.md#container-insight-solution-billable-data) + +## [VCoreMongoRequests](./queries/VCoreMongoRequests.md) + +- [Mongo vCore requests P99 duration by operation](./queries/VCoreMongoRequests.md#mongo-vcore-requests-p99-duration-by-operation) +- [Mongo vCore requests binned by duration](./queries/VCoreMongoRequests.md#mongo-vcore-requests-binned-by-duration) +- [Failed Mongo vCore requests](./queries/VCoreMongoRequests.md#failed-mongo-vcore-requests) +- [Mongo vCore requests by user agent](./queries/VCoreMongoRequests.md#mongo-vcore-requests-by-user-agent) + +## [VIAudit](./queries/VIAudit.md) + +- [Video Indexer Audit by account id](./queries/VIAudit.md#video-indexer-audit-by-account-id) +- [Video Indexer Audit top 10 users by operations](./queries/VIAudit.md#video-indexer-audit-top-10-users-by-operations) +- [Video Indexer Audit parsed error message](./queries/VIAudit.md#video-indexer-audit-parsed-error-message) +- [Video Indexer Audit failed operations](./queries/VIAudit.md#video-indexer-audit-failed-operations) + +## [VIIndexing](./queries/VIIndexing.md) + +- [Failed Indexing operations](./queries/VIIndexing.md#failed-indexing-operations) +- [Top 10 users](./queries/VIIndexing.md#top-10-users) + +## [W3CIISLog](./queries/W3CIISLog.md) + +- [List IIS log entries](./queries/W3CIISLog.md#list-iis-log-entries) +- [Display breakdown respond codes](./queries/W3CIISLog.md#display-breakdown-respond-codes) +- [Maximum time taken for each page](./queries/W3CIISLog.md#maximum-time-taken-for-each-page) +- [Show 404 pages list](./queries/W3CIISLog.md#show-404-pages-list) +- [Average HTTP request time](./queries/W3CIISLog.md#average-http-request-time) +- [Servers with internal server error](./queries/W3CIISLog.md#servers-with-internal-server-error) +- [Count IIS log entries by HTTP request method](./queries/W3CIISLog.md#count-iis-log-entries-by-http-request-method) +- [Count IIS log entries by HTTP user agent](./queries/W3CIISLog.md#count-iis-log-entries-by-http-user-agent) +- [Count IIS log entries by client IP address](./queries/W3CIISLog.md#count-iis-log-entries-by-client-ip-address) +- [IIS log entries for client IP](./queries/W3CIISLog.md#iis-log-entries-for-client-ip) +- [Count of IIS log entries by URL](./queries/W3CIISLog.md#count-of-iis-log-entries-by-url) +- [Count of IIS log entries by host](./queries/W3CIISLog.md#count-of-iis-log-entries-by-host) +- [Total bytes traffic by client IP](./queries/W3CIISLog.md#total-bytes-traffic-by-client-ip) +- [Bytes received by each IIS computer](./queries/W3CIISLog.md#bytes-received-by-each-iis-computer) +- [Bytes responded to clients by each IIS server IP](./queries/W3CIISLog.md#bytes-responded-to-clients-by-each-iis-server-ip) +- [Average HTTP request time by client IP](./queries/W3CIISLog.md#average-http-request-time-by-client-ip) + +## [WVDAgentHealthStatus](./queries/WVDAgentHealthStatus.md) + +- [Active sessions on SessionHost](./queries/WVDAgentHealthStatus.md#active-sessions-on-sessionhost) +- [HealthChecks of SessionHost](./queries/WVDAgentHealthStatus.md#healthchecks-of-sessionhost) + +## [WVDCheckpoints](./queries/WVDCheckpoints.md) + +- [Published remote resources by count of users](./queries/WVDCheckpoints.md#published-remote-resources-by-count-of-users) + +## [WVDConnectionNetworkData](./queries/WVDConnectionNetworkData.md) + +- [Average round-trip time over time](./queries/WVDConnectionNetworkData.md#average-round-trip-time-over-time) +- [Average BW across all connections](./queries/WVDConnectionNetworkData.md#average-bw-across-all-connections) +- [Top 10 users with the highest round-trip time](./queries/WVDConnectionNetworkData.md#top-10-users-with-the-highest-round-trip-time) +- [Top 10 users with lowest bandwidth](./queries/WVDConnectionNetworkData.md#top-10-users-with-lowest-bandwidth) +- [Summary of Round-trip time and bandwidth](./queries/WVDConnectionNetworkData.md#summary-of-round-trip-time-and-bandwidth) + +## [WVDConnections](./queries/WVDConnections.md) + +- [Connection Errors](./queries/WVDConnections.md#connection-errors) +- [Session duration](./queries/WVDConnections.md#session-duration) +- [Top 10 users by average connection duration](./queries/WVDConnections.md#top-10-users-by-average-connection-duration) +- [Top 10 most active users](./queries/WVDConnections.md#top-10-most-active-users) +- [Average connection duration by hostpool](./queries/WVDConnections.md#average-connection-duration-by-hostpool) +- [Client-side operating system information by user count](./queries/WVDConnections.md#client-side-operating-system-information-by-user-count) +- [Azure Virtual Desktop client usage information](./queries/WVDConnections.md#azure-virtual-desktop-client-usage-information) +- [Average session logon time](./queries/WVDConnections.md#average-session-logon-time) + +## [WVDErrors](./queries/WVDErrors.md) + +- [Top 10 connection errors](./queries/WVDErrors.md#top-10-connection-errors) +- [Top 10 feed errors](./queries/WVDErrors.md#top-10-feed-errors) + +## [WaaSDeploymentStatus](./queries/WaaSDeploymentStatus.md) + +- [Update deployment failures](./queries/WaaSDeploymentStatus.md#update-deployment-failures) +- [Devices pending reboot to complete update](./queries/WaaSDeploymentStatus.md#devices-pending-reboot-to-complete-update) +- [Devices with a Safeguard Hold](./queries/WaaSDeploymentStatus.md#devices-with-a-safeguard-hold) +- [Target build distribution of devices with a safeguard hold](./queries/WaaSDeploymentStatus.md#target-build-distribution-of-devices-with-a-safeguard-hold) + +## [WaaSUpdateStatus](./queries/WaaSUpdateStatus.md) + +- [Distribution of device Servicing Branch](./queries/WaaSUpdateStatus.md#distribution-of-device-servicing-branch) +- [Distribution of device OS Edition](./queries/WaaSUpdateStatus.md#distribution-of-device-os-edition) +- [Feature Update Deferral Configurations](./queries/WaaSUpdateStatus.md#feature-update-deferral-configurations) +- [Feature Update Pause Configurations](./queries/WaaSUpdateStatus.md#feature-update-pause-configurations) +- [Quality Update Deferral Configurations](./queries/WaaSUpdateStatus.md#quality-update-deferral-configurations) +- [Quality Update Pause Configurations](./queries/WaaSUpdateStatus.md#quality-update-pause-configurations) + +## [Watchlist](./queries/Watchlist.md) + +- [Get Watchlist aliases](./queries/Watchlist.md#get-watchlist-aliases) +- [Lookup events using a Watchlist](./queries/Watchlist.md#lookup-events-using-a-watchlist) + +## [WindowsEvent](./queries/WindowsEvent.md) + +- [WindowsEvent Audit Policy Events](./queries/WindowsEvent.md#windowsevent-audit-policy-events) + +## [WireData](./queries/WireData.md) + +- [Agents that provide wire data](./queries/WireData.md#agents-that-provide-wire-data) +- [IP Addresses of the agents providing wire data](./queries/WireData.md#ip-addresses-of-the-agents-providing-wire-data) +- [All Outbound communications by Remote IP Address](./queries/WireData.md#all-outbound-communications-by-remote-ip-address) +- [Bytes sent by Application Protocol](./queries/WireData.md#bytes-sent-by-application-protocol) +- [Bytes received by Protocol Name](./queries/WireData.md#bytes-received-by-protocol-name) +- [Total bytes by IP version](./queries/WireData.md#total-bytes-by-ip-version) +- [Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction)](./queries/WireData.md#remote-ip-addresses-that-have-communicated-with-agents-on-the-subnet-100008-any-direction) +- [Processes that initiated or received network traffic](./queries/WireData.md#processes-that-initiated-or-received-network-traffic) +- [Amount of Network Traffic by Process](./queries/WireData.md#amount-of-network-traffic-by-process) + +## [WorkloadDiagnosticLogs](./queries/WorkloadDiagnosticLogs.md) + +- [Workload Monitoring Insights data collection warnings or errors](./queries/WorkloadDiagnosticLogs.md#workload-monitoring-insights-data-collection-warnings-or-errors) + +## Next steps + +- [Analyze logs from Azure storage with Log Analytics](/azure/azure-monitor/essentials/resource-logs#send-to-log-analytics-workspace) +- [Learn more about resource logs](/azure/azure-monitor/essentials/platform-logs-overview) +- [Change resource log diagnostic settings using the Azure Monitor REST API](/rest/api/monitor/diagnosticsettings) diff --git a/articles/azure-monitor/reference/queries/aacaudit.md b/articles/azure-monitor/reference/queries/aacaudit.md new file mode 100644 index 0000000000..d98ae3b9f3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aacaudit.md @@ -0,0 +1,49 @@ +--- +title: Example log table queries for AACAudit +description: Example queries for AACAudit log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AACAudit table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most recent delete key-value operations + + +List the most recent deleting key-value operations in App Config data plane. + +```query +// This query helps retrieve the most recent 10 audit logs for deleting key-value operations in App Configuration data plane. +AACAudit +| where EventCategory == "ApplicationManagement" and OperationName == "delete-keyvalue" +| where TimeGenerated > ago(1h) +| sort by TimeGenerated desc +| limit 10 + +``` + + + +### Most recent client error + + +Lists the most recent failures because of client error. + +```query +// This query helps list the most recent 10 audit logs for failures because of client error. +AACAudit +| where ResultType == "ClientError" and TimeGenerated > ago(1h) +| sort by TimeGenerated desc +| limit 10 + +``` + diff --git a/articles/azure-monitor/reference/queries/aachttprequest.md b/articles/azure-monitor/reference/queries/aachttprequest.md new file mode 100644 index 0000000000..395f396ac2 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aachttprequest.md @@ -0,0 +1,65 @@ +--- +title: Example log table queries for AACHttpRequest +description: Example queries for AACHttpRequest log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AACHttpRequest table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Throttled Requests + + +Lists of throttled requests to the App Config Service. + +```query +// This query helps retrieve logs for throttled requests during past one hour. +AACHttpRequest +| where StatusCode == 429 and TimeGenerated > ago(1h) +| sort by TimeGenerated desc + +``` + + + +### Most common server errors + + +Lists the most common error Status Code and a corresponding count. + +```query +// This query helps retrieve logs for failed requests during past one hour by status code. +AACHttpRequest +| where StatusCode >= 500 and TimeGenerated > ago(1h) +| summarize ErrorCount=count() by StatusCode +| project StatusCode, ErrorCount +| sort by ErrorCount desc + +``` + + + +### Most Active Clients by IP Address + + +Lists the most common IP Addresses to communicate with the App Config Service. + +```query +// This query helps count requests by top 10 most active client IP addresses. +AACHttpRequest +| summarize Count=count() by ClientIPAddress +| project ClientIPAddress, Count +| sort by Count desc +| limit 10 + +``` + diff --git a/articles/azure-monitor/reference/queries/aadcustomsecurityattributeauditlogs.md b/articles/azure-monitor/reference/queries/aadcustomsecurityattributeauditlogs.md new file mode 100644 index 0000000000..742f73b05e --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadcustomsecurityattributeauditlogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AADCustomSecurityAttributeAuditLogs +description: Example queries for AADCustomSecurityAttributeAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADCustomSecurityAttributeAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### User's custom security attribute audits + + +Returns custom security attribute audit logs for a specific user. + +```query +AADCustomSecurityAttributeAuditLogs +| extend targetUPN = parse_json(TargetResources)[0].userPrincipalName +| where targetUPN == 'CSALogTester@tenant.com' +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/aaddomainservicesaccountlogon.md b/articles/azure-monitor/reference/queries/aaddomainservicesaccountlogon.md new file mode 100644 index 0000000000..b58c2a918b --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaddomainservicesaccountlogon.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AADDomainServicesAccountLogon +description: Example queries for AADDomainServicesAccountLogon log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADDomainServicesAccountLogon table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show logs from AADDomainServicesAccountLogon table + + +Lists the latest logs in AADDomainServicesAccountLogon table, sorted by time (latest first). + +```query +AADDomainServicesAccountLogon +| top 10 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/aaddomainservicesaccountmanagement.md b/articles/azure-monitor/reference/queries/aaddomainservicesaccountmanagement.md new file mode 100644 index 0000000000..77d6d4e39e --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaddomainservicesaccountmanagement.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AADDomainServicesAccountManagement +description: Example queries for AADDomainServicesAccountManagement log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADDomainServicesAccountManagement table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show logs from AADDomainServicesAccountManagement table + + +Lists the latest logs in AADDomainServicesAccountManagement table, sorted by time (latest first). + +```query +AADDomainServicesAccountManagement +| top 10 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/aaddomainservicesdirectoryserviceaccess.md b/articles/azure-monitor/reference/queries/aaddomainservicesdirectoryserviceaccess.md new file mode 100644 index 0000000000..80df2bc3ad --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaddomainservicesdirectoryserviceaccess.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AADDomainServicesDirectoryServiceAccess +description: Example queries for AADDomainServicesDirectoryServiceAccess log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADDomainServicesDirectoryServiceAccess table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show logs from AADDomainServicesDirectoryServiceAccess table + + +Lists the latest logs in AADDomainServicesDirectoryServiceAccess table, sorted by time (latest first). + +```query +AADDomainServicesDirectoryServiceAccess +| top 10 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/aaddomainserviceslogonlogoff.md b/articles/azure-monitor/reference/queries/aaddomainserviceslogonlogoff.md new file mode 100644 index 0000000000..1cc43f6a66 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaddomainserviceslogonlogoff.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AADDomainServicesLogonLogoff +description: Example queries for AADDomainServicesLogonLogoff log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADDomainServicesLogonLogoff table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show logs from AADDomainServicesLogonLogoff table + + +Lists the latest logs in AADDomainServicesLogonLogoff table, sorted by time (latest first). + +```query +AADDomainServicesLogonLogoff +| top 10 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/aaddomainservicespolicychange.md b/articles/azure-monitor/reference/queries/aaddomainservicespolicychange.md new file mode 100644 index 0000000000..4ba44f1c42 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaddomainservicespolicychange.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AADDomainServicesPolicyChange +description: Example queries for AADDomainServicesPolicyChange log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADDomainServicesPolicyChange table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show logs from AADDomainServicesPolicyChange table + + +Lists the latest logs in AADDomainServicesPolicyChange table, sorted by time (latest first). + +```query +AADDomainServicesPolicyChange +| top 10 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/aaddomainservicesprivilegeuse.md b/articles/azure-monitor/reference/queries/aaddomainservicesprivilegeuse.md new file mode 100644 index 0000000000..9542940621 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaddomainservicesprivilegeuse.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AADDomainServicesPrivilegeUse +description: Example queries for AADDomainServicesPrivilegeUse log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADDomainServicesPrivilegeUse table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show logs from AADDomainServicesPrivilegeUse table + + +Lists the latest logs in AADDomainServicesPrivilegeUse table, sorted by time (latest first). + +```query +AADDomainServicesPrivilegeUse +| top 10 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/aadmanagedidentitysigninlogs.md b/articles/azure-monitor/reference/queries/aadmanagedidentitysigninlogs.md new file mode 100644 index 0000000000..1116ed0a52 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadmanagedidentitysigninlogs.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AADManagedIdentitySignInLogs +description: Example queries for AADManagedIdentitySignInLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADManagedIdentitySignInLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most active managed identities + + +Gets list of top 100 most active managed identities for the last day. + +```query +AADManagedIdentitySignInLogs +| where TimeGenerated > ago(1d) +| summarize CountPerManagedIdentity = count() by ServicePrincipalId +| order by CountPerManagedIdentity desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/aadnoninteractiveusersigninlogs.md b/articles/azure-monitor/reference/queries/aadnoninteractiveusersigninlogs.md new file mode 100644 index 0000000000..044902a34f --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadnoninteractiveusersigninlogs.md @@ -0,0 +1,47 @@ +--- +title: Example log table queries for AADNonInteractiveUserSignInLogs +description: Example queries for AADNonInteractiveUserSignInLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADNonInteractiveUserSignInLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Users with multiple cities + + +Get list of users that signed in from multiple cities for the last day. + +```query +AADNonInteractiveUserSignInLogs +| where TimeGenerated > ago(1d) +| extend City = parse_json(LocationDetails).city +| summarize CountPerCity = dcount(tostring(City)) by UserId +| where CountPerCity > 1 +| order by CountPerCity desc +``` + + + +### Most active ip addresses + + +Get list of top 100 most active IP addresses for the last day. + +```query +AADNonInteractiveUserSignInLogs +| where TimeGenerated > ago(1d) +| summarize CountPerIPAddress = count() by IPAddress +| order by CountPerIPAddress desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/aadprovisioninglogs.md b/articles/azure-monitor/reference/queries/aadprovisioninglogs.md new file mode 100644 index 0000000000..d61a458003 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadprovisioninglogs.md @@ -0,0 +1,65 @@ +--- +title: Example log table queries for AADProvisioningLogs +description: Example queries for AADProvisioningLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADProvisioningLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Provisioning actions for the last week + + +Shows the number of users and groups created, updated, disabled, and deleted in the past 7 days. + +```query +AADProvisioningLogs +| where TimeGenerated > ago(7d) +| where ResultType == "Success" +| parse SourceIdentity with * "\"identityType\":\"" Type "\"" * +| extend Type = tolower(Type) +| summarize count() by Type, Action +| order by Type, Action +``` + + + +### Provisioning errors + + +Shows the count per error code and when were they last seen. + +```query +AADProvisioningLogs +| where ResultType == "Failure" +| summarize Occurrences=count(), LastSeen=max(TimeGenerated) by ResultSignature +| order by LastSeen +``` + + + +### Provisioned objects by day + + +Summarizes for each day the number of created objects per day. + +```query +AADProvisioningLogs +| where TimeGenerated > ago(7d) +| where ResultType == "Success" +| where Action == "Create" +| parse SourceIdentity with * "\"identityType\":\"" Type "\"" * +| extend Type = tolower(Type) +| summarize count() by Type, bin(TimeGenerated, 1d) +| render columnchart +``` + diff --git a/articles/azure-monitor/reference/queries/aadriskyusers.md b/articles/azure-monitor/reference/queries/aadriskyusers.md new file mode 100644 index 0000000000..ba514c91ad --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadriskyusers.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AADRiskyUsers +description: Example queries for AADRiskyUsers log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADRiskyUsers table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### High risk users + + +Gets list of the top 100 at high risk users for the last day. + +```query +AADRiskyUsers +| where RiskLastUpdatedDateTime > ago(1d) +| where RiskLevel == "high" +| where RiskState == "atRisk" +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/aadserviceprincipalriskevents.md b/articles/azure-monitor/reference/queries/aadserviceprincipalriskevents.md new file mode 100644 index 0000000000..323ebafcd8 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadserviceprincipalriskevents.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AADServicePrincipalRiskEvents +description: Example queries for AADServicePrincipalRiskEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADServicePrincipalRiskEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Active service principal risk detections + + +Gets a list of active service principal risk detections. + +```query +AADServicePrincipalRiskEvents +| summarize arg_max(LastUpdatedDateTime, *) by RequestId, ServicePrincipalId +| where RiskState == "atRisk" +``` + diff --git a/articles/azure-monitor/reference/queries/aadserviceprincipalsigninlogs.md b/articles/azure-monitor/reference/queries/aadserviceprincipalsigninlogs.md new file mode 100644 index 0000000000..30ed202aa0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aadserviceprincipalsigninlogs.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for AADServicePrincipalSignInLogs +description: Example queries for AADServicePrincipalSignInLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADServicePrincipalSignInLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most active service principals + + +Gets list of top 100 most active service principals for the last day. + +```query +AADServicePrincipalSignInLogs +| where TimeGenerated > ago(1d) +| summarize CountPerServicePrincipal = count() by ServicePrincipalId +| order by CountPerServicePrincipal desc +| take 100 +``` + + + +### Inactive service principals + + +Service principals that had no sign-ins for the last 30d. + +```query +AADServicePrincipalSignInLogs +| where TimeGenerated > ago(90d) +| where ResultType == 0 +| summarize LastSignIn = max(TimeGenerated) by ServicePrincipalId +| where LastSignIn < ago(30d) +``` + diff --git a/articles/azure-monitor/reference/queries/aaduserriskevents.md b/articles/azure-monitor/reference/queries/aaduserriskevents.md new file mode 100644 index 0000000000..5c46f42022 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aaduserriskevents.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for AADUserRiskEvents +description: Example queries for AADUserRiskEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AADUserRiskEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Recent user risk events + + +Gets list of the top 100 active user risk events. + +```query +AADUserRiskEvents +| where DetectedDateTime > ago(1d) +| where RiskState == "atRisk" +| take 100 +``` + + + +### Active user risk detections + + +Gets a list of active user risk detections. + +```query +AADUserRiskEvents +| summarize arg_max(LastUpdatedDateTime, *) by RequestId, UserId +| where RiskState == "atRisk" +``` + diff --git a/articles/azure-monitor/reference/queries/absbotrequests.md b/articles/azure-monitor/reference/queries/absbotrequests.md new file mode 100644 index 0000000000..8ffa448f89 --- /dev/null +++ b/articles/azure-monitor/reference/queries/absbotrequests.md @@ -0,0 +1,210 @@ +--- +title: Example log table queries for ABSBotRequests +description: Example queries for ABSBotRequests log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ABSBotRequests table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Clients To Direct Line Channel + + +Logs of Clients to Direct Line channel requests. + +```query +// All the API calls that clients make to Direct Line channel +// e.g. Generate a Token, Refresh a Token, Post an Activity, Get Activities, GetAttachments, etc. +// You can adjust the limit value to the number of logs you would like to retrieve. +ABSBotRequests +| where OperationName contains "ClientToDirectLine" +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Bot To Channels + + +Logs of requests from the Bot to channels. + +```query +// This shows logs of requests sent by the bot to Azure Bot Service channels. +// You can adjust the limit value to the number of logs you would like to retrieve. +ABSBotRequests +| where OperationName contains "BotToChannel" +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Channels To Bot + + +Logs of requests from Channels to the bot. + +```query +// This query retrieves logs of requests sent from Azure Bot Service channels to the bot. +// You can adjust the limit value to the number of logs you would like to retrieve. +ABSBotRequests +| where OperationName contains "ChannelToBot" +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Requests From Facebook To Azure Bot Service + + +Logs of requests from Facebook to Azure Bot Service Facebook Channel. + +```query +// To retrieve logs for another channel, replace FacebookToChannel with the respective channel request operation name +// e.g. SlackToChannel, KikToChannel, GroupmeToChannel, LineToChannel, SMSToChannel, TelegramToChannel and EmailToChannel. +ABSBotRequests +| where OperationName contains "FacebookToChannel" +| sort by TimeGenerated desc +``` + + + +### Requests From Azure Bot Service To Facebook API + + +Logs of requests from Azure Bot Service Facebook Channel to Facebook API. + +```query +// To retrieve logs for another channel, replace ChannelToFacebookAPI with the respective channel request operation name +// e.g. ChannelToSlackAPI, ChannelToGroupmeAPI, ChannelToKikAPI, ChannelToLineAPI, ChannelToSMSAPI, ChannelToTelegramAPI and ChannelToEmailAPI. +ABSBotRequests +| where OperationName contains "ChannelToFacebookAPI" +| sort by TimeGenerated desc +``` + + + +### Activities Sent from Clients to Direct Line + + +Logs of requests to send activities from a client to Direct Line channel. + +```query +// This query displays logs of requests sent from a client such as WebChat to Direct Line channel. +// Replace 'SendAnActivity:ClientToDirectLine' with any operation name whose logs you would like to retrieve. +ABSBotRequests +| where OperationName == 'SendAnActivity:ClientToDirectLine' +| sort by TimeGenerated desc +``` + + + +### Direct Line Channel Logs + + +Retrieve logs associated with Direct Line channel. + +```query +// This query retrieves logs of requests related to Direct Line channel. +ABSBotRequests +| where Channel == "directline" +| sort by TimeGenerated desc +``` + + + +### Failed Requests + + +List of logs of unsuccessful requests. + +```query +// Retrieve all logs of requests that have not been successful within a selected time range. +ABSBotRequests +| where ResultCode < 200 or ResultCode >= 300 +| sort by TimeGenerated desc +``` + + + +### Direct Line Channel Response Codes Line Chart + + +Line Chart showing Direct Line channel requests response codes. + +```query +// This query displays a Line Chart showing requests related to Direct Line channel. +ABSBotRequests +| where Channel == "directline" +| summarize Number_Of_Requests = count() by tostring(ResultCode), bin(TimeGenerated, 5m) +| render timechart +``` + + + +### Requests Duration Line Chart + + +Line Chart showing requests response times/duration per operation. + +```query +// This query displays a Line Chart showing requests response duration per operation. +ABSBotRequests +| summarize DurationMs = avg(DurationMs) by bin(TimeGenerated, 5m), OperationName +| render timechart +``` + + + +### Response Codes Line Chart + + +Line Chart showing requests response status codes. + +```query +// Display a Line Chart of requests response status codes. +ABSBotRequests +| summarize Number_Of_Requests = count() by tostring(ResultCode), bin(TimeGenerated, 5m) +| render timechart +``` + + + +### Response Codes PieChart + + +Pie Chart showing requests response status codes. + +```query +// Display a Pie Chart showing requests response status codes. +ABSBotRequests +| summarize count() by tostring(ResultCode) +| render piechart +``` + + + +### Request Operations PieChart + + +Pie Chart showing requests operations. + +```query +// Display a Pie Chart showing requests by operation name. +// This gives a perspective of the request operations percentage distribution in the selected time range. +ABSBotRequests +| summarize count() by tostring(OperationName) +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/acicollaborationaudit.md b/articles/azure-monitor/reference/queries/acicollaborationaudit.md new file mode 100644 index 0000000000..1cd6ee52f0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acicollaborationaudit.md @@ -0,0 +1,112 @@ +--- +title: Example log table queries for ACICollaborationAudit +description: Example queries for ACICollaborationAudit log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACICollaborationAudit table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### How many times a resource was granted grants per pipeline run? + + +Return the number of times access was granted for resources during pipeline run. Grouped by the type of grant: Entitlement (by participant in production mode), Referenced (by participant in test mode) or Owner (by the owner of the resource). + +```query +//================================================================================================================================================================= +// summarize by CorrelationId groups audits by pipeline run. For more details about summarize see: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/summarizeoperator +ACICollaborationAudit +| summarize PipelineExecutedOn=max(TimeGenerated), ResourceAccessGrantCount=count(), EntitlementResult=array_strcat(make_set(EntitlementResult), ',') by CorrelationId, GrantType, TargetResourceId +| project-away CorrelationId +| order by PipelineExecutedOn desc, TargetResourceId asc +| top 100 by PipelineExecutedOn; + +``` + + + +### What entitlements was granted to my resource? + + +Find entitlements that was granted to CI resources. Can be used to query a specific resource. + +```query +//============================================================================================== +// For specific results, insert values in the let statements and uncomment the where filters within the query +// let partialResourceId = ""); +ACICollaborationAudit +| where GrantType == 'Entitlement' +//| where TargetResourceId has partialResourceId +| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0]) +| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','), + GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType), + TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType), ParticipantName=any(ParticipantName), + OperationName=any(ShortOperationName) + by GrantCorrelationId +| project-away GrantCorrelationId +| order by TimeGenerated desc +| limit 100; + +``` + + + +### What resources was granted accessed by an entitlement? + + +Find CI resources that was entitled for access. Can be used to query a specific entitlement. + +```query +//============================================================================================ +// For specific results, insert values in the let statements and uncomment the where filters within the query +// let entitlementOrContract = ""); +ACICollaborationAudit +| where GrantType == 'Entitlement' +//| where GrantSource has entitlementOrContract +| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0]) +| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','), + TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType), + ParticipantName=any(ParticipantName), GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType), + OperationName=any(ShortOperationName) + by GrantCorrelationId +| project-away GrantCorrelationId +| order by TimeGenerated desc +| limit 100; + +``` + + + +### Which participants was granted accessed to my resource? + + +Find participants that was granted access to CI resources. Can be used to query a specific resource. + +```query +//===================================================================================================== +// For specific results, insert values in the let statements and uncomment the where filters within the query +// let partialParticipantName = ""); +ACICollaborationAudit +| where GrantType == 'Entitlement' +//| where ParticipantName contains partialParticipantName +| extend ShortOperationName=tostring(array_slice(split(OperationName, '/'), -1, -1)[0]) +| summarize TimeGenerated=max(TimeGenerated), EntitlementResult=array_strcat(make_set(EntitlementResult), ','), + TargetResourceId=any(TargetResourceId), TargetResourceType=any(TargetResourceType), + GrantSource=any(GrantSource), GrantSourceType=any(GrantSourceType), + OperationName=any(ShortOperationName), ParticipantName=any(ParticipantName) + by GrantCorrelationId +| project-away GrantCorrelationId +| order by TimeGenerated desc +| limit 100; + +``` + diff --git a/articles/azure-monitor/reference/queries/acrconnectedclientlist.md b/articles/azure-monitor/reference/queries/acrconnectedclientlist.md new file mode 100644 index 0000000000..93a8177aad --- /dev/null +++ b/articles/azure-monitor/reference/queries/acrconnectedclientlist.md @@ -0,0 +1,45 @@ +--- +title: Example log table queries for ACRConnectedClientList +description: Example queries for ACRConnectedClientList log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACRConnectedClientList table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Unique Redis client IP addresses + + +Unique Redis client IP addresses that have connected to the cache. + +```query +ACRConnectedClientList +| summarize count() by ClientIp + +``` + + + +### Redis client connections per hour + + +Redis client connections per hour within the specified IP address range. + +```query +let IpRange = "10.1.1.0/24"; +ACRConnectedClientList +// For particular datetime filtering, add '| where TimeGenerated between (StartTime .. EndTime)' +| where ipv4_is_in_range(ClientIp, IpRange) +| summarize ConnectionCount = sum(ClientCount) by TimeRange = bin(TimeGenerated, 1h) + +``` + diff --git a/articles/azure-monitor/reference/queries/acrentraauthenticationauditlog.md b/articles/azure-monitor/reference/queries/acrentraauthenticationauditlog.md new file mode 100644 index 0000000000..922343983b --- /dev/null +++ b/articles/azure-monitor/reference/queries/acrentraauthenticationauditlog.md @@ -0,0 +1,40 @@ +--- +title: Example log table queries for ACREntraAuthenticationAuditLog +description: Example queries for ACREntraAuthenticationAuditLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACREntraAuthenticationAuditLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Microsoft Entra authentication audit log + + +Logging Microsoft Entra authentication audit events. + +```query +source +| project + TimeGenerated = todatetime(['time']), + Location = location, + OperationName = operationName, + CacheName = tostring(properties.tenant), + Message = tostring(properties.message), + Authentication = tostring(properties.authentication), + Username = tostring(properties.username), + IpAddress = tostring(properties.ipAddress), + ClientId = tostring(properties.clientId), + ClientName = tostring(properties.clientName), + Lifetime = tostring(properties.lifetime), + RoleInstance = toint(properties.roleInstance) +``` + diff --git a/articles/azure-monitor/reference/queries/acsadvancedmessagingoperations.md b/articles/azure-monitor/reference/queries/acsadvancedmessagingoperations.md new file mode 100644 index 0000000000..394f5d659f --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsadvancedmessagingoperations.md @@ -0,0 +1,117 @@ +--- +title: Example log table queries for ACSAdvancedMessagingOperations +description: Example queries for ACSAdvancedMessagingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSAdvancedMessagingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Advanced Messaging operations + + +Returns all distinct combinations of Advanced Messaging operation and version pairs. + +```query +ACSAdvancedMessagingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Advanced Messaging operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each chat operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSAdvancedMessagingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 + +``` + + + +### Advanced Messaging top 5 IP addresses per operation + + +For every Advanced Messaging operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSAdvancedMessagingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### Advanced Messaging operational errors + + +List every Advanced Messaging error ordered by recency. + +```query +ACSAdvancedMessagingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature, ResultDescription +| order by TimeGenerated desc +| limit 100 +``` + + + +### Advanced Messaging operation result counts + + +For every Advanced Messaging operation, count the types of returned results. + +```query +ACSAdvancedMessagingOperations +| summarize Count = count() by OperationName, OperationVersion, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + + + +### Advanced Messaging channel activity + + +Summary of the message activity per channel for the past 24 hours. + +```query +ACSAdvancedMessagingOperations +| where TimeGenerated > ago(24h) +| summarize count() by ChannelId, MessageType +| order by ChannelId asc +``` + + + +### Advanced Messaging message status count + + +Count of message status for the past 24 hours. + +```query +ACSAdvancedMessagingOperations +| where TimeGenerated > ago(24h) +| summarize Count = count() by MessageType, MessageStatus +| order by MessageType asc, Count desc +``` + diff --git a/articles/azure-monitor/reference/queries/acsauthincomingoperations.md b/articles/azure-monitor/reference/queries/acsauthincomingoperations.md new file mode 100644 index 0000000000..941fd6ad0f --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsauthincomingoperations.md @@ -0,0 +1,89 @@ +--- +title: Example log table queries for ACSAuthIncomingOperations +description: Example queries for ACSAuthIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSAuthIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### List distinct auth operations + + +Returns all distinct combinations of auth operation and version pairs. + +```query +ACSAuthIncomingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Calculate auth operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each auth operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSAuthIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 + +``` + + + +### Top 5 IP addresses per auth operation + + +For every auth operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSAuthIncomingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### Auth operational errors + + +List every auth error ordered by recency. + +```query +ACSAuthIncomingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature, ResultDescription +| order by TimeGenerated desc +| limit 100 +``` + + + +### Auth operation result counts + + +For every auth operation, count the types of returned results. + +```query +ACSAuthIncomingOperations +| summarize Count = count() by OperationName, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/acsbillingusage.md b/articles/azure-monitor/reference/queries/acsbillingusage.md new file mode 100644 index 0000000000..ee2a84f7b8 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsbillingusage.md @@ -0,0 +1,85 @@ +--- +title: Example log table queries for ACSBillingUsage +description: Example queries for ACSBillingUsage log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSBillingUsage table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get long calls + + +Retrive all the calls that lasted longer than an hours. + +```query +ACSBillingUsage +| tolower(UsageType) == "audio" // only look at records that are calls +| extend Length = EndTime - StartTime +| where Length > 1h // return if the call is greater than an hour +``` + + + +### Usage breakdown + + +Get the total usage for each mode per hour (note that the first and last hours displayed will represent partial data). + +```query +ACSBillingUsage +| summarize Usage=sum(Quantity) by UsageType, bin(TimeGenerated, 1h) // count the number of units for each type of usage, per hour +| render columnchart +``` + + + +### Record count breakdown + + +Get the unique number of usage records for each mode per hour (note that the first and last hours displayed will represent partial data). + +```query +ACSBillingUsage +| summarize Occurences=dcount(RecordId) by UsageType, bin(TimeGenerated, 1h) // count the number of unique records for each type of usage, per hour +| render columnchart +``` + + + +### Participant Phone Numbers + + +Lists the phone numbers of the participants in the call. (Phone numbers come from ACSBillingUsage table). + +```query +ACSCallSummary +// Get the calls with CallType as Group +| where CallType == 'Group' +| project CorrelationId, ParticipantId, ParticipantStartTime, ParticipantDuration, EndpointType, CallType, CallStartTime, PstnParticipantCallType +// Join with ACSBillingUsage data on ParticipantId +| join kind=leftouter (ACSBillingUsage + | where isnotempty(ParticipantId) + | project ParticipantId, UserIdA, UserIdB, StartTime, Quantity) + on ParticipantId +// Combine with calls of CallType P2P +| union (ACSCallSummary +| where CallType == 'P2P' +| project CorrelationId, ParticipantId, ParticipantStartTime, ParticipantDuration, EndpointType, CallType, CallStartTime, PstnParticipantCallType +// Join with ACSBillingUsage data on CorrelationId +| join kind=leftouter (ACSBillingUsage + | where isnotempty(ParticipantId) + | project CorrelationId, ParticipantId, UserIdA, UserIdB, StartTime, Quantity) + on CorrelationId) +| order by CallStartTime, ParticipantStartTime +``` + diff --git a/articles/azure-monitor/reference/queries/acscallautomationincomingoperations.md b/articles/azure-monitor/reference/queries/acscallautomationincomingoperations.md new file mode 100644 index 0000000000..450ef1a793 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallautomationincomingoperations.md @@ -0,0 +1,150 @@ +--- +title: Example log table queries for ACSCallAutomationIncomingOperations +description: Example queries for ACSCallAutomationIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallAutomationIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Call Automation operations + + +Returns all distinct combinations of call automation operation and version pairs. + +```query +ACSCallAutomationIncomingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Calculate Call Automation operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each call automation operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSCallAutomationIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 +``` + + + +### Top 5 IP addresses per Call Automation operation + + +For every call automation operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSCallAutomationIncomingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### Call Automation operational errors + + +List every call automation error ordered by recency. + +```query +ACSCallAutomationIncomingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature +| order by TimeGenerated desc +| limit 100 +``` + + + +### Call Automation operation result counts + + +For every call automation operation, count the types of returned results. + +```query +ACSCallAutomationIncomingOperations +| summarize Count = count() by OperationName, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + + + +### Call Automation logs for call connection ID + + +Queries Call Automation logs for a particular call connection ID. + +```query +ACSCallAutomationIncomingOperations +//| where CallConnectionId == "" // This can be uncommented to filter on a specific call connection ID +| limit 100 + +``` + + + +### Call Automation API operations on a call + + +Returns all Call Automation API operation and version pairs for a specific call (correlation ID). + +```query +ACSCallAutomationIncomingOperations +//| where CorrelationId == "" // This can be uncommented to filter on a specific correlation ID +| project CorrelationId, OperationName, OperationVersion +| limit 100 +``` + + + +### CallDiagnostics log for CallAutomation API call + + +Queries the diagnostics log for a call which was interacted with by Call Automation API using correlation ID. + +```query +ACSCallAutomationIncomingOperations +//| where CorrelationId == "" // This can be uncommented to filter on a specific correlation ID +| join kind=inner + (ACSCallDiagnostics) + on CorrelationId +| limit 100 + +``` + + + +### CallSummary log for CallAutomation API call + + +Queries the summary log for a call which was interacted with by Call Automation API using correlation ID. + +```query +ACSCallAutomationIncomingOperations +//| where CorrelationId == "" // This can be uncommented to filter on a specific correlation ID +| join kind=inner + (ACSCallSummary) + on CorrelationId +| limit 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/acscallautomationmediasummary.md b/articles/azure-monitor/reference/queries/acscallautomationmediasummary.md new file mode 100644 index 0000000000..0fa59c51ee --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallautomationmediasummary.md @@ -0,0 +1,70 @@ +--- +title: Example log table queries for ACSCallAutomationMediaSummary +description: Example queries for ACSCallAutomationMediaSummary log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallAutomationMediaSummary table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Loop play success rate + + +Calculates the number of success and failures of the play operation when played in loop or not. + +```query +ACSCallAutomationMediaSummary +| where OperationName == "Play" +| summarize playedInLoopCount=count() by PlayInLoop, ResultType +``` + + + +### Play to participant success rate + + +Calculates the number of success and failures of the play operation when played to a participant or to all. + +```query +ACSCallAutomationMediaSummary +| where OperationName == "Play" +| summarize playedToCount=count() by PlayToParticipant, ResultType +``` + + + +### Recognize success rate + + +Calculates the number of success and failures of the recognize operation. + +```query +ACSCallAutomationMediaSummary +| where OperationName == "Recognize" +| summarize recognizeCount=count() by ResultType +``` + + + +### Success rate by sub operation name + + +Calculates the number of success and failures of the recognize operation based on its sub operation name. + +```query +ACSCallAutomationIncomingOperations +| join ACSCallAutomationMediaSummary on OperationId +| where OperationName == "Recognize" +| summarize recognizeCount=count() by SubOperationName, ResultType1 +| project SubOperationName, EventResultType = ResultType1, recognizeCount +``` + diff --git a/articles/azure-monitor/reference/queries/acscallclientmediastatstimeseries.md b/articles/azure-monitor/reference/queries/acscallclientmediastatstimeseries.md new file mode 100644 index 0000000000..e7afc10e5a --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallclientmediastatstimeseries.md @@ -0,0 +1,55 @@ +--- +title: Example log table queries for ACSCallClientMediaStatsTimeSeries +description: Example queries for ACSCallClientMediaStatsTimeSeries log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallClientMediaStatsTimeSeries table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Metrics per each media type + + +List all the media metrics included in the ACSCallClientMediaStatsTimeSeries log for each media stream type. + +```query +ACSCallClientMediaStatsTimeSeries +| distinct MetricName, MediaStreamType +``` + + + +### Metric histogram per media type and direction + + +Plot the histogram of selected metric, per callId, participantId, media type and meida direction + +```query +let PlotMetricHistogram = (_MetricName: string, _ParticipantId: string = '', _CallId: string = '', _MediaStreamType: string = '', _MediaStreamDirection: string = '') { + // _MetricName: the name of the metric. This must be set. + // _ParticipantId: set this variable if want to just plot the metric value histogram for a specific partiticpant. + // _CallId: set this variable if want to just plot the metric value histogram for a specific call. + // _MediaStreamType: possible values can be: 'audio', 'video', 'screen'. + // _MediaStreamDirection: possible values can be: 'recv', 'send'. + ACSCallClientMediaStatsTimeSeries + | where MetricName == _MetricName + | where isempty(_ParticipantId) or ParticipantId == _ParticipantId + | where isempty(_CallId) or CallId == _CallId + | where isempty(_MediaStreamType) or MediaStreamType == _MediaStreamType + | where isempty(_MediaStreamDirection) or MediaStreamDirection == _MediaStreamDirection + | summarize count=count() by Average + | render columnchart title=strcat(_MetricName, " Histogram") +}; +// Below plots the histogram for jitter for all outbound audio streams +PlotMetricHistogram('JitterInMs', _MediaStreamType='audio', _MediaStreamDirection='send') +``` + diff --git a/articles/azure-monitor/reference/queries/acscallclientoperations.md b/articles/azure-monitor/reference/queries/acscallclientoperations.md new file mode 100644 index 0000000000..9b112c2def --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallclientoperations.md @@ -0,0 +1,650 @@ +--- +title: Example log table queries for ACSCallClientOperations +description: Example queries for ACSCallClientOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallClientOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count client operations by type + + +Count the client operations by type, and return the count of each type of operation. + +```query +ACSCallClientOperations +| summarize count() by OperationName +``` + + + +### Outgoing call failure reasons + + +The count of failed outgoing client calls by failure reason. + +```query +ACSCallClientOperations +| where ResultType !in ('Succeeded', 'Success', 'ExpectedClientError') +| where OperationName in ('Join', 'EnterCall') +| where OperationPayload.CallDirection == 'Outgoing' +| summarize Count=count() by tostring(OperationPayload.FailureReason) +| render columnchart title="Failure reasons for outgoing call" +``` + + + +### Search calls by keyword + + +List all calls found that contains the keyword, and returns the details of the call including rating, quality, issues breakdown etc. This query is also used in Call Diagnostics to search for calls. + +```query +// Set queryConditions_keyword to be the searching keyword. It can be CallId, ParticipantId, +// Identifier or any other column values in ACSCallSummary log. If not set, the query will return all calls. +// Note this query is also used to provide the data in Call Diagnostics. +declare query_parameters(queryConditions_keyword:string = '', + queryConditions_startTime:string = '', + queryConditions_endTime:string = ''); +let callIds = +materialize(ACSCallSummary +| where isempty(queryConditions_startTime) or CallStartTime >= todatetime(queryConditions_startTime) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where isempty(queryConditions_endTime) or CallEndTime <= todatetime(queryConditions_endTime) +| where isempty(queryConditions_keyword) or * contains queryConditions_keyword +| distinct CorrelationId, ParticipantId); +let searchedCalls = +materialize(ACSCallSummary +| where CorrelationId in ((callIds | project CorrelationId)) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle CallStartTime = take_any(CallStartTime), CallEndTime = take_any(CallEndTime), CallType = take_any(CallType), +numOfDroppedParticipant = count_distinctif(ParticipantId, ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580')) by CorrelationId); +// client type +let allParticipants = materialize(ACSCallSummary +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where CorrelationId in ((callIds | project CorrelationId)) +| union (ACSCallClientOperations +| where CallId in ((callIds | project CorrelationId)) +| where isnotempty(ParticipantId) +| distinct ParticipantId, CorrelationId = CallId, EndpointType = 'VoIP') +| summarize hint.strategy = shuffle take_any(EndpointType) by ParticipantId, CorrelationId); +let clientTypeInfo = materialize(allParticipants +| summarize hint.strategy = shuffle count() by EndpointType, CorrelationId +| extend info = strcat(count_, ' ', EndpointType) +| summarize hint.strategy = shuffle summaryInfo = make_list(info, 100) by CorrelationId +| extend ClientType = strcat_array(summaryInfo, ', ') +| project CorrelationId, ClientType); +let totalNumOfParticipants = materialize(allParticipants | summarize hint.strategy = shuffle participantsCount = dcount(ParticipantId) by CorrelationId); +// quality +let qualityInfo = materialize(ACSCallDiagnostics +| where CorrelationId in ((callIds | project CorrelationId)) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where isnotempty(StreamId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId, StreamId +| extend + MediaType = iff(MediaType == 'VBSS', 'ScreenSharing', MediaType) | extend + __JitterQuality = iff(JitterAvg > 30, "Poor", "Good"), + __JitterBufferQuality = iff(JitterBufferSizeAvg > 200, "Poor", "Good"), + __PacketLossRateQuality = iff(PacketLossRateAvg > 0.1, "Poor", "Good"), + __RoundTripTimeQuality = iff(RoundTripTimeAvg > 500, "Poor", "Good"), + __HealedDataRatioQuality = iff(HealedDataRatioAvg > 0.1, "Poor", "Good"), + __VideoFrameRateQuality = iff((VideoFrameRateAvg < 1 and MediaType == 'ScreenSharing') or + (VideoFrameRateAvg < 7 and MediaType == 'Video'), "Poor", "Good"), + __FreezesQuality = iff((RecvFreezeDurationPerMinuteInMs > 25000 and MediaType == 'ScreenSharing') or + (RecvFreezeDurationPerMinuteInMs > 6000 and MediaType == 'Video'), "Poor", "Good"), + __VideoResolutionHeightQuality = iff((RecvResolutionHeight < 768 and MediaType == 'ScreenSharing') or + (RecvResolutionHeight < 240 and MediaType == 'Video'), "Poor", "Good") +| extend + __StreamQuality = iff( + (__JitterQuality == "Poor") + or (__JitterBufferQuality == "Poor") + or (__PacketLossRateQuality == "Poor") + or (__RoundTripTimeQuality == "Poor") + or (__HealedDataRatioQuality == "Poor") + or (__VideoFrameRateQuality == "Poor") + or (__FreezesQuality == "Poor") + or (__VideoResolutionHeightQuality == "Poor"), + "Poor", "Good"), + MediaDirection = iff(EndpointType == 'Server', 'InboundStream', 'OutboundStream') +| summarize hint.strategy = shuffle numOfPoorStreams = countif(__StreamQuality == 'Poor') by CorrelationId +| extend Quality = iff(numOfPoorStreams >0, 'Poor', 'Good') | project Quality, numOfPoorStreams, CorrelationId); +// rating +let ratingInfo = materialize(ACSCallSurvey +| where CallId in ((callIds | project CorrelationId)) +| extend OverallRatingScoreUpperBound = iff(isnotempty(OverallRatingScoreUpperBound), OverallRatingScoreUpperBound, 5) +| summarize hint.strategy = shuffle Rating = avg(OverallRatingScore*5.0/OverallRatingScoreUpperBound) by CallId +| project CorrelationId=CallId, Rating); +// client operation issues +let rangeEventsWithCorrelation = dynamic(['UserFacingDiagnostics']); +let pointEvents = dynamic([ +'SelectedMicrophoneChanged', 'SelectedSpeakerChanged', 'OptimalVideoCount-changed', 'State-changed', 'CallMode-changed', +'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'Id-changed', 'Role-changed', 'SelectedDevice-changed', 'PageHidden', +'optimalVideoCount-changed', 'state-changed', 'callMode-changed', 'isMuted-changed', 'isIncomingAudioMuted-changed', +'id-changed', 'role-changed', 'selectedDevice-changed', 'pageHidden']); +// We need clientIds to get all operations before call is established. +let callClientIds = materialize(ACSCallClientOperations +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) +| distinct ClientInstanceId, ParticipantId, CallId); +// +let allOperations = +materialize(callClientIds | join kind=rightouter hint.strategy=shuffle +(ACSCallClientOperations +| where isempty(queryConditions_startTime) or CallClientTimeStamp >= (todatetime(queryConditions_startTime) - 2h) +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) or ClientInstanceId in ((callClientIds | project ClientInstanceId)) +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp)) +on ClientInstanceId +| extend ParticipantId = coalesce(ParticipantId, ParticipantId1), CallId = coalesce(CallId, CallId1) +| project-away ParticipantId1, ClientInstanceId1, CallId1 +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallClientTimeStamp); +// +let correlatedOperations = materialize(allOperations +| where OperationName in (rangeEventsWithCorrelation) +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| extend OperationPayloadNew = bag_pack(tostring(CallClientTimeStamp), OperationPayload) +| project-away ResultType +| summarize hint.strategy = shuffle + arg_max(TimeGenerated, *), ResultType = iff(countif(UFDQuality != 'Good')>0, 'Failed', 'Succeeded'), + OperationStartTime = min(CallClientTimeStamp), OperationEndTime = max(CallClientTimeStamp), + OperationPayloadPacked = make_bag(OperationPayloadNew) by OperationId, UFDType, CallId +| extend ResultType = iff(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted"), 'Succeeded', ResultType), OperationName = UFDType +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +// +let nonCorrelatedOperations = materialize(allOperations +| where OperationName !in (rangeEventsWithCorrelation) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp))), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallId +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +let clientOperationIssues = +materialize(union nonCorrelatedOperations, correlatedOperations +| summarize hint.strategy = shuffle numOfBadOperations=count() by OperationName, CallId +| extend badClientOperations = bag_pack(OperationName, numOfBadOperations) +| summarize hint.strategy = shuffle badClientOperations = make_bag(badClientOperations), numOfBadOperations = sum(numOfBadOperations) by CorrelationId=CallId); +//// +searchedCalls +| join kind=leftouter hint.strategy=shuffle clientTypeInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle qualityInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle ratingInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle clientOperationIssues on CorrelationId +| join kind=leftouter hint.strategy=shuffle totalNumOfParticipants on CorrelationId +| extend numOfPoorStreams = coalesce(numOfPoorStreams, 0) +| extend + drops=bag_pack('Call Ended Ungracefully',numOfDroppedParticipant), + badMediaStreams = bag_pack('Poor Media Streams', numOfPoorStreams), + Issues = coalesce(numOfBadOperations, 0) + numOfDroppedParticipant + numOfPoorStreams +| extend + IssuesBreakdown=bag_merge(drops, badClientOperations, badMediaStreams) +| project + CallId=CorrelationId, CallStartTime, CallEndTime, CallType, + Participants=participantsCount, ClientType, + Quality=iff(isempty(Quality), 'Unknown', Quality), + Rating=case(isempty(Rating), 'Unknown', Rating>=4.5, 'Good', Rating >=3, 'Average', 'Poor'), + NumOfDroppedParticipant = numOfDroppedParticipant, + NumOfPoorStreams = numOfPoorStreams, + Issues, IssuesBreakdown +| order by CallStartTime desc +``` + + + +### Search all user facing diagnostics in a call + + +Find all user facing diagnostics for all participants in a call by callId. + +```query +// Replace queryConditions_callId with the callId you want to investigate. +declare query_parameters(queryConditions_callId:string = ''); +ACSCallClientOperations +| where CallId == queryConditions_callId +| where OperationName == 'UserFacingDiagnostics' +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| project CallId, ParticipantId, CallClientTimeStamp, UFDType, UFDQuality, OperationId +| order by OperationId, CallClientTimeStamp +``` + + + +### Search all participants in a call + + +Find all participants in a call by callId, and return the details of the participants.This query is also used in Call Diagnostics to search for participants. + +```query +// Set queryConditions_callId to be the CallId you want to query. +// Note this query is used in Call Diagnostics to get all the participant entities of a call. +declare query_parameters(queryConditions_callId:string = ''); +let participants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +| where ParticipantId != CorrelationId and isnotempty(ParticipantId) +| distinct ParticipantId, CallType); +let serviceSideParticipants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +// some participants don't have startTime, we use callStartTime instead. +| extend ParticipantStartTime = coalesce(ParticipantStartTime, CallStartTime) +| extend ParticipantEndTime = coalesce(ParticipantStartTime + 1s*ParticipantDuration, ParticipantStartTime + 10ms) +| extend EndReason=case( + ParticipantEndReason == "0", "Success", + ParticipantEndReason == "100","Trying", + ParticipantEndReason == "180","Ringing", + ParticipantEndReason == "181","Call Is Being Forwarded", + ParticipantEndReason == "182","Queued", + ParticipantEndReason == "183","Session Progress", + ParticipantEndReason == "199","Early Dialog Terminated", + ParticipantEndReason == "200","Success", + ParticipantEndReason == "202","Accepted", + ParticipantEndReason == "204","No Notification", + ParticipantEndReason == "300","Multiple Choices", + ParticipantEndReason == "301","Moved Permanently", + ParticipantEndReason == "302","Moved Temporarily", + ParticipantEndReason == "305","Use Proxy", + ParticipantEndReason == "380","Alternative Service", + ParticipantEndReason == "400","Bad Request", + ParticipantEndReason == "401","Unauthorized", + ParticipantEndReason == "402","Payment Required", + ParticipantEndReason == "403","Forbidden / Authentication failure", + ParticipantEndReason == "404","Call not found", + ParticipantEndReason == "405","Method Not Allowed", + ParticipantEndReason == "406","Not Acceptable", + ParticipantEndReason == "407","Proxy Authentication Required", + ParticipantEndReason == "408","Call controller timed out", + ParticipantEndReason == "409","Conflict", + ParticipantEndReason == "410","Local media stack or media infrastructure error", + ParticipantEndReason == "411","Length Required", + ParticipantEndReason == "412","Conditional Request Failed", + ParticipantEndReason == "413","Request Entity Too Large", + ParticipantEndReason == "414","Request-URI Too Large", + ParticipantEndReason == "415","Unsupported Media Type", + ParticipantEndReason == "416","Unsupported URI Scheme", + ParticipantEndReason == "417","Unknown Resource-Priority", + ParticipantEndReason == "420","Bad Extension", + ParticipantEndReason == "421","Extension Required", + ParticipantEndReason == "422","Session Interval Too Small", + ParticipantEndReason == "423","Interval Too Brief", + ParticipantEndReason == "424","Bad Location Information", + ParticipantEndReason == "428","Use Identity Header", + ParticipantEndReason == "429","Provide Referrer Identity", + ParticipantEndReason == "430","Unable to deliver message to client application", + ParticipantEndReason == "433","Anonymity Disallowed", + ParticipantEndReason == "436","Bad Identity-Info", + ParticipantEndReason == "437","Unsupported Certificate", + ParticipantEndReason == "438","Invalid Identity Header", + ParticipantEndReason == "439","First Hop Lacks Outbound Support", + ParticipantEndReason == "440","Max-Breadth Exceeded", + ParticipantEndReason == "469","Bad Info Package", + ParticipantEndReason == "470","Consent Needed", + ParticipantEndReason == "480","Remote client endpoint not registered", + ParticipantEndReason == "481","Failed to handle incoming call", + ParticipantEndReason == "482","Loop Detected", + ParticipantEndReason == "483","Too Many Hops", + ParticipantEndReason == "484","Address Incomplete", + ParticipantEndReason == "485","Ambiguous", + ParticipantEndReason == "486","Busy Here", + ParticipantEndReason == "487","Call canceled, locally declined, ended due to an endpoint mismatch issue, or failed to generate media offer", + ParticipantEndReason == "488","Not Acceptable Here", + ParticipantEndReason == "489","Bad Event", + ParticipantEndReason == "490","Local endpoint network issues", + ParticipantEndReason == "491","Local endpoint network issues", + ParticipantEndReason == "493","Undecipherable", + ParticipantEndReason == "494","Security Agreement Required", + ParticipantEndReason == "496","Local endpoint network issues", + ParticipantEndReason == "497","Local endpoint network issues", + ParticipantEndReason == "498","Local endpoint network issues", + ParticipantEndReason == "500","Communication Services infrastructure error", + ParticipantEndReason == "501","Not Implemented", + ParticipantEndReason == "502","Bad Gateway", + ParticipantEndReason == "503","Communication Services infrastructure error", + ParticipantEndReason == "504","Communication Services infrastructure error", + ParticipantEndReason == "505","Version Not Supported", + ParticipantEndReason == "513","Message Too Large", + ParticipantEndReason == "555","Push Notification Service Not Supported", + ParticipantEndReason == "580","Precondition Failure", + ParticipantEndReason == "600","Busy Everywhere", + ParticipantEndReason == "603","Call globally declined by remote Communication Services participant", + ParticipantEndReason == "604","Does Not Exist Anywhere", + ParticipantEndReason == "606","Not Acceptable", + ParticipantEndReason == "607","Unwanted", + ParticipantEndReason == "608","Rejected", "") +| extend Rank = iff(isempty(ParticipantId) and CallType == 'P2P' and EndpointType == 'VoIP', -1, 1) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId +| extend CallDroppedUngracefully = ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580') +| project + ParentEntityId = CorrelationId, + ParentEntityType = 'Call', + EntityType = 'Participant', + EntityId = ParticipantId, + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=ParticipantDuration, + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityPayload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'Identifier', Identifier, + 'EndpointId', EndpointId, + 'ParticipantType', ParticipantType, + 'EndpointType', EndpointType, + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion, + 'PstnParticipantCallType', PstnParticipantCallType + ), + Insights_HasIssues = CallDroppedUngracefully, + Insights_Payload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'ParticipantId', ParticipantId, + 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank); +// +let clientSideParticipants = materialize(ACSCallClientOperations +| where ParticipantId in (participants) or CallId == queryConditions_callId +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp), OperationName)), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(CallId, *) by OperationId +| where isnotempty(ParticipantId) +| extend OS = parse_user_agent(UserAgent, 'os').OperatingSystem +| extend OsVersion = strcat(OS.Family, OS.MajorVersion,'.', OS.MinorVersion) +| project OperationId, ParticipantId, CallId, CallClientTimeStamp, OperationName, OperationPayload, OsVersion, SdkVersion, ResultSignature, ResultType +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged), + isUFD = OperationName == 'UserFacingDiagnostics' +| extend + ResultType = iff(isUFD, iff(UFDQuality != 'Good' and not(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted")), 'Failed', 'Succeeded'), ResultType), + CallDroppedUngracefully = iff(OperationName in ('Hangup', 'EnterCall', 'Join'), ResultType !in ('Succeeded', 'Success', 'ExpectedError'), False), + ParticipantStartTime = iff(OperationName == 'EnterCall', CallClientTimeStamp, datetime(null)), + ParticipantEndTime = iff(OperationName == 'Hangup', CallClientTimeStamp, datetime(null)) +| summarize hint.strategy = shuffle arg_max(CallId, *), ResultType = iff(countif(ResultType == 'Failed') > 0, 'Failed', 'Succeeded'), + CallDroppedUngracefully = countif(CallDroppedUngracefully) > 0, + ParticipantStartTimeApprox = min(CallClientTimeStamp), + ParticipantEndTimeApprox = max(CallClientTimeStamp) by ParticipantId +| extend + ParticipantStartTime = coalesce(ParticipantStartTime, ParticipantStartTimeApprox), + ParticipantEndTime = coalesce(ParticipantEndTime, ParticipantEndTimeApprox) +| project + ParentEntityId = queryConditions_callId, + ParentEntityType = 'Call', + EntityId = ParticipantId, + EntityType = 'Participant', + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=tolong((ParticipantEndTime - ParticipantStartTime)/1s), + EntityPayload = bag_pack( + 'ParticipantType', 'ACS', + 'EndpointType', 'VoIP', + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion + ), + Insights_HasIssues = ResultType == 'Failed', + Insights_Payload = bag_pack('ParticipantId', ParticipantId, 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank = 0); +// Merge participantEntities from service side and client side, and if the participant exists in both sides, we take the one with higher Rank. +union serviceSideParticipants, clientSideParticipants +| summarize hint.strategy = shuffle arg_max(Rank, *), EntityPayload_Merged = make_bag(EntityPayload), + Insights_Payload_Merged = make_bag(Insights_Payload), + Insights_HasIssues_Merged = countif(Insights_HasIssues) > 0 by EntityId +| order by Rank +| project + ParentEntityId, + ParentEntityType, + EntityId, + EntityType, + EntityDisplayName, + EntityStartTime, + EntityEndTime, + EntityDuration, + EntityPayload = EntityPayload_Merged, + Insights_HasIssues = Insights_HasIssues_Merged, + Insights_Payload = Insights_Payload_Merged +``` + + + +### Search all client operations in a call + + +Find all client operations for all participants in a call by callId. This query is also used in Call Diagnostics to search for client operations. + +```query +// Replace queryConditions_callId with the callId you want to investigate. +declare query_parameters(queryConditions_callId:string = '00000000-0000-0000-0000-000000000000'); +let rangeEventsWithCorrelation = dynamic(['UserFacingDiagnostics']); +let pointEvents = dynamic([ +'SelectedMicrophoneChanged', 'SelectedSpeakerChanged', 'OptimalVideoCount-changed', 'State-changed', 'CallMode-changed', +'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'Id-changed', 'Role-changed', 'SelectedDevice-changed', 'PageHidden', +'optimalVideoCount-changed', 'state-changed', 'callMode-changed', 'isMuted-changed', 'isIncomingAudioMuted-changed', +'id-changed', 'role-changed', 'selectedDevice-changed', 'pageHidden']); +let participants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +| where ParticipantId != CorrelationId and isnotempty(ParticipantId) +| extend CallEndTime = CallStartTime + 1s*CallDuration +| distinct ParticipantId, CallStartTime, CallEndTime); +let OperationsTimestampLowerBound = max_of(toscalar(participants | summarize min(CallStartTime) | take 1) - 2h, ago(365d)); +let OperationsTimestampUpperBound = min_of(toscalar(participants | summarize max(CallEndTime) | take 1) + 2h, now()+365d); +// We need clientIds to get all operations before call is established. +let callClientIds = materialize(ACSCallClientOperations +| where ParticipantId in ((participants | project ParticipantId)) or CallId == queryConditions_callId +| distinct ClientInstanceId, ParticipantId); +// +let allOperations = +materialize(ACSCallClientOperations +| where CallClientTimeStamp between (OperationsTimestampLowerBound .. OperationsTimestampUpperBound) +| where ParticipantId in ((participants | project ParticipantId)) or CallId == queryConditions_callId or ClientInstanceId in ((callClientIds | project ClientInstanceId)) +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp) +| join kind=leftouter hint.strategy=shuffle callClientIds on ClientInstanceId +| extend ParticipantId = coalesce(ParticipantId, ParticipantId1) | project-away ParticipantId1, ClientInstanceId1 +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, OperationName, CallClientTimeStamp); +// +let correlatedOperations = materialize(allOperations +| where OperationName in (rangeEventsWithCorrelation) +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| extend OperationPayloadNew = bag_pack(tostring(CallClientTimeStamp), OperationPayload) +| project-away ResultType +// Make sure the UFD payload are aggregated in time-asc order. +| order by CallClientTimeStamp asc +| summarize hint.strategy = shuffle + arg_max(TimeGenerated, *), ResultType = iff(countif(UFDQuality != 'Good')>0, 'Failed', 'Succeeded'), + OperationStartTime = min(CallClientTimeStamp), OperationEndTime = max(CallClientTimeStamp), + OperationPayloadPacked = make_bag(OperationPayloadNew) by OperationId, UFDType +| extend + ResultType = iff(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted"), 'Succeeded', ResultType), + OperationEndTime = max_of(OperationEndTime, OperationStartTime+10ms) +| extend OperationPayload = todynamic(OperationPayload) +| extend UFDType = coalesce(tostring(OperationPayload.DiagnosticChanged), tostring(OperationPayload.diagnosticChanged)) +// Capitalize the first letter. +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)), substring(UFDType, 1)) +| extend parent_entity_type = case(OperationName has_any ('MuteMicrophone', 'UnmuteMicrophone', 'SelectedMicrophoneChanged', + 'SelectedSpeakerChanged', 'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'StopAudio'), + 'Audio', + // ADP can have both audio and video requested, so assign it to App + OperationName has_any ('State-changed', 'CallMode-changed', 'Id-changed', 'Role-changed', + 'SelectedDevice-changed', 'PageHidden', 'AcceptIncomingCall', 'RejectIncomingCall', 'Hangup', + 'AskDevicePermission', 'EnterCall', 'CallAgentInit'), + 'App', + OperationName has_any ('StartScreenShare', 'StopScreenShare'), + 'ScreenSharing', + OperationName has_any ('OptimalVideoCount-changed'), + 'Video', + OperationName has_any ('CreateView', 'DisposeView', 'StartVideo', 'StopVideo', 'SwitchSource'), + case( + tostring(OperationPayload.streamType) == 'Video', + 'Video', + tostring(OperationPayload.streamType) == 'ScreenSharing', + 'ScreenSharing', + tostring(OperationPayload.streamType) == 'RawMedia', + 'RawMedia', + 'Video' + ), + OperationName == 'UserFacingDiagnostics', + case( + UFDType contains 'Speak', + 'Audio', + UFDType contains 'microphone', + 'Audio', + UFDType contains 'camera', + 'Video', + UFDType contains 'capture', + 'Video', + UFDType contains 'screenshare', + 'ScreenSharing', + UFDType contains 'network', + 'Network', + 'App' + ), + 'App') +| project + ParentEntityId = strcat(ParticipantId, '-', parent_entity_type), + ParentEntityType = parent_entity_type, + OperationRoundtripId = OperationId, + OperationId = OperationId, + OperationName = OperationName, + OperationType = UFDType, + OperationStartTime, + OperationEndTime, + OperationDuration = DurationMs, + OperationDisplayName = UFDType, + OperationResultCode = toint(iff(ResultType !in ('Succeeded', 'Success', 'ExpectedError'), 500, 200)), + OperationResult = ResultType, + OperationPayload = OperationPayloadPacked, + Insights_HasIssues = ResultType !in ('Succeeded', 'Success', 'ExpectedError'), + ParticipantId, + UserAgent +| extend + Insights_Payload = bag_pack('ResultType', OperationResult, 'ResultSignature', OperationResultCode, 'userAgent', UserAgent, 'ParticipantId', ParticipantId), + ShowLabel = true +| project-away UserAgent); +// +let nonCorrelatedOperations = materialize(allOperations +| where OperationName !in (rangeEventsWithCorrelation) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp))), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId +| extend OperationPayload = todynamic(OperationPayload) +| extend UFDType = coalesce(tostring(OperationPayload.DiagnosticChanged), tostring(OperationPayload.diagnosticChanged)) +// Capitalize the first letter. +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)), substring(UFDType, 1)) +| extend parent_entity_type = case(OperationName has_any ('MuteMicrophone', 'UnmuteMicrophone', 'SelectedMicrophoneChanged', + 'SelectedSpeakerChanged', 'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'StopAudio'), + 'Audio', + // ADP can have both audio and video requested, so assign it to App + OperationName has_any ('State-changed', 'CallMode-changed', 'Id-changed', 'Role-changed', + 'SelectedDevice-changed', 'PageHidden', 'AcceptIncomingCall', 'RejectIncomingCall', 'Hangup', + 'AskDevicePermission', 'EnterCall', 'CallAgentInit'), + 'App', + OperationName has_any ('StartScreenShare', 'StopScreenShare'), + 'ScreenSharing', + OperationName has_any ('OptimalVideoCount-changed'), + 'Video', + OperationName has_any ('CreateView', 'DisposeView', 'StartVideo', 'StopVideo', 'SwitchSource'), + case( + tostring(OperationPayload.streamType) == 'Video', + 'Video', + tostring(OperationPayload.streamType) == 'ScreenSharing', + 'ScreenSharing', + tostring(OperationPayload.streamType) == 'RawMedia', + 'RawMedia', + 'Video' + ), + OperationName == 'UserFacingDiagnostics', + case( + UFDType contains 'Speak', + 'Audio', + UFDType contains 'microphone', + 'Audio', + UFDType contains 'camera', + 'Video', + UFDType contains 'capture', + 'Video', + UFDType contains 'screenshare', + 'ScreenSharing', + UFDType contains 'network', + 'Network', + 'App' + ), + 'App') +| project + ParentEntityId = strcat(ParticipantId, '-', parent_entity_type), + ParentEntityType = parent_entity_type, + OperationRoundtripId = OperationId, + OperationId = OperationId, + OperationName, + OperationType=OperationName, + OperationStartTime=CallClientTimeStamp, + OperationEndTime=iff(OperationName in (pointEvents), CallClientTimeStamp, CallClientTimeStamp + max_of(DurationMs, 10) * 1ms), + OperationDuration=DurationMs, + OperationDisplayName = OperationName, + OperationResultCode = ResultSignature, + OperationResult = ResultType, + OperationPayload, + Insights_HasIssues = ResultType !in ('Succeeded', 'Success', 'ExpectedError'), + Insights_Payload = bag_pack('ResultType', ResultType, 'ResultSignature', ResultSignature, 'userAgent', UserAgent, 'ParticipantId', ParticipantId), + ParticipantId, + ShowLabel = true); +let poorOperations = materialize((union nonCorrelatedOperations, correlatedOperations) + | where Insights_HasIssues + | extend + ParentEntityId = ParticipantId, + ParentEntityType = 'Participant', + OperationId = strcat('Participant-Issues-', OperationId), + GroupName = "lifeCycle", + ShowLabel = false); +union poorOperations, nonCorrelatedOperations, correlatedOperations +| project + ParentEntityId, + ParentEntityType, + OperationId, + OperationRoundtripId = OperationId, + OperationName, + OperationDisplayName, + OperationResultCode, + OperationResult, + OperationType, + OperationStartTime, + OperationEndTime, + OperationPayload, + Insights_HasIssues, + Insights_Payload +``` + diff --git a/articles/azure-monitor/reference/queries/acscalldiagnostics.md b/articles/azure-monitor/reference/queries/acscalldiagnostics.md new file mode 100644 index 0000000000..8333f27c1d --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscalldiagnostics.md @@ -0,0 +1,639 @@ +--- +title: Example log table queries for ACSCallDiagnostics +description: Example queries for ACSCallDiagnostics log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallDiagnostics table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Streams per call + + +Calculates the average number of streams per call. + +```query +ACSCallDiagnostics +// Count the streams and distinct calls +| summarize num_streams=count(), num_calls=dcount(CorrelationId) +// Calculate the average number of streams per call +| extend avg_streams = toreal(num_streams) / toreal(num_calls) +``` + + + +### Streams per call histogram + + +Produces a histogram of number of streams per call. + +```query +ACSCallDiagnostics +// Counts the number of streams per call +| summarize streams_per_call=count() by CorrelationId +// Aggregates the numbers of streams per call (e.g. if there are 7 calls that have 6 streams, +// this will produce a row [streams_per_call=6, stream_counts=7]) +| summarize stream_counts=count() by streams_per_call +| order by streams_per_call asc +| render columnchart title="Streams per call histogram" +``` + + + +### Media type ratio + + +Produces a pie chart of the proportion of streams of a particular media types. + +```query +ACSCallDiagnostics +// Count the number of streams per media type +| summarize media_types=count() by MediaType +| render piechart title="Media Type Ratio" +``` + + + +### Transport type ratio + + +Produces a pie chart of the proportion of streams using a particular transport types. + +```query +ACSCallDiagnostics +// Count the number of streams per transport type +| summarize transport_types=count() by TransportType +| render piechart title="Transport Type Ratio" +``` + + + +### Average telemetry values + + +Calculates the average values for the six telemetry fields. + +```query +ACSCallDiagnostics +// Calculate the average value for each of the six telemetry fields +| summarize Avg_JitterAvg=avg(JitterAvg), + Avg_JitterMax=avg(JitterMax), + Avg_RoundTripTimeAvg=avg(RoundTripTimeAvg), + Avg_RoundTripTimeMax=avg(RoundTripTimeMax), + Avg_PacketLossRateAvg=avg(PacketLossRateAvg), + Avg_PacketLossRateMax=avg(PacketLossRateMax) +``` + + + +### Jitter average histogram + + +Produces a histogram of average jitter per stream. + +```query +ACSCallDiagnostics +// Filter null values +| where isnotnull(JitterAvg) +// Count jitter values by 10 millisecond intervals +| summarize JitterAvg_counts=count() by bin(JitterAvg, 10) +| order by JitterAvg asc +| render columnchart with (xcolumn = JitterAvg, title="JitterAvg histogram") +``` + + + +### Jitter max histogram + + +Produces a histogram of max jitter per stream. + +```query +ACSCallDiagnostics +// Filter null values +| where isnotnull(JitterMax) +// Count jitter values by 10 millisecond intervals +|summarize JitterMax_counts=count() by JitterMax +| order by JitterMax asc +| render columnchart with (xcolumn = JitterMax, title="JitterMax histogram") +``` + + + +### Packet loss rate average histogram + + +Produces a histogram of average packet loss rate per stream. + +```query +ACSCallDiagnostics +// Filter null values +| where isnotnull(PacketLossRateAvg) +// Count packet loss rate values within an inverval of 0.01 (1%) +| summarize PacketLossRateAvg_counts=count() by bin(PacketLossRateAvg, 0.01) +| order by PacketLossRateAvg asc +| render columnchart with (xcolumn = PacketLossRateAvg, title="PacketLossRateAvg histogram") +``` + + + +### Packet loss rate max histogram + + +Produces a histogram of max packet loss rate per stream. + +```query +ACSCallDiagnostics +// Filter null values +| where isnotnull(PacketLossRateMax) +// Count packet loss rate values within an inverval of 0.01 (1%) +|summarize PacketLossRateMax_counts=count() by bin(PacketLossRateMax, 0.01) +| order by PacketLossRateMax asc +| render columnchart with (xcolumn = PacketLossRateMax, title="PacketLossRateMax histogram") +``` + + + +### Round trip time average histogram + + +Produces a histogram of average round trip time per stream. + +```query +// RoundTripTime Average Histogram +ACSCallDiagnostics +// Filter null values +| where isnotnull(RoundTripTimeAvg) +// Count round trip time values by 10 millisecond intervals +|summarize RoundTripTimeAvg_counts=count() by bin(RoundTripTimeAvg, 10) +| order by RoundTripTimeAvg asc +| render columnchart with (xcolumn = RoundTripTimeAvg, title="RoundTripTimeAvg histogram") +``` + + + +### Round trip time max histogram + + +Produces a histogram of max round trip time per stream. + +```query +ACSCallDiagnostics +// Filter null values +| where isnotnull(RoundTripTimeMax) +// Count round trip time values by 10 millisecond intervals +|summarize RoundTripTimeMax_counts=count() by bin(RoundTripTimeMax, 10) +| order by RoundTripTimeMax asc +| render columnchart with (xcolumn = RoundTripTimeMax, title="RoundTripTimeMax histogram") +``` + + + +### Jitter quality ratio + + +Produces a pie chart of the proportion of streams with good or poor jitter quality. + +```query +ACSCallDiagnostics +// Classify the jitter quality as Poor or Good based on +// whether the average jitter is higher than 30 milliseconds +| project JitterQuality = iff(JitterAvg > 30, "Poor", "Good") +// Counts the number of streams per jitter quality +| summarize count() by JitterQuality +| render piechart title="Jitter Quality" +``` + + + +### Packet loss rate quality ratio + + +Produces a pie chart of the proportion of streams with good or poor packet loss rate quality. + +```query +ACSCallDiagnostics +// Classify packet loss rate quality as Poor or Good based on +// whether the average packet loss rate is higher than 10% +| project PacketLossRateQuality = iff(PacketLossRateAvg > 0.1, "Poor", "Good") +// Count the number of streams per packet loss rate quality +| summarize count() by PacketLossRateQuality +| render piechart title="Packet Loss Rate Quality" +``` + + + +### Round trip time quality ratio + + +Produces a pie chart of the proportion of streams with good or poor round trip time quality. + +```query +ACSCallDiagnostics +// Classifying the round trip time quality as Poor or Good based on +// whether the average round trip time is higher than 500 milliseconds +| project RoundTripTimeQuality = iff(RoundTripTimeAvg > 500, "Poor", "Good") +// Count the number of streams per round trip time quality +| summarize count() by RoundTripTimeQuality +| render piechart title="Round Trip Time Quality" +``` + + + +### CallDiagnostics log for CallAutomation API call + + +Queries the diagnostics log for a call which was interacted with by Call Automation API using correlation ID. + +```query +ACSCallAutomationIncomingOperations +//| where CorrelationId == "" // This can be uncommented to filter on a specific correlation ID +| join kind=inner + (ACSCallDiagnostics) + on CorrelationId +| limit 100 + +``` + + + +### Search calls by keyword + + +List all calls found that contains the keyword, and returns the details of the call including rating, quality, issues breakdown etc. This query is also used in Call Diagnostics to search for calls. + +```query +// Set queryConditions_keyword to be the searching keyword. It can be CallId, ParticipantId, +// Identifier or any other column values in ACSCallSummary log. If not set, the query will return all calls. +// Note this query is also used to provide the data in Call Diagnostics. +declare query_parameters(queryConditions_keyword:string = '', + queryConditions_startTime:string = '', + queryConditions_endTime:string = ''); +let callIds = +materialize(ACSCallSummary +| where isempty(queryConditions_startTime) or CallStartTime >= todatetime(queryConditions_startTime) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where isempty(queryConditions_endTime) or CallEndTime <= todatetime(queryConditions_endTime) +| where isempty(queryConditions_keyword) or * contains queryConditions_keyword +| distinct CorrelationId, ParticipantId); +let searchedCalls = +materialize(ACSCallSummary +| where CorrelationId in ((callIds | project CorrelationId)) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle CallStartTime = take_any(CallStartTime), CallEndTime = take_any(CallEndTime), CallType = take_any(CallType), +numOfDroppedParticipant = count_distinctif(ParticipantId, ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580')) by CorrelationId); +// client type +let allParticipants = materialize(ACSCallSummary +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where CorrelationId in ((callIds | project CorrelationId)) +| union (ACSCallClientOperations +| where CallId in ((callIds | project CorrelationId)) +| where isnotempty(ParticipantId) +| distinct ParticipantId, CorrelationId = CallId, EndpointType = 'VoIP') +| summarize hint.strategy = shuffle take_any(EndpointType) by ParticipantId, CorrelationId); +let clientTypeInfo = materialize(allParticipants +| summarize hint.strategy = shuffle count() by EndpointType, CorrelationId +| extend info = strcat(count_, ' ', EndpointType) +| summarize hint.strategy = shuffle summaryInfo = make_list(info, 100) by CorrelationId +| extend ClientType = strcat_array(summaryInfo, ', ') +| project CorrelationId, ClientType); +let totalNumOfParticipants = materialize(allParticipants | summarize hint.strategy = shuffle participantsCount = dcount(ParticipantId) by CorrelationId); +// quality +let qualityInfo = materialize(ACSCallDiagnostics +| where CorrelationId in ((callIds | project CorrelationId)) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where isnotempty(StreamId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId, StreamId +| extend + MediaType = iff(MediaType == 'VBSS', 'ScreenSharing', MediaType) | extend + __JitterQuality = iff(JitterAvg > 30, "Poor", "Good"), + __JitterBufferQuality = iff(JitterBufferSizeAvg > 200, "Poor", "Good"), + __PacketLossRateQuality = iff(PacketLossRateAvg > 0.1, "Poor", "Good"), + __RoundTripTimeQuality = iff(RoundTripTimeAvg > 500, "Poor", "Good"), + __HealedDataRatioQuality = iff(HealedDataRatioAvg > 0.1, "Poor", "Good"), + __VideoFrameRateQuality = iff((VideoFrameRateAvg < 1 and MediaType == 'ScreenSharing') or + (VideoFrameRateAvg < 7 and MediaType == 'Video'), "Poor", "Good"), + __FreezesQuality = iff((RecvFreezeDurationPerMinuteInMs > 25000 and MediaType == 'ScreenSharing') or + (RecvFreezeDurationPerMinuteInMs > 6000 and MediaType == 'Video'), "Poor", "Good"), + __VideoResolutionHeightQuality = iff((RecvResolutionHeight < 768 and MediaType == 'ScreenSharing') or + (RecvResolutionHeight < 240 and MediaType == 'Video'), "Poor", "Good") +| extend + __StreamQuality = iff( + (__JitterQuality == "Poor") + or (__JitterBufferQuality == "Poor") + or (__PacketLossRateQuality == "Poor") + or (__RoundTripTimeQuality == "Poor") + or (__HealedDataRatioQuality == "Poor") + or (__VideoFrameRateQuality == "Poor") + or (__FreezesQuality == "Poor") + or (__VideoResolutionHeightQuality == "Poor"), + "Poor", "Good"), + MediaDirection = iff(EndpointType == 'Server', 'InboundStream', 'OutboundStream') +| summarize hint.strategy = shuffle numOfPoorStreams = countif(__StreamQuality == 'Poor') by CorrelationId +| extend Quality = iff(numOfPoorStreams >0, 'Poor', 'Good') | project Quality, numOfPoorStreams, CorrelationId); +// rating +let ratingInfo = materialize(ACSCallSurvey +| where CallId in ((callIds | project CorrelationId)) +| extend OverallRatingScoreUpperBound = iff(isnotempty(OverallRatingScoreUpperBound), OverallRatingScoreUpperBound, 5) +| summarize hint.strategy = shuffle Rating = avg(OverallRatingScore*5.0/OverallRatingScoreUpperBound) by CallId +| project CorrelationId=CallId, Rating); +// client operation issues +let rangeEventsWithCorrelation = dynamic(['UserFacingDiagnostics']); +let pointEvents = dynamic([ +'SelectedMicrophoneChanged', 'SelectedSpeakerChanged', 'OptimalVideoCount-changed', 'State-changed', 'CallMode-changed', +'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'Id-changed', 'Role-changed', 'SelectedDevice-changed', 'PageHidden', +'optimalVideoCount-changed', 'state-changed', 'callMode-changed', 'isMuted-changed', 'isIncomingAudioMuted-changed', +'id-changed', 'role-changed', 'selectedDevice-changed', 'pageHidden']); +// We need clientIds to get all operations before call is established. +let callClientIds = materialize(ACSCallClientOperations +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) +| distinct ClientInstanceId, ParticipantId, CallId); +// +let allOperations = +materialize(callClientIds | join kind=rightouter hint.strategy=shuffle +(ACSCallClientOperations +| where isempty(queryConditions_startTime) or CallClientTimeStamp >= (todatetime(queryConditions_startTime) - 2h) +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) or ClientInstanceId in ((callClientIds | project ClientInstanceId)) +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp)) +on ClientInstanceId +| extend ParticipantId = coalesce(ParticipantId, ParticipantId1), CallId = coalesce(CallId, CallId1) +| project-away ParticipantId1, ClientInstanceId1, CallId1 +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallClientTimeStamp); +// +let correlatedOperations = materialize(allOperations +| where OperationName in (rangeEventsWithCorrelation) +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| extend OperationPayloadNew = bag_pack(tostring(CallClientTimeStamp), OperationPayload) +| project-away ResultType +| summarize hint.strategy = shuffle + arg_max(TimeGenerated, *), ResultType = iff(countif(UFDQuality != 'Good')>0, 'Failed', 'Succeeded'), + OperationStartTime = min(CallClientTimeStamp), OperationEndTime = max(CallClientTimeStamp), + OperationPayloadPacked = make_bag(OperationPayloadNew) by OperationId, UFDType, CallId +| extend ResultType = iff(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted"), 'Succeeded', ResultType), OperationName = UFDType +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +// +let nonCorrelatedOperations = materialize(allOperations +| where OperationName !in (rangeEventsWithCorrelation) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp))), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallId +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +let clientOperationIssues = +materialize(union nonCorrelatedOperations, correlatedOperations +| summarize hint.strategy = shuffle numOfBadOperations=count() by OperationName, CallId +| extend badClientOperations = bag_pack(OperationName, numOfBadOperations) +| summarize hint.strategy = shuffle badClientOperations = make_bag(badClientOperations), numOfBadOperations = sum(numOfBadOperations) by CorrelationId=CallId); +//// +searchedCalls +| join kind=leftouter hint.strategy=shuffle clientTypeInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle qualityInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle ratingInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle clientOperationIssues on CorrelationId +| join kind=leftouter hint.strategy=shuffle totalNumOfParticipants on CorrelationId +| extend numOfPoorStreams = coalesce(numOfPoorStreams, 0) +| extend + drops=bag_pack('Call Ended Ungracefully',numOfDroppedParticipant), + badMediaStreams = bag_pack('Poor Media Streams', numOfPoorStreams), + Issues = coalesce(numOfBadOperations, 0) + numOfDroppedParticipant + numOfPoorStreams +| extend + IssuesBreakdown=bag_merge(drops, badClientOperations, badMediaStreams) +| project + CallId=CorrelationId, CallStartTime, CallEndTime, CallType, + Participants=participantsCount, ClientType, + Quality=iff(isempty(Quality), 'Unknown', Quality), + Rating=case(isempty(Rating), 'Unknown', Rating>=4.5, 'Good', Rating >=3, 'Average', 'Poor'), + NumOfDroppedParticipant = numOfDroppedParticipant, + NumOfPoorStreams = numOfPoorStreams, + Issues, IssuesBreakdown +| order by CallStartTime desc +``` + + + +### Search all participants in a call + + +Find all participants in a call by callId, and return the details of the participants.This query is also used in Call Diagnostics to search for participants. + +```query +// Set queryConditions_callId to be the CallId you want to query. +// Note this query is used in Call Diagnostics to get all the participant entities of a call. +declare query_parameters(queryConditions_callId:string = ''); +let participants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +| where ParticipantId != CorrelationId and isnotempty(ParticipantId) +| distinct ParticipantId, CallType); +let serviceSideParticipants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +// some participants don't have startTime, we use callStartTime instead. +| extend ParticipantStartTime = coalesce(ParticipantStartTime, CallStartTime) +| extend ParticipantEndTime = coalesce(ParticipantStartTime + 1s*ParticipantDuration, ParticipantStartTime + 10ms) +| extend EndReason=case( + ParticipantEndReason == "0", "Success", + ParticipantEndReason == "100","Trying", + ParticipantEndReason == "180","Ringing", + ParticipantEndReason == "181","Call Is Being Forwarded", + ParticipantEndReason == "182","Queued", + ParticipantEndReason == "183","Session Progress", + ParticipantEndReason == "199","Early Dialog Terminated", + ParticipantEndReason == "200","Success", + ParticipantEndReason == "202","Accepted", + ParticipantEndReason == "204","No Notification", + ParticipantEndReason == "300","Multiple Choices", + ParticipantEndReason == "301","Moved Permanently", + ParticipantEndReason == "302","Moved Temporarily", + ParticipantEndReason == "305","Use Proxy", + ParticipantEndReason == "380","Alternative Service", + ParticipantEndReason == "400","Bad Request", + ParticipantEndReason == "401","Unauthorized", + ParticipantEndReason == "402","Payment Required", + ParticipantEndReason == "403","Forbidden / Authentication failure", + ParticipantEndReason == "404","Call not found", + ParticipantEndReason == "405","Method Not Allowed", + ParticipantEndReason == "406","Not Acceptable", + ParticipantEndReason == "407","Proxy Authentication Required", + ParticipantEndReason == "408","Call controller timed out", + ParticipantEndReason == "409","Conflict", + ParticipantEndReason == "410","Local media stack or media infrastructure error", + ParticipantEndReason == "411","Length Required", + ParticipantEndReason == "412","Conditional Request Failed", + ParticipantEndReason == "413","Request Entity Too Large", + ParticipantEndReason == "414","Request-URI Too Large", + ParticipantEndReason == "415","Unsupported Media Type", + ParticipantEndReason == "416","Unsupported URI Scheme", + ParticipantEndReason == "417","Unknown Resource-Priority", + ParticipantEndReason == "420","Bad Extension", + ParticipantEndReason == "421","Extension Required", + ParticipantEndReason == "422","Session Interval Too Small", + ParticipantEndReason == "423","Interval Too Brief", + ParticipantEndReason == "424","Bad Location Information", + ParticipantEndReason == "428","Use Identity Header", + ParticipantEndReason == "429","Provide Referrer Identity", + ParticipantEndReason == "430","Unable to deliver message to client application", + ParticipantEndReason == "433","Anonymity Disallowed", + ParticipantEndReason == "436","Bad Identity-Info", + ParticipantEndReason == "437","Unsupported Certificate", + ParticipantEndReason == "438","Invalid Identity Header", + ParticipantEndReason == "439","First Hop Lacks Outbound Support", + ParticipantEndReason == "440","Max-Breadth Exceeded", + ParticipantEndReason == "469","Bad Info Package", + ParticipantEndReason == "470","Consent Needed", + ParticipantEndReason == "480","Remote client endpoint not registered", + ParticipantEndReason == "481","Failed to handle incoming call", + ParticipantEndReason == "482","Loop Detected", + ParticipantEndReason == "483","Too Many Hops", + ParticipantEndReason == "484","Address Incomplete", + ParticipantEndReason == "485","Ambiguous", + ParticipantEndReason == "486","Busy Here", + ParticipantEndReason == "487","Call canceled, locally declined, ended due to an endpoint mismatch issue, or failed to generate media offer", + ParticipantEndReason == "488","Not Acceptable Here", + ParticipantEndReason == "489","Bad Event", + ParticipantEndReason == "490","Local endpoint network issues", + ParticipantEndReason == "491","Local endpoint network issues", + ParticipantEndReason == "493","Undecipherable", + ParticipantEndReason == "494","Security Agreement Required", + ParticipantEndReason == "496","Local endpoint network issues", + ParticipantEndReason == "497","Local endpoint network issues", + ParticipantEndReason == "498","Local endpoint network issues", + ParticipantEndReason == "500","Communication Services infrastructure error", + ParticipantEndReason == "501","Not Implemented", + ParticipantEndReason == "502","Bad Gateway", + ParticipantEndReason == "503","Communication Services infrastructure error", + ParticipantEndReason == "504","Communication Services infrastructure error", + ParticipantEndReason == "505","Version Not Supported", + ParticipantEndReason == "513","Message Too Large", + ParticipantEndReason == "555","Push Notification Service Not Supported", + ParticipantEndReason == "580","Precondition Failure", + ParticipantEndReason == "600","Busy Everywhere", + ParticipantEndReason == "603","Call globally declined by remote Communication Services participant", + ParticipantEndReason == "604","Does Not Exist Anywhere", + ParticipantEndReason == "606","Not Acceptable", + ParticipantEndReason == "607","Unwanted", + ParticipantEndReason == "608","Rejected", "") +| extend Rank = iff(isempty(ParticipantId) and CallType == 'P2P' and EndpointType == 'VoIP', -1, 1) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId +| extend CallDroppedUngracefully = ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580') +| project + ParentEntityId = CorrelationId, + ParentEntityType = 'Call', + EntityType = 'Participant', + EntityId = ParticipantId, + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=ParticipantDuration, + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityPayload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'Identifier', Identifier, + 'EndpointId', EndpointId, + 'ParticipantType', ParticipantType, + 'EndpointType', EndpointType, + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion, + 'PstnParticipantCallType', PstnParticipantCallType + ), + Insights_HasIssues = CallDroppedUngracefully, + Insights_Payload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'ParticipantId', ParticipantId, + 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank); +// +let clientSideParticipants = materialize(ACSCallClientOperations +| where ParticipantId in (participants) or CallId == queryConditions_callId +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp), OperationName)), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(CallId, *) by OperationId +| where isnotempty(ParticipantId) +| extend OS = parse_user_agent(UserAgent, 'os').OperatingSystem +| extend OsVersion = strcat(OS.Family, OS.MajorVersion,'.', OS.MinorVersion) +| project OperationId, ParticipantId, CallId, CallClientTimeStamp, OperationName, OperationPayload, OsVersion, SdkVersion, ResultSignature, ResultType +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged), + isUFD = OperationName == 'UserFacingDiagnostics' +| extend + ResultType = iff(isUFD, iff(UFDQuality != 'Good' and not(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted")), 'Failed', 'Succeeded'), ResultType), + CallDroppedUngracefully = iff(OperationName in ('Hangup', 'EnterCall', 'Join'), ResultType !in ('Succeeded', 'Success', 'ExpectedError'), False), + ParticipantStartTime = iff(OperationName == 'EnterCall', CallClientTimeStamp, datetime(null)), + ParticipantEndTime = iff(OperationName == 'Hangup', CallClientTimeStamp, datetime(null)) +| summarize hint.strategy = shuffle arg_max(CallId, *), ResultType = iff(countif(ResultType == 'Failed') > 0, 'Failed', 'Succeeded'), + CallDroppedUngracefully = countif(CallDroppedUngracefully) > 0, + ParticipantStartTimeApprox = min(CallClientTimeStamp), + ParticipantEndTimeApprox = max(CallClientTimeStamp) by ParticipantId +| extend + ParticipantStartTime = coalesce(ParticipantStartTime, ParticipantStartTimeApprox), + ParticipantEndTime = coalesce(ParticipantEndTime, ParticipantEndTimeApprox) +| project + ParentEntityId = queryConditions_callId, + ParentEntityType = 'Call', + EntityId = ParticipantId, + EntityType = 'Participant', + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=tolong((ParticipantEndTime - ParticipantStartTime)/1s), + EntityPayload = bag_pack( + 'ParticipantType', 'ACS', + 'EndpointType', 'VoIP', + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion + ), + Insights_HasIssues = ResultType == 'Failed', + Insights_Payload = bag_pack('ParticipantId', ParticipantId, 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank = 0); +// Merge participantEntities from service side and client side, and if the participant exists in both sides, we take the one with higher Rank. +union serviceSideParticipants, clientSideParticipants +| summarize hint.strategy = shuffle arg_max(Rank, *), EntityPayload_Merged = make_bag(EntityPayload), + Insights_Payload_Merged = make_bag(Insights_Payload), + Insights_HasIssues_Merged = countif(Insights_HasIssues) > 0 by EntityId +| order by Rank +| project + ParentEntityId, + ParentEntityType, + EntityId, + EntityType, + EntityDisplayName, + EntityStartTime, + EntityEndTime, + EntityDuration, + EntityPayload = EntityPayload_Merged, + Insights_HasIssues = Insights_HasIssues_Merged, + Insights_Payload = Insights_Payload_Merged +``` + diff --git a/articles/azure-monitor/reference/queries/acscallrecordingincomingoperations.md b/articles/azure-monitor/reference/queries/acscallrecordingincomingoperations.md new file mode 100644 index 0000000000..3f5034360d --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallrecordingincomingoperations.md @@ -0,0 +1,103 @@ +--- +title: Example log table queries for ACSCallRecordingIncomingOperations +description: Example queries for ACSCallRecordingIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallRecordingIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Call Recording operations + + +Returns all distinct combinations of call recording operation and version pairs. + +```query +ACSCallRecordingIncomingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Calculate Call Recording operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each call recording operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSCallRecordingIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 +``` + + + +### Top 5 IP addresses per Call Recording operation + + +For every call recording operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSCallRecordingIncomingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### Call Recording operational errors + + +List every call recording error ordered by recency. + +```query +ACSCallRecordingIncomingOperations +| where ResultType == "Failure" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature +| order by TimeGenerated desc +| limit 100 +``` + + + +### Call Recording operation result counts + + +For every call recording operation, count the types of returned results. + +```query +ACSCallRecordingIncomingOperations +| summarize Count = count() by OperationName, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + + + +### Call Recording logs by ID + + +Queries Call Recording logs for a particular call connection ID or correlation ID. + +```query +ACSCallRecordingIncomingOperations +//| where CorrelationId == "" // This can be uncommented to filter on a specific correlation ID +//| where CallConnectionId == "" // This can be uncommented to filter on a specific call connection ID +| project CorrelationId, CallConnectionId, OperationName, OperationVersion +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/acscallrecordingsummary.md b/articles/azure-monitor/reference/queries/acscallrecordingsummary.md new file mode 100644 index 0000000000..118cf58477 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallrecordingsummary.md @@ -0,0 +1,118 @@ +--- +title: Example log table queries for ACSCallRecordingSummary +description: Example queries for ACSCallRecordingSummary log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallRecordingSummary table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Call Recording duration histogram + + +Produces a histogram of call recording durations in seconds. + +```query +ACSCallRecordingSummary +| distinct RecordingId, RecordingLength +// Count call duration bins (60 second intervals) +| summarize duration_counts=count() by bin(RecordingLength, 6000) +| order by RecordingLength asc +| render columnchart with (xcolumn = RecordingLength, title="Recording duration histogram") +``` + + + +### Call Recording duration percentiles + + +Calculates the average call recording duration in seconds, as well as the 50%, 90%, and 99% call duration percentiles. + +```query +ACSCallRecordingSummary +// Get the distinct combinations of RecordingId, RecordingLength +| distinct RecordingId, RecordingLength +// Calculate average and percentiles (50%, 90%, and 99%) of call durations (in seconds) +| summarize avg(RecordingLength), percentiles(RecordingLength, 50, 90, 99) +``` + + + +### Call Recording's end reason ratio + + +Produces a pie chart of the proportion of call recording's end reason. + +```query +ACSCallRecordingSummary +// Count distinct calls (dcount(CorrelationId)) per call type +| summarize call_types=dcount(RecordingId) by RecordingEndReason +| render piechart title="Recording End Reason Ratio" +``` + + + +### Daily Call Recordings + + +Produces a histogram of recordings made per day in the last week. + +```query +ACSCallRecordingSummary +// To filter out recordings made over a week ago, uncomment the next line +// | where TimeGenerated > ago(7d) +// Get the distinct combinations of RecordingId and CallStartTime +| distinct RecordingId, TimeGenerated +// Adds a new column with the call start day +| extend day = floor(TimeGenerated, 1d) +// Count the number of calls per day +| summarize event_count=count() by day +| sort by day asc +| render columnchart title="Number of recordings per day" +``` + + + +### Hourly Call Recordings + + +Produces a histogram of recordings made per hour in the last day. + +```query + ACSCallRecordingSummary + // To filter out recordings made over a day ago, uncomment the next line + | where TimeGenerated > ago(1d) + // Get the distinct combinations of RecordingId and TimeGenerated + | distinct RecordingId, TimeGenerated + // Adds a new column with the call start hour + | extend hour = floor(TimeGenerated, 1h) + // Count the number of calls per hour + | summarize event_count=count() by hour + | sort by hour asc + | render columnchart title="Number of recordings per hour in last day" +``` + + + +### Call Recording's mode ratio + + +Produces a pie chart of the proportion of recording modes (content/format types). + +```query +ACSCallRecordingSummary +| summarize count() by ContentType, FormatType +| extend ContentFormat = strcat(ContentType, "/", FormatType) +| project ContentFormat, count_ +| render piechart title="Recording by mode (content/format types)" +``` + diff --git a/articles/azure-monitor/reference/queries/acscallsummary.md b/articles/azure-monitor/reference/queries/acscallsummary.md new file mode 100644 index 0000000000..5f42da8a09 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallsummary.md @@ -0,0 +1,833 @@ +--- +title: Example log table queries for ACSCallSummary +description: Example queries for ACSCallSummary log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallSummary table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Participants per call + + +Calculates the average number of participants per call. + +```query +ACSCallSummary +// Get the distinct participants in a call +| distinct CorrelationId, ParticipantId, EndpointId +// Count the participants and distinct calls +| summarize num_participants=count(), num_calls=dcount(CorrelationId) +// Calculate the average number of distinct participants per call +| extend avg_participants = toreal(num_participants) / toreal(num_calls) +| project num_participants, num_calls, avg_participants +``` + + + +### Participant Phone Numbers + + +Lists the phone numbers of the participants in the call. (Phone numbers come from ACSBillingUsage table). + +```query +ACSCallSummary +// Get the calls with CallType as Group +| where CallType == 'Group' +| project CorrelationId, ParticipantId, ParticipantStartTime, ParticipantDuration, EndpointType, CallType, CallStartTime, PstnParticipantCallType +// Join with ACSBillingUsage data on ParticipantId +| join kind=leftouter (ACSBillingUsage + | where isnotempty(ParticipantId) + | project ParticipantId, UserIdA, UserIdB, StartTime, Quantity) + on ParticipantId +// Combine with calls of CallType P2P +| union (ACSCallSummary +| where CallType == 'P2P' +| project CorrelationId, ParticipantId, ParticipantStartTime, ParticipantDuration, EndpointType, CallType, CallStartTime, PstnParticipantCallType +// Join with ACSBillingUsage data on CorrelationId +| join kind=leftouter (ACSBillingUsage + | where isnotempty(ParticipantId) + | project CorrelationId, ParticipantId, UserIdA, UserIdB, StartTime, Quantity) + on CorrelationId) +| order by CallStartTime, ParticipantStartTime +``` + + + +### Participants per group call + + +Produces a histogram of the number of participants in group calls. + +```query +ACSCallSummary +// Filter out all P2P calls to calculate only participants in Group calls +| where CallType == 'Group' +// Get the distinct participants in a call +| distinct CorrelationId, ParticipantId +// Count the number of participants per call +| summarize num_participants=count() by CorrelationId +// Aggregate the numbers of participants per call (e.g. if there are three calls +// with 5 participants, this will produce a row [num_participants=5, participant_counts=3]) +| summarize participant_counts=count() by num_participants +| order by num_participants asc +| render columnchart with (xcolumn = num_participants, title="Number of participants per group call") +``` + + + +### Call type ratio + + +Produces a pie chart of the proportion of call types (P2P and group calls). + +```query +ACSCallSummary +// Count distinct calls (dcount(CorrelationId)) per call type +| summarize call_types=dcount(CorrelationId) by CallType +| render piechart title="Call Type Ratio" +``` + + + +### Call duration histogram + + +Produces a histogram of call durations in seconds. + +```query +ACSCallSummary +// Get the distinct combinations of CorrelationId, CallDuration +| distinct CorrelationId, CallDuration +// Count call duration bins (60 second intervals) +| summarize duration_counts=count() by bin(CallDuration, 60) +| order by CallDuration asc +| render columnchart with (xcolumn = CallDuration, title="Call duration histogram") +``` + + + +### Call duration percentiles + + +Calculates the average call duration in seconds, as well as the 50%, 90%, and 99% call duration percentiles. + +```query +ACSCallSummary +// Get the distinct combinations of CorrelationId, CallDuration +| distinct CorrelationId, CallDuration +// Calculate average and percentiles (50%, 90%, and 99%) of call durations (in seconds) +| summarize avg(CallDuration), percentiles(CallDuration, 50, 90, 99) +``` + + + +### Daily calls + + +Produces a histogram of calls made per day in the last week. + +```query +ACSCallSummary +// To filter out calls made over a week ago, uncomment the next line +// | where CallStartTime > ago(7d) +// Get the distinct combinations of CorrelationId and CallStartTime +| distinct CorrelationId, CallStartTime +// Adds a new column with the call start day +| extend day = floor(CallStartTime, 1d) +// Count the number of calls per day +| summarize event_count=count() by day +| sort by day asc +| render columnchart title="Number of calls per day" +``` + + + +### Hourly calls + + +Produces a histogram of calls made per hour in the last day. + +```query +ACSCallSummary +// Get the distinct combinations of CorrelationId and CallStartTime +| distinct CorrelationId, CallStartTime +// Adds a new column with the call start hour +| extend hour = floor(CallStartTime, 1h) +// Count the number of calls per hour +| summarize event_count=count() by hour +| sort by hour asc +| render columnchart title="Number of calls per hour in last day" +``` + + + +### Endpoints per call + + +Calculates the average number of distinct endpoints per call. + +```query +ACSCallSummary +// Get the distinct combinations of CorrelationId and EndpointId +| distinct CorrelationId, EndpointId +// Count all endpoints and distinct calls +| summarize num_endpoints=count(), num_calls=dcount(CorrelationId) +// Calculate the average number of distinct endpoints per call +| extend avg_endpoints = toreal(num_endpoints) / toreal(num_calls) +| project num_endpoints, num_calls, avg_endpoints +``` + + + +### SDK version ratio + + +Produces a pie chart of the proportion of SDK versions used by participants. + +```query +ACSCallSummary +// Get the distinct participants in a call +| distinct CorrelationId, ParticipantId, EndpointId, SdkVersion +// Count participants that are using a particular SDK +| summarize sdk_counts=count() by SdkVersion +| order by SdkVersion asc +| render piechart title="SDK Version Ratio" + +``` + + + +### OS version ratio + + +Produces a pie chart of the proportion of OS versions used by participants. + +```query +ACSCallSummary +// Get the distinct participants in a call +| distinct CorrelationId, ParticipantId, EndpointId, OsVersion +// Simplified OS version name by searching for a specific OS keyword +// and performs a different string split operation per OS type +| extend simple_os = case( indexof(OsVersion, "Android") != -1, tostring(split(OsVersion, ";")[0]), + indexof(OsVersion, "Darwin") != -1, tostring(split(OsVersion, ":")[0]), + indexof(OsVersion, "Windows") != -1, tostring(split(OsVersion, ".")[0]), + OsVersion + ) +// Count the participants that are using a particular OS version +| summarize os_counts=count() by simple_os +| order by simple_os asc +| render piechart title="OS Version Ratio" +``` + + + +### CallSummary log for CallAutomation API call + + +Queries the summary log for a call which was interacted with by Call Automation API using correlation ID. + +```query +ACSCallAutomationIncomingOperations +//| where CorrelationId == "" // This can be uncommented to filter on a specific correlation ID +| join kind=inner + (ACSCallSummary) + on CorrelationId +| limit 100 + +``` + + + +### Search calls by keyword + + +List all calls found that contains the keyword, and returns the details of the call including rating, quality, issues breakdown etc. This query is also used in Call Diagnostics to search for calls. + +```query +// Set queryConditions_keyword to be the searching keyword. It can be CallId, ParticipantId, +// Identifier or any other column values in ACSCallSummary log. If not set, the query will return all calls. +// Note this query is also used to provide the data in Call Diagnostics. +declare query_parameters(queryConditions_keyword:string = '', + queryConditions_startTime:string = '', + queryConditions_endTime:string = ''); +let callIds = +materialize(ACSCallSummary +| where isempty(queryConditions_startTime) or CallStartTime >= todatetime(queryConditions_startTime) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where isempty(queryConditions_endTime) or CallEndTime <= todatetime(queryConditions_endTime) +| where isempty(queryConditions_keyword) or * contains queryConditions_keyword +| distinct CorrelationId, ParticipantId); +let searchedCalls = +materialize(ACSCallSummary +| where CorrelationId in ((callIds | project CorrelationId)) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle CallStartTime = take_any(CallStartTime), CallEndTime = take_any(CallEndTime), CallType = take_any(CallType), +numOfDroppedParticipant = count_distinctif(ParticipantId, ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580')) by CorrelationId); +// client type +let allParticipants = materialize(ACSCallSummary +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where CorrelationId in ((callIds | project CorrelationId)) +| union (ACSCallClientOperations +| where CallId in ((callIds | project CorrelationId)) +| where isnotempty(ParticipantId) +| distinct ParticipantId, CorrelationId = CallId, EndpointType = 'VoIP') +| summarize hint.strategy = shuffle take_any(EndpointType) by ParticipantId, CorrelationId); +let clientTypeInfo = materialize(allParticipants +| summarize hint.strategy = shuffle count() by EndpointType, CorrelationId +| extend info = strcat(count_, ' ', EndpointType) +| summarize hint.strategy = shuffle summaryInfo = make_list(info, 100) by CorrelationId +| extend ClientType = strcat_array(summaryInfo, ', ') +| project CorrelationId, ClientType); +let totalNumOfParticipants = materialize(allParticipants | summarize hint.strategy = shuffle participantsCount = dcount(ParticipantId) by CorrelationId); +// quality +let qualityInfo = materialize(ACSCallDiagnostics +| where CorrelationId in ((callIds | project CorrelationId)) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where isnotempty(StreamId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId, StreamId +| extend + MediaType = iff(MediaType == 'VBSS', 'ScreenSharing', MediaType) | extend + __JitterQuality = iff(JitterAvg > 30, "Poor", "Good"), + __JitterBufferQuality = iff(JitterBufferSizeAvg > 200, "Poor", "Good"), + __PacketLossRateQuality = iff(PacketLossRateAvg > 0.1, "Poor", "Good"), + __RoundTripTimeQuality = iff(RoundTripTimeAvg > 500, "Poor", "Good"), + __HealedDataRatioQuality = iff(HealedDataRatioAvg > 0.1, "Poor", "Good"), + __VideoFrameRateQuality = iff((VideoFrameRateAvg < 1 and MediaType == 'ScreenSharing') or + (VideoFrameRateAvg < 7 and MediaType == 'Video'), "Poor", "Good"), + __FreezesQuality = iff((RecvFreezeDurationPerMinuteInMs > 25000 and MediaType == 'ScreenSharing') or + (RecvFreezeDurationPerMinuteInMs > 6000 and MediaType == 'Video'), "Poor", "Good"), + __VideoResolutionHeightQuality = iff((RecvResolutionHeight < 768 and MediaType == 'ScreenSharing') or + (RecvResolutionHeight < 240 and MediaType == 'Video'), "Poor", "Good") +| extend + __StreamQuality = iff( + (__JitterQuality == "Poor") + or (__JitterBufferQuality == "Poor") + or (__PacketLossRateQuality == "Poor") + or (__RoundTripTimeQuality == "Poor") + or (__HealedDataRatioQuality == "Poor") + or (__VideoFrameRateQuality == "Poor") + or (__FreezesQuality == "Poor") + or (__VideoResolutionHeightQuality == "Poor"), + "Poor", "Good"), + MediaDirection = iff(EndpointType == 'Server', 'InboundStream', 'OutboundStream') +| summarize hint.strategy = shuffle numOfPoorStreams = countif(__StreamQuality == 'Poor') by CorrelationId +| extend Quality = iff(numOfPoorStreams >0, 'Poor', 'Good') | project Quality, numOfPoorStreams, CorrelationId); +// rating +let ratingInfo = materialize(ACSCallSurvey +| where CallId in ((callIds | project CorrelationId)) +| extend OverallRatingScoreUpperBound = iff(isnotempty(OverallRatingScoreUpperBound), OverallRatingScoreUpperBound, 5) +| summarize hint.strategy = shuffle Rating = avg(OverallRatingScore*5.0/OverallRatingScoreUpperBound) by CallId +| project CorrelationId=CallId, Rating); +// client operation issues +let rangeEventsWithCorrelation = dynamic(['UserFacingDiagnostics']); +let pointEvents = dynamic([ +'SelectedMicrophoneChanged', 'SelectedSpeakerChanged', 'OptimalVideoCount-changed', 'State-changed', 'CallMode-changed', +'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'Id-changed', 'Role-changed', 'SelectedDevice-changed', 'PageHidden', +'optimalVideoCount-changed', 'state-changed', 'callMode-changed', 'isMuted-changed', 'isIncomingAudioMuted-changed', +'id-changed', 'role-changed', 'selectedDevice-changed', 'pageHidden']); +// We need clientIds to get all operations before call is established. +let callClientIds = materialize(ACSCallClientOperations +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) +| distinct ClientInstanceId, ParticipantId, CallId); +// +let allOperations = +materialize(callClientIds | join kind=rightouter hint.strategy=shuffle +(ACSCallClientOperations +| where isempty(queryConditions_startTime) or CallClientTimeStamp >= (todatetime(queryConditions_startTime) - 2h) +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) or ClientInstanceId in ((callClientIds | project ClientInstanceId)) +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp)) +on ClientInstanceId +| extend ParticipantId = coalesce(ParticipantId, ParticipantId1), CallId = coalesce(CallId, CallId1) +| project-away ParticipantId1, ClientInstanceId1, CallId1 +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallClientTimeStamp); +// +let correlatedOperations = materialize(allOperations +| where OperationName in (rangeEventsWithCorrelation) +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| extend OperationPayloadNew = bag_pack(tostring(CallClientTimeStamp), OperationPayload) +| project-away ResultType +| summarize hint.strategy = shuffle + arg_max(TimeGenerated, *), ResultType = iff(countif(UFDQuality != 'Good')>0, 'Failed', 'Succeeded'), + OperationStartTime = min(CallClientTimeStamp), OperationEndTime = max(CallClientTimeStamp), + OperationPayloadPacked = make_bag(OperationPayloadNew) by OperationId, UFDType, CallId +| extend ResultType = iff(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted"), 'Succeeded', ResultType), OperationName = UFDType +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +// +let nonCorrelatedOperations = materialize(allOperations +| where OperationName !in (rangeEventsWithCorrelation) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp))), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallId +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +let clientOperationIssues = +materialize(union nonCorrelatedOperations, correlatedOperations +| summarize hint.strategy = shuffle numOfBadOperations=count() by OperationName, CallId +| extend badClientOperations = bag_pack(OperationName, numOfBadOperations) +| summarize hint.strategy = shuffle badClientOperations = make_bag(badClientOperations), numOfBadOperations = sum(numOfBadOperations) by CorrelationId=CallId); +//// +searchedCalls +| join kind=leftouter hint.strategy=shuffle clientTypeInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle qualityInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle ratingInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle clientOperationIssues on CorrelationId +| join kind=leftouter hint.strategy=shuffle totalNumOfParticipants on CorrelationId +| extend numOfPoorStreams = coalesce(numOfPoorStreams, 0) +| extend + drops=bag_pack('Call Ended Ungracefully',numOfDroppedParticipant), + badMediaStreams = bag_pack('Poor Media Streams', numOfPoorStreams), + Issues = coalesce(numOfBadOperations, 0) + numOfDroppedParticipant + numOfPoorStreams +| extend + IssuesBreakdown=bag_merge(drops, badClientOperations, badMediaStreams) +| project + CallId=CorrelationId, CallStartTime, CallEndTime, CallType, + Participants=participantsCount, ClientType, + Quality=iff(isempty(Quality), 'Unknown', Quality), + Rating=case(isempty(Rating), 'Unknown', Rating>=4.5, 'Good', Rating >=3, 'Average', 'Poor'), + NumOfDroppedParticipant = numOfDroppedParticipant, + NumOfPoorStreams = numOfPoorStreams, + Issues, IssuesBreakdown +| order by CallStartTime desc +``` + + + +### Search all participants in a call + + +Find all participants in a call by callId, and return the details of the participants.This query is also used in Call Diagnostics to search for participants. + +```query +// Set queryConditions_callId to be the CallId you want to query. +// Note this query is used in Call Diagnostics to get all the participant entities of a call. +declare query_parameters(queryConditions_callId:string = ''); +let participants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +| where ParticipantId != CorrelationId and isnotempty(ParticipantId) +| distinct ParticipantId, CallType); +let serviceSideParticipants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +// some participants don't have startTime, we use callStartTime instead. +| extend ParticipantStartTime = coalesce(ParticipantStartTime, CallStartTime) +| extend ParticipantEndTime = coalesce(ParticipantStartTime + 1s*ParticipantDuration, ParticipantStartTime + 10ms) +| extend EndReason=case( + ParticipantEndReason == "0", "Success", + ParticipantEndReason == "100","Trying", + ParticipantEndReason == "180","Ringing", + ParticipantEndReason == "181","Call Is Being Forwarded", + ParticipantEndReason == "182","Queued", + ParticipantEndReason == "183","Session Progress", + ParticipantEndReason == "199","Early Dialog Terminated", + ParticipantEndReason == "200","Success", + ParticipantEndReason == "202","Accepted", + ParticipantEndReason == "204","No Notification", + ParticipantEndReason == "300","Multiple Choices", + ParticipantEndReason == "301","Moved Permanently", + ParticipantEndReason == "302","Moved Temporarily", + ParticipantEndReason == "305","Use Proxy", + ParticipantEndReason == "380","Alternative Service", + ParticipantEndReason == "400","Bad Request", + ParticipantEndReason == "401","Unauthorized", + ParticipantEndReason == "402","Payment Required", + ParticipantEndReason == "403","Forbidden / Authentication failure", + ParticipantEndReason == "404","Call not found", + ParticipantEndReason == "405","Method Not Allowed", + ParticipantEndReason == "406","Not Acceptable", + ParticipantEndReason == "407","Proxy Authentication Required", + ParticipantEndReason == "408","Call controller timed out", + ParticipantEndReason == "409","Conflict", + ParticipantEndReason == "410","Local media stack or media infrastructure error", + ParticipantEndReason == "411","Length Required", + ParticipantEndReason == "412","Conditional Request Failed", + ParticipantEndReason == "413","Request Entity Too Large", + ParticipantEndReason == "414","Request-URI Too Large", + ParticipantEndReason == "415","Unsupported Media Type", + ParticipantEndReason == "416","Unsupported URI Scheme", + ParticipantEndReason == "417","Unknown Resource-Priority", + ParticipantEndReason == "420","Bad Extension", + ParticipantEndReason == "421","Extension Required", + ParticipantEndReason == "422","Session Interval Too Small", + ParticipantEndReason == "423","Interval Too Brief", + ParticipantEndReason == "424","Bad Location Information", + ParticipantEndReason == "428","Use Identity Header", + ParticipantEndReason == "429","Provide Referrer Identity", + ParticipantEndReason == "430","Unable to deliver message to client application", + ParticipantEndReason == "433","Anonymity Disallowed", + ParticipantEndReason == "436","Bad Identity-Info", + ParticipantEndReason == "437","Unsupported Certificate", + ParticipantEndReason == "438","Invalid Identity Header", + ParticipantEndReason == "439","First Hop Lacks Outbound Support", + ParticipantEndReason == "440","Max-Breadth Exceeded", + ParticipantEndReason == "469","Bad Info Package", + ParticipantEndReason == "470","Consent Needed", + ParticipantEndReason == "480","Remote client endpoint not registered", + ParticipantEndReason == "481","Failed to handle incoming call", + ParticipantEndReason == "482","Loop Detected", + ParticipantEndReason == "483","Too Many Hops", + ParticipantEndReason == "484","Address Incomplete", + ParticipantEndReason == "485","Ambiguous", + ParticipantEndReason == "486","Busy Here", + ParticipantEndReason == "487","Call canceled, locally declined, ended due to an endpoint mismatch issue, or failed to generate media offer", + ParticipantEndReason == "488","Not Acceptable Here", + ParticipantEndReason == "489","Bad Event", + ParticipantEndReason == "490","Local endpoint network issues", + ParticipantEndReason == "491","Local endpoint network issues", + ParticipantEndReason == "493","Undecipherable", + ParticipantEndReason == "494","Security Agreement Required", + ParticipantEndReason == "496","Local endpoint network issues", + ParticipantEndReason == "497","Local endpoint network issues", + ParticipantEndReason == "498","Local endpoint network issues", + ParticipantEndReason == "500","Communication Services infrastructure error", + ParticipantEndReason == "501","Not Implemented", + ParticipantEndReason == "502","Bad Gateway", + ParticipantEndReason == "503","Communication Services infrastructure error", + ParticipantEndReason == "504","Communication Services infrastructure error", + ParticipantEndReason == "505","Version Not Supported", + ParticipantEndReason == "513","Message Too Large", + ParticipantEndReason == "555","Push Notification Service Not Supported", + ParticipantEndReason == "580","Precondition Failure", + ParticipantEndReason == "600","Busy Everywhere", + ParticipantEndReason == "603","Call globally declined by remote Communication Services participant", + ParticipantEndReason == "604","Does Not Exist Anywhere", + ParticipantEndReason == "606","Not Acceptable", + ParticipantEndReason == "607","Unwanted", + ParticipantEndReason == "608","Rejected", "") +| extend Rank = iff(isempty(ParticipantId) and CallType == 'P2P' and EndpointType == 'VoIP', -1, 1) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId +| extend CallDroppedUngracefully = ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580') +| project + ParentEntityId = CorrelationId, + ParentEntityType = 'Call', + EntityType = 'Participant', + EntityId = ParticipantId, + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=ParticipantDuration, + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityPayload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'Identifier', Identifier, + 'EndpointId', EndpointId, + 'ParticipantType', ParticipantType, + 'EndpointType', EndpointType, + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion, + 'PstnParticipantCallType', PstnParticipantCallType + ), + Insights_HasIssues = CallDroppedUngracefully, + Insights_Payload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'ParticipantId', ParticipantId, + 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank); +// +let clientSideParticipants = materialize(ACSCallClientOperations +| where ParticipantId in (participants) or CallId == queryConditions_callId +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp), OperationName)), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(CallId, *) by OperationId +| where isnotempty(ParticipantId) +| extend OS = parse_user_agent(UserAgent, 'os').OperatingSystem +| extend OsVersion = strcat(OS.Family, OS.MajorVersion,'.', OS.MinorVersion) +| project OperationId, ParticipantId, CallId, CallClientTimeStamp, OperationName, OperationPayload, OsVersion, SdkVersion, ResultSignature, ResultType +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged), + isUFD = OperationName == 'UserFacingDiagnostics' +| extend + ResultType = iff(isUFD, iff(UFDQuality != 'Good' and not(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted")), 'Failed', 'Succeeded'), ResultType), + CallDroppedUngracefully = iff(OperationName in ('Hangup', 'EnterCall', 'Join'), ResultType !in ('Succeeded', 'Success', 'ExpectedError'), False), + ParticipantStartTime = iff(OperationName == 'EnterCall', CallClientTimeStamp, datetime(null)), + ParticipantEndTime = iff(OperationName == 'Hangup', CallClientTimeStamp, datetime(null)) +| summarize hint.strategy = shuffle arg_max(CallId, *), ResultType = iff(countif(ResultType == 'Failed') > 0, 'Failed', 'Succeeded'), + CallDroppedUngracefully = countif(CallDroppedUngracefully) > 0, + ParticipantStartTimeApprox = min(CallClientTimeStamp), + ParticipantEndTimeApprox = max(CallClientTimeStamp) by ParticipantId +| extend + ParticipantStartTime = coalesce(ParticipantStartTime, ParticipantStartTimeApprox), + ParticipantEndTime = coalesce(ParticipantEndTime, ParticipantEndTimeApprox) +| project + ParentEntityId = queryConditions_callId, + ParentEntityType = 'Call', + EntityId = ParticipantId, + EntityType = 'Participant', + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=tolong((ParticipantEndTime - ParticipantStartTime)/1s), + EntityPayload = bag_pack( + 'ParticipantType', 'ACS', + 'EndpointType', 'VoIP', + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion + ), + Insights_HasIssues = ResultType == 'Failed', + Insights_Payload = bag_pack('ParticipantId', ParticipantId, 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank = 0); +// Merge participantEntities from service side and client side, and if the participant exists in both sides, we take the one with higher Rank. +union serviceSideParticipants, clientSideParticipants +| summarize hint.strategy = shuffle arg_max(Rank, *), EntityPayload_Merged = make_bag(EntityPayload), + Insights_Payload_Merged = make_bag(Insights_Payload), + Insights_HasIssues_Merged = countif(Insights_HasIssues) > 0 by EntityId +| order by Rank +| project + ParentEntityId, + ParentEntityType, + EntityId, + EntityType, + EntityDisplayName, + EntityStartTime, + EntityEndTime, + EntityDuration, + EntityPayload = EntityPayload_Merged, + Insights_HasIssues = Insights_HasIssues_Merged, + Insights_Payload = Insights_Payload_Merged +``` + + + +### Search all client operations in a call + + +Find all client operations for all participants in a call by callId. This query is also used in Call Diagnostics to search for client operations. + +```query +// Replace queryConditions_callId with the callId you want to investigate. +declare query_parameters(queryConditions_callId:string = '00000000-0000-0000-0000-000000000000'); +let rangeEventsWithCorrelation = dynamic(['UserFacingDiagnostics']); +let pointEvents = dynamic([ +'SelectedMicrophoneChanged', 'SelectedSpeakerChanged', 'OptimalVideoCount-changed', 'State-changed', 'CallMode-changed', +'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'Id-changed', 'Role-changed', 'SelectedDevice-changed', 'PageHidden', +'optimalVideoCount-changed', 'state-changed', 'callMode-changed', 'isMuted-changed', 'isIncomingAudioMuted-changed', +'id-changed', 'role-changed', 'selectedDevice-changed', 'pageHidden']); +let participants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +| where ParticipantId != CorrelationId and isnotempty(ParticipantId) +| extend CallEndTime = CallStartTime + 1s*CallDuration +| distinct ParticipantId, CallStartTime, CallEndTime); +let OperationsTimestampLowerBound = max_of(toscalar(participants | summarize min(CallStartTime) | take 1) - 2h, ago(365d)); +let OperationsTimestampUpperBound = min_of(toscalar(participants | summarize max(CallEndTime) | take 1) + 2h, now()+365d); +// We need clientIds to get all operations before call is established. +let callClientIds = materialize(ACSCallClientOperations +| where ParticipantId in ((participants | project ParticipantId)) or CallId == queryConditions_callId +| distinct ClientInstanceId, ParticipantId); +// +let allOperations = +materialize(ACSCallClientOperations +| where CallClientTimeStamp between (OperationsTimestampLowerBound .. OperationsTimestampUpperBound) +| where ParticipantId in ((participants | project ParticipantId)) or CallId == queryConditions_callId or ClientInstanceId in ((callClientIds | project ClientInstanceId)) +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp) +| join kind=leftouter hint.strategy=shuffle callClientIds on ClientInstanceId +| extend ParticipantId = coalesce(ParticipantId, ParticipantId1) | project-away ParticipantId1, ClientInstanceId1 +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, OperationName, CallClientTimeStamp); +// +let correlatedOperations = materialize(allOperations +| where OperationName in (rangeEventsWithCorrelation) +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| extend OperationPayloadNew = bag_pack(tostring(CallClientTimeStamp), OperationPayload) +| project-away ResultType +// Make sure the UFD payload are aggregated in time-asc order. +| order by CallClientTimeStamp asc +| summarize hint.strategy = shuffle + arg_max(TimeGenerated, *), ResultType = iff(countif(UFDQuality != 'Good')>0, 'Failed', 'Succeeded'), + OperationStartTime = min(CallClientTimeStamp), OperationEndTime = max(CallClientTimeStamp), + OperationPayloadPacked = make_bag(OperationPayloadNew) by OperationId, UFDType +| extend + ResultType = iff(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted"), 'Succeeded', ResultType), + OperationEndTime = max_of(OperationEndTime, OperationStartTime+10ms) +| extend OperationPayload = todynamic(OperationPayload) +| extend UFDType = coalesce(tostring(OperationPayload.DiagnosticChanged), tostring(OperationPayload.diagnosticChanged)) +// Capitalize the first letter. +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)), substring(UFDType, 1)) +| extend parent_entity_type = case(OperationName has_any ('MuteMicrophone', 'UnmuteMicrophone', 'SelectedMicrophoneChanged', + 'SelectedSpeakerChanged', 'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'StopAudio'), + 'Audio', + // ADP can have both audio and video requested, so assign it to App + OperationName has_any ('State-changed', 'CallMode-changed', 'Id-changed', 'Role-changed', + 'SelectedDevice-changed', 'PageHidden', 'AcceptIncomingCall', 'RejectIncomingCall', 'Hangup', + 'AskDevicePermission', 'EnterCall', 'CallAgentInit'), + 'App', + OperationName has_any ('StartScreenShare', 'StopScreenShare'), + 'ScreenSharing', + OperationName has_any ('OptimalVideoCount-changed'), + 'Video', + OperationName has_any ('CreateView', 'DisposeView', 'StartVideo', 'StopVideo', 'SwitchSource'), + case( + tostring(OperationPayload.streamType) == 'Video', + 'Video', + tostring(OperationPayload.streamType) == 'ScreenSharing', + 'ScreenSharing', + tostring(OperationPayload.streamType) == 'RawMedia', + 'RawMedia', + 'Video' + ), + OperationName == 'UserFacingDiagnostics', + case( + UFDType contains 'Speak', + 'Audio', + UFDType contains 'microphone', + 'Audio', + UFDType contains 'camera', + 'Video', + UFDType contains 'capture', + 'Video', + UFDType contains 'screenshare', + 'ScreenSharing', + UFDType contains 'network', + 'Network', + 'App' + ), + 'App') +| project + ParentEntityId = strcat(ParticipantId, '-', parent_entity_type), + ParentEntityType = parent_entity_type, + OperationRoundtripId = OperationId, + OperationId = OperationId, + OperationName = OperationName, + OperationType = UFDType, + OperationStartTime, + OperationEndTime, + OperationDuration = DurationMs, + OperationDisplayName = UFDType, + OperationResultCode = toint(iff(ResultType !in ('Succeeded', 'Success', 'ExpectedError'), 500, 200)), + OperationResult = ResultType, + OperationPayload = OperationPayloadPacked, + Insights_HasIssues = ResultType !in ('Succeeded', 'Success', 'ExpectedError'), + ParticipantId, + UserAgent +| extend + Insights_Payload = bag_pack('ResultType', OperationResult, 'ResultSignature', OperationResultCode, 'userAgent', UserAgent, 'ParticipantId', ParticipantId), + ShowLabel = true +| project-away UserAgent); +// +let nonCorrelatedOperations = materialize(allOperations +| where OperationName !in (rangeEventsWithCorrelation) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp))), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId +| extend OperationPayload = todynamic(OperationPayload) +| extend UFDType = coalesce(tostring(OperationPayload.DiagnosticChanged), tostring(OperationPayload.diagnosticChanged)) +// Capitalize the first letter. +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)), substring(UFDType, 1)) +| extend parent_entity_type = case(OperationName has_any ('MuteMicrophone', 'UnmuteMicrophone', 'SelectedMicrophoneChanged', + 'SelectedSpeakerChanged', 'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'StopAudio'), + 'Audio', + // ADP can have both audio and video requested, so assign it to App + OperationName has_any ('State-changed', 'CallMode-changed', 'Id-changed', 'Role-changed', + 'SelectedDevice-changed', 'PageHidden', 'AcceptIncomingCall', 'RejectIncomingCall', 'Hangup', + 'AskDevicePermission', 'EnterCall', 'CallAgentInit'), + 'App', + OperationName has_any ('StartScreenShare', 'StopScreenShare'), + 'ScreenSharing', + OperationName has_any ('OptimalVideoCount-changed'), + 'Video', + OperationName has_any ('CreateView', 'DisposeView', 'StartVideo', 'StopVideo', 'SwitchSource'), + case( + tostring(OperationPayload.streamType) == 'Video', + 'Video', + tostring(OperationPayload.streamType) == 'ScreenSharing', + 'ScreenSharing', + tostring(OperationPayload.streamType) == 'RawMedia', + 'RawMedia', + 'Video' + ), + OperationName == 'UserFacingDiagnostics', + case( + UFDType contains 'Speak', + 'Audio', + UFDType contains 'microphone', + 'Audio', + UFDType contains 'camera', + 'Video', + UFDType contains 'capture', + 'Video', + UFDType contains 'screenshare', + 'ScreenSharing', + UFDType contains 'network', + 'Network', + 'App' + ), + 'App') +| project + ParentEntityId = strcat(ParticipantId, '-', parent_entity_type), + ParentEntityType = parent_entity_type, + OperationRoundtripId = OperationId, + OperationId = OperationId, + OperationName, + OperationType=OperationName, + OperationStartTime=CallClientTimeStamp, + OperationEndTime=iff(OperationName in (pointEvents), CallClientTimeStamp, CallClientTimeStamp + max_of(DurationMs, 10) * 1ms), + OperationDuration=DurationMs, + OperationDisplayName = OperationName, + OperationResultCode = ResultSignature, + OperationResult = ResultType, + OperationPayload, + Insights_HasIssues = ResultType !in ('Succeeded', 'Success', 'ExpectedError'), + Insights_Payload = bag_pack('ResultType', ResultType, 'ResultSignature', ResultSignature, 'userAgent', UserAgent, 'ParticipantId', ParticipantId), + ParticipantId, + ShowLabel = true); +let poorOperations = materialize((union nonCorrelatedOperations, correlatedOperations) + | where Insights_HasIssues + | extend + ParentEntityId = ParticipantId, + ParentEntityType = 'Participant', + OperationId = strcat('Participant-Issues-', OperationId), + GroupName = "lifeCycle", + ShowLabel = false); +union poorOperations, nonCorrelatedOperations, correlatedOperations +| project + ParentEntityId, + ParentEntityType, + OperationId, + OperationRoundtripId = OperationId, + OperationName, + OperationDisplayName, + OperationResultCode, + OperationResult, + OperationType, + OperationStartTime, + OperationEndTime, + OperationPayload, + Insights_HasIssues, + Insights_Payload +``` + diff --git a/articles/azure-monitor/reference/queries/acscallsurvey.md b/articles/azure-monitor/reference/queries/acscallsurvey.md new file mode 100644 index 0000000000..30fbfe2d1a --- /dev/null +++ b/articles/azure-monitor/reference/queries/acscallsurvey.md @@ -0,0 +1,521 @@ +--- +title: Example log table queries for ACSCallSurvey +description: Example queries for ACSCallSurvey log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSCallSurvey table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Overall call rating + + +Query the call survey data and show the overall call rating pie chart. + +```query +ACSCallSurvey +//Uncomment the conditions below if you use different rating scale for the same category, which is uncommon. +//| where isempty(OverallRatingScoreLowerBound) or OverallRatingScoreLowerBound >= 1 +//| where isempty(OverallRatingScoreUpperBound) or OverallRatingScoreUpperBound <= 5 +| summarize count() by tostring(OverallRatingScore) +| render piechart +``` + + + +### Audio rating + + +Query the call survey data and show the audio rating pie chart. + +```query +ACSCallSurvey +//Uncomment the conditions below if you use different rating scale for the same category, which is uncommon. +//| where isempty(AudioRatingScoreLowerBound) or AudioRatingScoreLowerBound >= 1 +//| where isempty(AudioRatingScoreUpperBound) or AudioRatingScoreUpperBound <= 5 +| summarize count() by tostring(AudioRatingScore) +| render piechart +``` + + + +### Video rating + + +Query the call survey data and show the video rating pie chart. + +```query +ACSCallSurvey +//Uncomment the conditions below if you use different rating scale for the same category, which is uncommon. +//| where isempty(VideoRatingScoreLowerBound) or VideoRatingScoreLowerBound >= 1 +//| where isempty(VideoRatingScoreUpperBound) or VideoRatingScoreUpperBound <= 5 +| summarize count() by tostring(VideoRatingScore) +| render piechart +``` + + + +### Screenshare rating + + +Query the call survey data and show the screenshare rating pie chart. + +```query +ACSCallSurvey +//Uncomment the conditions below if you use different rating scale for the same category, which is uncommon. +//| where isempty(ScreenshareRatingScoreLowerBound) or ScreenshareRatingScoreLowerBound >= 1 +//| where isempty(ScreenshareRatingScoreUpperBound) or ScreenshareRatingScoreUpperBound <= 5 +| summarize count() by tostring(ScreenshareRatingScore) +| render piechart +``` + + + +### Overall call issues + + +Query the call survey data and show the overall call issues column chart. + +```query +ACSCallSurvey +| where isempty(OverallCallIssues) == false +//Comma separated issues when multiple issues are reported +| project overall = split(OverallCallIssues, ',') +| mv-expand overall to typeof(string) +| summarize frequency=count() by overall +| render columnchart +``` + + + +### Audio issues + + +Query the call survey data and show the audio issues column chart. + +```query +ACSCallSurvey +| where isempty(AudioIssues) == false +//Comma separated issues when multiple issues are reported +| project audio = split(AudioIssues,',') +| mv-expand audio to typeof(string) +| summarize frequency=count() by audio +| render columnchart +``` + + + +### Video issues + + +Query the call survey data and show the video issues column chart. + +```query +ACSCallSurvey +| where isempty( VideoIssues ) == false +//Comma separated issues when multiple issues are reported +| project video = split(VideoIssues,',') +| mv-expand video to typeof(string) +| summarize frequency=count() by video +| render columnchart +``` + + + +### Screenshare issues + + +Query the call survey data and show the screen issues column chart. + +```query +ACSCallSurvey +| where isempty( ScreenshareIssues ) == false +//Comma separated issues when multiple issues are reported +| project screenshare = split(ScreenshareIssues,',') +| mv-expand screenshare to typeof(string) +| summarize frequency=count() by screenshare +| render columnchart +``` + + + +### Search calls by keyword + + +List all calls found that contains the keyword, and returns the details of the call including rating, quality, issues breakdown etc. This query is also used in Call Diagnostics to search for calls. + +```query +// Set queryConditions_keyword to be the searching keyword. It can be CallId, ParticipantId, +// Identifier or any other column values in ACSCallSummary log. If not set, the query will return all calls. +// Note this query is also used to provide the data in Call Diagnostics. +declare query_parameters(queryConditions_keyword:string = '', + queryConditions_startTime:string = '', + queryConditions_endTime:string = ''); +let callIds = +materialize(ACSCallSummary +| where isempty(queryConditions_startTime) or CallStartTime >= todatetime(queryConditions_startTime) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where isempty(queryConditions_endTime) or CallEndTime <= todatetime(queryConditions_endTime) +| where isempty(queryConditions_keyword) or * contains queryConditions_keyword +| distinct CorrelationId, ParticipantId); +let searchedCalls = +materialize(ACSCallSummary +| where CorrelationId in ((callIds | project CorrelationId)) +| extend CallEndTime = CallStartTime + totimespan(strcat(tostring(CallDuration), 's')) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle CallStartTime = take_any(CallStartTime), CallEndTime = take_any(CallEndTime), CallType = take_any(CallType), +numOfDroppedParticipant = count_distinctif(ParticipantId, ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580')) by CorrelationId); +// client type +let allParticipants = materialize(ACSCallSummary +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where CorrelationId in ((callIds | project CorrelationId)) +| union (ACSCallClientOperations +| where CallId in ((callIds | project CorrelationId)) +| where isnotempty(ParticipantId) +| distinct ParticipantId, CorrelationId = CallId, EndpointType = 'VoIP') +| summarize hint.strategy = shuffle take_any(EndpointType) by ParticipantId, CorrelationId); +let clientTypeInfo = materialize(allParticipants +| summarize hint.strategy = shuffle count() by EndpointType, CorrelationId +| extend info = strcat(count_, ' ', EndpointType) +| summarize hint.strategy = shuffle summaryInfo = make_list(info, 100) by CorrelationId +| extend ClientType = strcat_array(summaryInfo, ', ') +| project CorrelationId, ClientType); +let totalNumOfParticipants = materialize(allParticipants | summarize hint.strategy = shuffle participantsCount = dcount(ParticipantId) by CorrelationId); +// quality +let qualityInfo = materialize(ACSCallDiagnostics +| where CorrelationId in ((callIds | project CorrelationId)) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| where isnotempty(StreamId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId, StreamId +| extend + MediaType = iff(MediaType == 'VBSS', 'ScreenSharing', MediaType) | extend + __JitterQuality = iff(JitterAvg > 30, "Poor", "Good"), + __JitterBufferQuality = iff(JitterBufferSizeAvg > 200, "Poor", "Good"), + __PacketLossRateQuality = iff(PacketLossRateAvg > 0.1, "Poor", "Good"), + __RoundTripTimeQuality = iff(RoundTripTimeAvg > 500, "Poor", "Good"), + __HealedDataRatioQuality = iff(HealedDataRatioAvg > 0.1, "Poor", "Good"), + __VideoFrameRateQuality = iff((VideoFrameRateAvg < 1 and MediaType == 'ScreenSharing') or + (VideoFrameRateAvg < 7 and MediaType == 'Video'), "Poor", "Good"), + __FreezesQuality = iff((RecvFreezeDurationPerMinuteInMs > 25000 and MediaType == 'ScreenSharing') or + (RecvFreezeDurationPerMinuteInMs > 6000 and MediaType == 'Video'), "Poor", "Good"), + __VideoResolutionHeightQuality = iff((RecvResolutionHeight < 768 and MediaType == 'ScreenSharing') or + (RecvResolutionHeight < 240 and MediaType == 'Video'), "Poor", "Good") +| extend + __StreamQuality = iff( + (__JitterQuality == "Poor") + or (__JitterBufferQuality == "Poor") + or (__PacketLossRateQuality == "Poor") + or (__RoundTripTimeQuality == "Poor") + or (__HealedDataRatioQuality == "Poor") + or (__VideoFrameRateQuality == "Poor") + or (__FreezesQuality == "Poor") + or (__VideoResolutionHeightQuality == "Poor"), + "Poor", "Good"), + MediaDirection = iff(EndpointType == 'Server', 'InboundStream', 'OutboundStream') +| summarize hint.strategy = shuffle numOfPoorStreams = countif(__StreamQuality == 'Poor') by CorrelationId +| extend Quality = iff(numOfPoorStreams >0, 'Poor', 'Good') | project Quality, numOfPoorStreams, CorrelationId); +// rating +let ratingInfo = materialize(ACSCallSurvey +| where CallId in ((callIds | project CorrelationId)) +| extend OverallRatingScoreUpperBound = iff(isnotempty(OverallRatingScoreUpperBound), OverallRatingScoreUpperBound, 5) +| summarize hint.strategy = shuffle Rating = avg(OverallRatingScore*5.0/OverallRatingScoreUpperBound) by CallId +| project CorrelationId=CallId, Rating); +// client operation issues +let rangeEventsWithCorrelation = dynamic(['UserFacingDiagnostics']); +let pointEvents = dynamic([ +'SelectedMicrophoneChanged', 'SelectedSpeakerChanged', 'OptimalVideoCount-changed', 'State-changed', 'CallMode-changed', +'IsMuted-changed', 'IsIncomingAudioMuted-changed', 'Id-changed', 'Role-changed', 'SelectedDevice-changed', 'PageHidden', +'optimalVideoCount-changed', 'state-changed', 'callMode-changed', 'isMuted-changed', 'isIncomingAudioMuted-changed', +'id-changed', 'role-changed', 'selectedDevice-changed', 'pageHidden']); +// We need clientIds to get all operations before call is established. +let callClientIds = materialize(ACSCallClientOperations +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) +| distinct ClientInstanceId, ParticipantId, CallId); +// +let allOperations = +materialize(callClientIds | join kind=rightouter hint.strategy=shuffle +(ACSCallClientOperations +| where isempty(queryConditions_startTime) or CallClientTimeStamp >= (todatetime(queryConditions_startTime) - 2h) +| where ParticipantId in ((callIds | project ParticipantId)) or CallId in ((callIds | project CorrelationId)) or ClientInstanceId in ((callClientIds | project ClientInstanceId)) +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp)) +on ClientInstanceId +| extend ParticipantId = coalesce(ParticipantId, ParticipantId1), CallId = coalesce(CallId, CallId1) +| project-away ParticipantId1, ClientInstanceId1, CallId1 +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallClientTimeStamp); +// +let correlatedOperations = materialize(allOperations +| where OperationName in (rangeEventsWithCorrelation) +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged) +| extend UFDType = strcat(toupper(substring(UFDType, 0, 1)),substring(UFDType, 1)) +| extend OperationPayloadNew = bag_pack(tostring(CallClientTimeStamp), OperationPayload) +| project-away ResultType +| summarize hint.strategy = shuffle + arg_max(TimeGenerated, *), ResultType = iff(countif(UFDQuality != 'Good')>0, 'Failed', 'Succeeded'), + OperationStartTime = min(CallClientTimeStamp), OperationEndTime = max(CallClientTimeStamp), + OperationPayloadPacked = make_bag(OperationPayloadNew) by OperationId, UFDType, CallId +| extend ResultType = iff(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted"), 'Succeeded', ResultType), OperationName = UFDType +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +// +let nonCorrelatedOperations = materialize(allOperations +| where OperationName !in (rangeEventsWithCorrelation) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp))), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by OperationId, CallId +| where ResultType !in ('Succeeded', 'Success', 'ExpectedError')); +let clientOperationIssues = +materialize(union nonCorrelatedOperations, correlatedOperations +| summarize hint.strategy = shuffle numOfBadOperations=count() by OperationName, CallId +| extend badClientOperations = bag_pack(OperationName, numOfBadOperations) +| summarize hint.strategy = shuffle badClientOperations = make_bag(badClientOperations), numOfBadOperations = sum(numOfBadOperations) by CorrelationId=CallId); +//// +searchedCalls +| join kind=leftouter hint.strategy=shuffle clientTypeInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle qualityInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle ratingInfo on CorrelationId +| join kind=leftouter hint.strategy=shuffle clientOperationIssues on CorrelationId +| join kind=leftouter hint.strategy=shuffle totalNumOfParticipants on CorrelationId +| extend numOfPoorStreams = coalesce(numOfPoorStreams, 0) +| extend + drops=bag_pack('Call Ended Ungracefully',numOfDroppedParticipant), + badMediaStreams = bag_pack('Poor Media Streams', numOfPoorStreams), + Issues = coalesce(numOfBadOperations, 0) + numOfDroppedParticipant + numOfPoorStreams +| extend + IssuesBreakdown=bag_merge(drops, badClientOperations, badMediaStreams) +| project + CallId=CorrelationId, CallStartTime, CallEndTime, CallType, + Participants=participantsCount, ClientType, + Quality=iff(isempty(Quality), 'Unknown', Quality), + Rating=case(isempty(Rating), 'Unknown', Rating>=4.5, 'Good', Rating >=3, 'Average', 'Poor'), + NumOfDroppedParticipant = numOfDroppedParticipant, + NumOfPoorStreams = numOfPoorStreams, + Issues, IssuesBreakdown +| order by CallStartTime desc +``` + + + +### Search all participants in a call + + +Find all participants in a call by callId, and return the details of the participants.This query is also used in Call Diagnostics to search for participants. + +```query +// Set queryConditions_callId to be the CallId you want to query. +// Note this query is used in Call Diagnostics to get all the participant entities of a call. +declare query_parameters(queryConditions_callId:string = ''); +let participants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +| where ParticipantId != CorrelationId and isnotempty(ParticipantId) +| distinct ParticipantId, CallType); +let serviceSideParticipants = materialize(ACSCallSummary +| where CorrelationId == queryConditions_callId +// some participants don't have startTime, we use callStartTime instead. +| extend ParticipantStartTime = coalesce(ParticipantStartTime, CallStartTime) +| extend ParticipantEndTime = coalesce(ParticipantStartTime + 1s*ParticipantDuration, ParticipantStartTime + 10ms) +| extend EndReason=case( + ParticipantEndReason == "0", "Success", + ParticipantEndReason == "100","Trying", + ParticipantEndReason == "180","Ringing", + ParticipantEndReason == "181","Call Is Being Forwarded", + ParticipantEndReason == "182","Queued", + ParticipantEndReason == "183","Session Progress", + ParticipantEndReason == "199","Early Dialog Terminated", + ParticipantEndReason == "200","Success", + ParticipantEndReason == "202","Accepted", + ParticipantEndReason == "204","No Notification", + ParticipantEndReason == "300","Multiple Choices", + ParticipantEndReason == "301","Moved Permanently", + ParticipantEndReason == "302","Moved Temporarily", + ParticipantEndReason == "305","Use Proxy", + ParticipantEndReason == "380","Alternative Service", + ParticipantEndReason == "400","Bad Request", + ParticipantEndReason == "401","Unauthorized", + ParticipantEndReason == "402","Payment Required", + ParticipantEndReason == "403","Forbidden / Authentication failure", + ParticipantEndReason == "404","Call not found", + ParticipantEndReason == "405","Method Not Allowed", + ParticipantEndReason == "406","Not Acceptable", + ParticipantEndReason == "407","Proxy Authentication Required", + ParticipantEndReason == "408","Call controller timed out", + ParticipantEndReason == "409","Conflict", + ParticipantEndReason == "410","Local media stack or media infrastructure error", + ParticipantEndReason == "411","Length Required", + ParticipantEndReason == "412","Conditional Request Failed", + ParticipantEndReason == "413","Request Entity Too Large", + ParticipantEndReason == "414","Request-URI Too Large", + ParticipantEndReason == "415","Unsupported Media Type", + ParticipantEndReason == "416","Unsupported URI Scheme", + ParticipantEndReason == "417","Unknown Resource-Priority", + ParticipantEndReason == "420","Bad Extension", + ParticipantEndReason == "421","Extension Required", + ParticipantEndReason == "422","Session Interval Too Small", + ParticipantEndReason == "423","Interval Too Brief", + ParticipantEndReason == "424","Bad Location Information", + ParticipantEndReason == "428","Use Identity Header", + ParticipantEndReason == "429","Provide Referrer Identity", + ParticipantEndReason == "430","Unable to deliver message to client application", + ParticipantEndReason == "433","Anonymity Disallowed", + ParticipantEndReason == "436","Bad Identity-Info", + ParticipantEndReason == "437","Unsupported Certificate", + ParticipantEndReason == "438","Invalid Identity Header", + ParticipantEndReason == "439","First Hop Lacks Outbound Support", + ParticipantEndReason == "440","Max-Breadth Exceeded", + ParticipantEndReason == "469","Bad Info Package", + ParticipantEndReason == "470","Consent Needed", + ParticipantEndReason == "480","Remote client endpoint not registered", + ParticipantEndReason == "481","Failed to handle incoming call", + ParticipantEndReason == "482","Loop Detected", + ParticipantEndReason == "483","Too Many Hops", + ParticipantEndReason == "484","Address Incomplete", + ParticipantEndReason == "485","Ambiguous", + ParticipantEndReason == "486","Busy Here", + ParticipantEndReason == "487","Call canceled, locally declined, ended due to an endpoint mismatch issue, or failed to generate media offer", + ParticipantEndReason == "488","Not Acceptable Here", + ParticipantEndReason == "489","Bad Event", + ParticipantEndReason == "490","Local endpoint network issues", + ParticipantEndReason == "491","Local endpoint network issues", + ParticipantEndReason == "493","Undecipherable", + ParticipantEndReason == "494","Security Agreement Required", + ParticipantEndReason == "496","Local endpoint network issues", + ParticipantEndReason == "497","Local endpoint network issues", + ParticipantEndReason == "498","Local endpoint network issues", + ParticipantEndReason == "500","Communication Services infrastructure error", + ParticipantEndReason == "501","Not Implemented", + ParticipantEndReason == "502","Bad Gateway", + ParticipantEndReason == "503","Communication Services infrastructure error", + ParticipantEndReason == "504","Communication Services infrastructure error", + ParticipantEndReason == "505","Version Not Supported", + ParticipantEndReason == "513","Message Too Large", + ParticipantEndReason == "555","Push Notification Service Not Supported", + ParticipantEndReason == "580","Precondition Failure", + ParticipantEndReason == "600","Busy Everywhere", + ParticipantEndReason == "603","Call globally declined by remote Communication Services participant", + ParticipantEndReason == "604","Does Not Exist Anywhere", + ParticipantEndReason == "606","Not Acceptable", + ParticipantEndReason == "607","Unwanted", + ParticipantEndReason == "608","Rejected", "") +| extend Rank = iff(isempty(ParticipantId) and CallType == 'P2P' and EndpointType == 'VoIP', -1, 1) +| where CorrelationId != ParticipantId +| extend ParticipantId = coalesce(ParticipantId, Identifier, EndpointId) +| extend ParticipantId = iff(ParticipantId == 'Redacted', strcat('RedactedParticipant-', EndpointType, '-Identifier-', Identifier), ParticipantId) +| extend EndpointId = iff(EndpointId == 'Redacted', strcat('RedactedEndpoint-', EndpointType, '-Identifier-', Identifier), EndpointId) +| summarize hint.strategy = shuffle arg_max(TimeGenerated, *) by ParticipantId +| extend CallDroppedUngracefully = ParticipantEndReason in ('380', '400', '407', '408', '409', '410', +'412', '417', '430', '439', '440', '481', '483', '488', '489', '493', '500', '502', '503', '504', '580') +| project + ParentEntityId = CorrelationId, + ParentEntityType = 'Call', + EntityType = 'Participant', + EntityId = ParticipantId, + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=ParticipantDuration, + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityPayload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'Identifier', Identifier, + 'EndpointId', EndpointId, + 'ParticipantType', ParticipantType, + 'EndpointType', EndpointType, + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion, + 'PstnParticipantCallType', PstnParticipantCallType + ), + Insights_HasIssues = CallDroppedUngracefully, + Insights_Payload = bag_pack( + 'EndReasonCode', toint(ParticipantEndReason), + 'EndReasonPhrase', EndReason, + 'ParticipantId', ParticipantId, + 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank); +// +let clientSideParticipants = materialize(ACSCallClientOperations +| where ParticipantId in (participants) or CallId == queryConditions_callId +| where isnotempty(OperationName) and OperationName != 'CallClientOperations' +and isnotempty(OperationId) and isnotempty(CallClientTimeStamp) +| extend OperationId = coalesce(hash_sha256(strcat(OperationId, tostring(CallClientTimeStamp), OperationName)), tostring(new_guid())) +| summarize hint.strategy = shuffle arg_max(CallId, *) by OperationId +| where isnotempty(ParticipantId) +| extend OS = parse_user_agent(UserAgent, 'os').OperatingSystem +| extend OsVersion = strcat(OS.Family, OS.MajorVersion,'.', OS.MinorVersion) +| project OperationId, ParticipantId, CallId, CallClientTimeStamp, OperationName, OperationPayload, OsVersion, SdkVersion, ResultSignature, ResultType +| extend OperationPayload = todynamic(OperationPayload) +| extend + UFDQuality = tostring(OperationPayload.DiagnosticQuality), + UFDType = tostring(OperationPayload.DiagnosticChanged), + isUFD = OperationName == 'UserFacingDiagnostics' +| extend + ResultType = iff(isUFD, iff(UFDQuality != 'Good' and not(UFDType has_any ("SpeakingWhileMicrophoneIsMuted", "SpeakerMuted")), 'Failed', 'Succeeded'), ResultType), + CallDroppedUngracefully = iff(OperationName in ('Hangup', 'EnterCall', 'Join'), ResultType !in ('Succeeded', 'Success', 'ExpectedError'), False), + ParticipantStartTime = iff(OperationName == 'EnterCall', CallClientTimeStamp, datetime(null)), + ParticipantEndTime = iff(OperationName == 'Hangup', CallClientTimeStamp, datetime(null)) +| summarize hint.strategy = shuffle arg_max(CallId, *), ResultType = iff(countif(ResultType == 'Failed') > 0, 'Failed', 'Succeeded'), + CallDroppedUngracefully = countif(CallDroppedUngracefully) > 0, + ParticipantStartTimeApprox = min(CallClientTimeStamp), + ParticipantEndTimeApprox = max(CallClientTimeStamp) by ParticipantId +| extend + ParticipantStartTime = coalesce(ParticipantStartTime, ParticipantStartTimeApprox), + ParticipantEndTime = coalesce(ParticipantEndTime, ParticipantEndTimeApprox) +| project + ParentEntityId = queryConditions_callId, + ParentEntityType = 'Call', + EntityId = ParticipantId, + EntityType = 'Participant', + EntityDisplayName = strcat('Participant-', ParticipantId), + EntityStartTime=ParticipantStartTime, + EntityEndTime=ParticipantEndTime, + EntityDuration=tolong((ParticipantEndTime - ParticipantStartTime)/1s), + EntityPayload = bag_pack( + 'ParticipantType', 'ACS', + 'EndpointType', 'VoIP', + 'SdkVersion', SdkVersion, + 'OsVersion', OsVersion + ), + Insights_HasIssues = ResultType == 'Failed', + Insights_Payload = bag_pack('ParticipantId', ParticipantId, 'CallDroppedUngracefully', CallDroppedUngracefully), + GroupName = "lifeCycle", + Rank = 0); +// Merge participantEntities from service side and client side, and if the participant exists in both sides, we take the one with higher Rank. +union serviceSideParticipants, clientSideParticipants +| summarize hint.strategy = shuffle arg_max(Rank, *), EntityPayload_Merged = make_bag(EntityPayload), + Insights_Payload_Merged = make_bag(Insights_Payload), + Insights_HasIssues_Merged = countif(Insights_HasIssues) > 0 by EntityId +| order by Rank +| project + ParentEntityId, + ParentEntityType, + EntityId, + EntityType, + EntityDisplayName, + EntityStartTime, + EntityEndTime, + EntityDuration, + EntityPayload = EntityPayload_Merged, + Insights_HasIssues = Insights_HasIssues_Merged, + Insights_Payload = Insights_Payload_Merged +``` + diff --git a/articles/azure-monitor/reference/queries/acschatincomingoperations.md b/articles/azure-monitor/reference/queries/acschatincomingoperations.md new file mode 100644 index 0000000000..3349b4dab7 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acschatincomingoperations.md @@ -0,0 +1,88 @@ +--- +title: Example log table queries for ACSChatIncomingOperations +description: Example queries for ACSChatIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSChatIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Chat operations + + +Returns all distinct combinations of chat operation and version pairs. + +```query +ACSChatIncomingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Calculate chat operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each chat operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSChatIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 +``` + + + +### Top 5 IP addresses per chat operation + + +For every chat operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSChatIncomingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### Chat operational errors + + +List every chat error ordered by recency. + +```query +ACSChatIncomingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature, ResultDescription +| order by TimeGenerated desc +| limit 100 +``` + + + +### Chat operation result counts + + +For every chat operation, count the types of returned results. + +```query +ACSChatIncomingOperations +| summarize Count = count() by OperationName, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/acsemailsendmailoperational.md b/articles/azure-monitor/reference/queries/acsemailsendmailoperational.md new file mode 100644 index 0000000000..983c6cb64a --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsemailsendmailoperational.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for ACSEmailSendMailOperational +description: Example queries for ACSEmailSendMailOperational log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSEmailSendMailOperational table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Email Send Request Summary + + +Summary of send mail requests. + +```query +ACSEmailSendMailOperational +| summarize TotalMessageCount = dcount(CorrelationId), + TotalSize = sum(Size), + AvgSizePerMessage = avg(Size), + AvgRecipientsPerMessage = avg(UniqueRecipientsCount), + AvgAttachmentsPerMessage = avg(AttachmentsCount), + SizeAvg = avg(Size) +``` + diff --git a/articles/azure-monitor/reference/queries/acsemailstatusupdateoperational.md b/articles/azure-monitor/reference/queries/acsemailstatusupdateoperational.md new file mode 100644 index 0000000000..669404495a --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsemailstatusupdateoperational.md @@ -0,0 +1,58 @@ +--- +title: Example log table queries for ACSEmailStatusUpdateOperational +description: Example queries for ACSEmailStatusUpdateOperational log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSEmailStatusUpdateOperational table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Email failed deliveries by recipient ID + + +List recipients and failed delivery status. + +```query +ACSEmailStatusUpdateOperational +| where isnotempty(RecipientId) +| where DeliveryStatus != "Delivered" +| limit 100 +``` + + + +### Email Failed Deliveries by Message Id + + +List message ids and failed status. + +```query +ACSEmailStatusUpdateOperational +| where isempty(RecipientId) +| where DeliveryStatus != "OutForDelivery" +| limit 100 +``` + + + +### Email Bounced and Suppressed Recipients + + +List recipients that have been dropped due to a hard bounce or suppressed due to customer managed opt-outs. + +```query +ACSEmailStatusUpdateOperational +| where DeliveryStatus == "Bounced" or DeliveryStatus == "Suppressed" +| where CorrelationId == "" +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/acsjobrouterincomingoperations.md b/articles/azure-monitor/reference/queries/acsjobrouterincomingoperations.md new file mode 100644 index 0000000000..1abebf17ad --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsjobrouterincomingoperations.md @@ -0,0 +1,89 @@ +--- +title: Example log table queries for ACSJobRouterIncomingOperations +description: Example queries for ACSJobRouterIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSJobRouterIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Job Router operations + + +Returns all distinct combinations of job router operation and version pairs. + +```query +ACSJobRouterIncomingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Calculate Job Router operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each chat operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSJobRouterIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 + +``` + + + +### Top 5 IP addresses per Job Router operation + + +For every job router operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSJobRouterIncomingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### Job Router operational errors + + +List every job router error ordered by recency. + +```query +ACSJobRouterIncomingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature, ResultDescription +| order by TimeGenerated desc +| limit 100 +``` + + + +### Job Router operation result counts + + +For every job router operation, count the types of returned results. + +```query +ACSJobRouterIncomingOperations +| summarize Count = count() by OperationName, OperationVersion, ResultType, SdkType, EntityType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/acsroomsincomingoperations.md b/articles/azure-monitor/reference/queries/acsroomsincomingoperations.md new file mode 100644 index 0000000000..5a162502d3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acsroomsincomingoperations.md @@ -0,0 +1,63 @@ +--- +title: Example log table queries for ACSRoomsIncomingOperations +description: Example queries for ACSRoomsIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSRoomsIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Rooms operational errors + + +List rooms error ordered by recency. + +```query +ACSRoomsIncomingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature +| order by TimeGenerated desc +| limit 100 +``` + + + +### Rooms operation result counts + + +For every rooms operation, count the types of returned results. + +```query +ACSRoomsIncomingOperations +| summarize Count = count() by OperationName, OperationVersion, ResultType, ResultSignature +| order by OperationName asc, Count desc +``` + + + +### Rooms operation summary + + +The average statistics of room properties such as participants count for operation version 2024-04-15. + +```query +ACSRoomsIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| where OperationVersion == "2024-04-15" +| summarize TotalRoomCount = dcount(RoomId), + AvgAddedParticipantsCount = avg(AddedRoomParticipantsCount), + AvgRemovedParticipantsCount = avg(RemovedRoomParticipantsCount), + AvgUpsertedParticipantsCount = avg(UpsertedRoomParticipantsCount), + AvgRoomLifespan = avg(RoomLifespan), + SumPstnDialoutEnabled=countif(PstnDialOutEnabled==1) +``` + diff --git a/articles/azure-monitor/reference/queries/acssmsincomingoperations.md b/articles/azure-monitor/reference/queries/acssmsincomingoperations.md new file mode 100644 index 0000000000..6bfbf54065 --- /dev/null +++ b/articles/azure-monitor/reference/queries/acssmsincomingoperations.md @@ -0,0 +1,89 @@ +--- +title: Example log table queries for ACSSMSIncomingOperations +description: Example queries for ACSSMSIncomingOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ACSSMSIncomingOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### List distinct SMS operations + + +Returns all distinct combinations of SMS operation and version pairs. + +```query +ACSSMSIncomingOperations +| distinct OperationName, OperationVersion +| limit 100 +``` + + + +### Calculate SMS operation duration percentiles + + +Calculates the 90th, 95th, and 99th percentiles of run duration in milliseconds for each SMS operation. It can be customized to be run for a single operation, or for other percentiles. + +```query +ACSSMSIncomingOperations +// where OperationName == "" // This can be uncommented and specified to calculate only a single operation's duration percentiles +| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation +| limit 100 + +``` + + + +### Top 5 IP addresses per SMS operation + + +For every SMS operation, fetch the 5 IP addresses that have called that operation the most. + +```query +ACSSMSIncomingOperations +// | where OperationName == "" // This can be uncommented and specified to calculate only a single operation's count +| top-nested of OperationName by dummy=max(0), // For all the Operations... + top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most +| project-away dummy // Remove dummy line from the result set +| limit 100 +``` + + + +### SMS operational errors + + +List every SMS error ordered by recency. + +```query +ACSSMSIncomingOperations +| where ResultType == "Failed" +| project TimeGenerated, OperationName, OperationVersion, ResultSignature, ResultDescription +| order by TimeGenerated desc +| limit 100 +``` + + + +### SMS operation result counts + + +For every SMS operation, count the types of returned results. + +```query +ACSSMSIncomingOperations +| summarize Count = count() by OperationName, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType +| order by OperationName asc, Count desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/adassessmentrecommendation.md b/articles/azure-monitor/reference/queries/adassessmentrecommendation.md new file mode 100644 index 0000000000..9d8357f838 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adassessmentrecommendation.md @@ -0,0 +1,119 @@ +--- +title: Example log table queries for ADAssessmentRecommendation +description: Example queries for ADAssessmentRecommendation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADAssessmentRecommendation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### AD Recommendations by Focus Area + + +Count all AD reccomendations by focus area. + +```query +ADAssessmentRecommendation +| summarize AggregatedValue = count() by FocusArea +``` + + + +### AD Recommendations by Computer + + +Count AD recommendations with failed result by computer. + +```query +ADAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by Computer +``` + + + +### AD Recommendations by Forest + + +Count AD recommendations with failed result by forest. + +```query +ADAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by Forest +``` + + + +### AD Recommendations by Domain + + +Count AD recommendations with failed result by domain. + +```query +ADAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by Domain +``` + + + +### AD Recommendations by DomainController + + +Count AD recommendations with failed result by domain controller. + +```query +ADAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by DomainController +``` + + + +### AD Recommendations by AffectedObjectType + + +Count AD recommendations with failed result by affected object type. + +```query +ADAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by AffectedObjectType +``` + + + +### How many times did each unique AD Recommendation trigger? + + +Count AD recommendations with failed result by recommendation. + +```query +ADAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by Recommendation +``` + + + +### High priority AD Assessment security recommendations + + +Latest high priority security recommendation with result failed by recommendation Id. + +```query +ADAssessmentRecommendation +| where FocusArea == 'Security and Compliance' and RecommendationResult == 'Failed' and RecommendationScore>=35 +| summarize arg_max(TimeGenerated, *) by RecommendationId +``` + diff --git a/articles/azure-monitor/reference/queries/addonazurebackupjobs.md b/articles/azure-monitor/reference/queries/addonazurebackupjobs.md new file mode 100644 index 0000000000..b69d053f77 --- /dev/null +++ b/articles/azure-monitor/reference/queries/addonazurebackupjobs.md @@ -0,0 +1,77 @@ +--- +title: Example log table queries for AddonAzureBackupJobs +description: Example queries for AddonAzureBackupJobs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AddonAzureBackupJobs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Distribution of Backup Jobs by Status + + +View the number of completed and failed Backup Jobs in the selected time range. + +```query +AddonAzureBackupJobs +//Get all Backup Jobs +| where JobOperation == "Backup" +//Remove duplicate records if any +| summarize arg_max(TimeGenerated, *) by JobUniqueId +//Summarize by Job Status +| summarize count(JobUniqueId) by JobStatus +``` + + + +### Distribution of Restore Jobs by Status + + +View the number of completed and failed Restore Jobs in the selected time range. + +```query +AddonAzureBackupJobs +//Get all Restore Jobs +| where JobOperation in~ ("Restore","Recovery") +//Remove duplicate records if any +| summarize arg_max(TimeGenerated, *) by JobUniqueId +//Summarize by Job Status +| summarize count(JobUniqueId) by JobStatus +``` + + + +### All Successful Jobs + + +View all successful jobs in the selected time range. + +```query +AddonAzureBackupJobs +| summarize arg_max(TimeGenerated,*) by JobUniqueId +| where JobStatus == "Completed" +``` + + + +### All Failed Jobs + + +View all failed jobs in the selected time range. + +```query +// To create an alert for this query, click '+ New alert rule' +AddonAzureBackupJobs +| summarize arg_max(TimeGenerated,*) by JobUniqueId +| where JobStatus == "Failed" +``` + diff --git a/articles/azure-monitor/reference/queries/addonazurebackupstorage.md b/articles/azure-monitor/reference/queries/addonazurebackupstorage.md new file mode 100644 index 0000000000..de471c4e52 --- /dev/null +++ b/articles/azure-monitor/reference/queries/addonazurebackupstorage.md @@ -0,0 +1,35 @@ +--- +title: Example log table queries for AddonAzureBackupStorage +description: Example queries for AddonAzureBackupStorage log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AddonAzureBackupStorage table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Trend of total Cloud Storage consumed + + +View the daily trend of total (cumulative) Cloud Storage consumed. + +```query +// To create an alert for this query, click '+ New alert rule' +AddonAzureBackupStorage +| where OperationName == "StorageAssociation" +//Get total Cloud Storage being consumed per Backup Item at the end of each day +| summarize TotalStoragePerBackupItemPerDay=sum(StorageConsumedInMBs) by BackupItemUniqueId, Day=bin(TimeGenerated,1d), ResourceId +//Get total Cloud Storage being consumed at the end of each day +| summarize TotalStorage=sum(TotalStoragePerBackupItemPerDay) by Day, ResourceId +| sort by Day asc +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/adfactivityrun.md b/articles/azure-monitor/reference/queries/adfactivityrun.md new file mode 100644 index 0000000000..8fb3329aa1 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adfactivityrun.md @@ -0,0 +1,45 @@ +--- +title: Example log table queries for ADFActivityRun +description: Example queries for ADFActivityRun log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADFActivityRun table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Activity Runs Availability + + +Gives the availability of the Activity Runs. + +```query +// To create an alert for this query, click '+ New alert rule' +ADFActivityRun +| where Status != 'InProgress' and Status != 'Queued' +| where FailureType != 'UserError' +| summarize availability = 100.00 - (100.00*countif(Status != 'Succeeded') / count()) by bin(TimeGenerated, 1h)), _ResourceId +| order by TimeGenerated asc +| render timechart +``` + + + +### Activity runs latest Status + + +Returns latest Status of Activity runs. + +```query +ADFActivityRun +| summarize argmax(TimeGenerated, * ) by ActivityRunId, Status, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/adfpipelinerun.md b/articles/azure-monitor/reference/queries/adfpipelinerun.md new file mode 100644 index 0000000000..eb2cbe7a7c --- /dev/null +++ b/articles/azure-monitor/reference/queries/adfpipelinerun.md @@ -0,0 +1,45 @@ +--- +title: Example log table queries for ADFPipelineRun +description: Example queries for ADFPipelineRun log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADFPipelineRun table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### PipelineRuns Availability + + +Gives the availability of the Pipeline Runs. + +```query +// To create an alert for this query, click '+ New alert rule' +ADFPipelineRun +| where Status != 'InProgress' and Status != 'Queued' +| where FailureType != 'UserError' +| summarize availability = 100.00 - (100.00*countif(Status != 'Succeeded') / count()) by bin(TimeGenerated, 1h)), _ResourceId +| order by TimeGenerated asc +| render timechart +``` + + + +### Pipeline runs latest Status + + +Returns latest Status of pipeline runs. + +```query +ADFPipelineRun +| summarize argmax(TimeGenerated, * ) by RunId, Status, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/adfssigninlogs.md b/articles/azure-monitor/reference/queries/adfssigninlogs.md new file mode 100644 index 0000000000..2c29a46912 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adfssigninlogs.md @@ -0,0 +1,32 @@ +--- +title: Example log table queries for ADFSSignInLogs +description: Example queries for ADFSSignInLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADFSSignInLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Top ADFS account lockouts + + +Returns top 10 IP addresses by number of lockouts. + +```query +ADFSSignInLogs +| where TimeGenerated > ago(7d) +| extend errorCode = toint(parse_json(Status).errorCode) +| where errorCode == 300300 +| summarize Lockouts = count() by IPAddress +| top 10 by Lockouts +``` + diff --git a/articles/azure-monitor/reference/queries/adftriggerrun.md b/articles/azure-monitor/reference/queries/adftriggerrun.md new file mode 100644 index 0000000000..e6b7334983 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adftriggerrun.md @@ -0,0 +1,45 @@ +--- +title: Example log table queries for ADFTriggerRun +description: Example queries for ADFTriggerRun log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADFTriggerRun table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### TriggerRuns Availability + + +Gives the availability of the Trigger Runs. + +```query +// To create an alert for this query, click '+ New alert rule' +ADFTriggerRun +| where Status != 'Running' and Status != 'Waiting' and Status != 'WaitingOnDependency' +| where TriggerFailureType != 'UserError' +| summarize availability = 100.00 - (100.00*countif(Status != 'Succeeded') / count()) by bin(TimeGenerated, 1h)), _ResourceId +| order by TimeGenerated asc +| render timechart +``` + + + +### Trigger runs latest Status + + +Returns latest Status of Trigger runs. + +```query +ADFTriggerRun +| summarize argmax(TimeGenerated, * ) by TriggerId, Status, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/adtdatahistoryoperation.md b/articles/azure-monitor/reference/queries/adtdatahistoryoperation.md new file mode 100644 index 0000000000..e2d0e58044 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adtdatahistoryoperation.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for ADTDataHistoryOperation +description: Example queries for ADTDataHistoryOperation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADTDataHistoryOperation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Data History operation failure logs + + +Failed operation events logged when data history messages are sent to the time series database. + +```query +ADTDataHistoryOperation +| where ResultType == "Failure" +| take 100 + +``` + + + +### Data History egress latency + + +Delivery latency of data history messages sent to the time series database. + +```query +ADTDataHistoryOperation +| where OperationName == "Microsoft.DigitalTwins/digitalTwinsInstances/datahistory/messages/send/action" +| summarize percentile(DurationMs, 99) by bin(TimeGenerated, 5m) + +``` + diff --git a/articles/azure-monitor/reference/queries/adtdigitaltwinsoperation.md b/articles/azure-monitor/reference/queries/adtdigitaltwinsoperation.md new file mode 100644 index 0000000000..01ad5f2dfa --- /dev/null +++ b/articles/azure-monitor/reference/queries/adtdigitaltwinsoperation.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for ADTDigitalTwinsOperation +description: Example queries for ADTDigitalTwinsOperation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADTDigitalTwinsOperation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### DigitalTwin Error Summary + + +List of all DigitalTwin call errors. + +```query +ADTDigitalTwinsOperation +| where ResultType != 'Success' +``` + + + +### DigitalTwin API Usage + + +Count of DigitalTwin APIs by type (read, write and delete). + +```query +ADTDigitalTwinsOperation +| summarize count() by OperationName +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/adteventroutesoperation.md b/articles/azure-monitor/reference/queries/adteventroutesoperation.md new file mode 100644 index 0000000000..1707da0c8d --- /dev/null +++ b/articles/azure-monitor/reference/queries/adteventroutesoperation.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for ADTEventRoutesOperation +description: Example queries for ADTEventRoutesOperation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADTEventRoutesOperation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### EventRoutes API Usage + + +Count of EventRoute APIs by type (read, write and delete). + +```query +ADTEventRoutesOperation +| summarize count() by OperationName +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/adtmodelsoperation.md b/articles/azure-monitor/reference/queries/adtmodelsoperation.md new file mode 100644 index 0000000000..86883f5413 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adtmodelsoperation.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for ADTModelsOperation +description: Example queries for ADTModelsOperation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADTModelsOperation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Model Error Summary + + +List of all Model call errors. + +```query +ADTModelsOperation +| where ResultType != 'Success' +``` + + + +### Model API Usage + + +Count of Model APIs by type (read, write and delete). + +```query +ADTModelsOperation +| summarize count() by OperationName +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/adtqueryoperation.md b/articles/azure-monitor/reference/queries/adtqueryoperation.md new file mode 100644 index 0000000000..cfeff7fc7e --- /dev/null +++ b/articles/azure-monitor/reference/queries/adtqueryoperation.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for ADTQueryOperation +description: Example queries for ADTQueryOperation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADTQueryOperation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Query Error Summary + + +List of all Query call errors. + +```query +ADTQueryOperation +| where ResultType != 'Success' +``` + diff --git a/articles/azure-monitor/reference/queries/adxingestionbatching.md b/articles/azure-monitor/reference/queries/adxingestionbatching.md new file mode 100644 index 0000000000..31b150fbd1 --- /dev/null +++ b/articles/azure-monitor/reference/queries/adxingestionbatching.md @@ -0,0 +1,58 @@ +--- +title: Example log table queries for ADXIngestionBatching +description: Example queries for ADXIngestionBatching log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADXIngestionBatching table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Ingestion batching size + + +Track ingestion batch size timechart + +```query +ADXIngestionBatching +| where TimeGenerated > ago(1d) +| summarize sum(BatchSizeBytes) by Database, Table, bin(TimeGenerated, 10m) +| render timechart +``` + + + +### Ingestion batching summary + + +Ingestion batching summary (by database, table and type). + +```query +ADXIngestionBatching +| where TimeGenerated > ago(1d) +| summarize count() by Database, Table, BatchingType, bin(TimeGenerated, 10m) + +``` + + + +### Ingestion batching duration timechart + + +Track ingestion batching duration timechart. + +```query +ADXIngestionBatching +| where TimeGenerated > ago(1d) +| summarize sum(BatchTimeSeconds) by Database, Table, bin(TimeGenerated, 10m) +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/adxtableusagestatistics.md b/articles/azure-monitor/reference/queries/adxtableusagestatistics.md new file mode 100644 index 0000000000..4788efde9d --- /dev/null +++ b/articles/azure-monitor/reference/queries/adxtableusagestatistics.md @@ -0,0 +1,88 @@ +--- +title: Example log table queries for ADXTableUsageStatistics +description: Example queries for ADXTableUsageStatistics log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ADXTableUsageStatistics table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Table usage by number of queries + + +Top 10 used tables by number of queries. + +```query +ADXTableUsageStatistics +//| parse _ResourceId with * "providers/microsoft.kusto/clusters/" cluster_name // Uncomment to get the cluster name from the ResourceId string +//| where cluster_name == '' +//| where DatabaseName == '' +| summarize Count=count() by TableName, DatabaseName +| top 10 by Count desc +| order by Count desc +``` + + + +### Table usage by application + + +Top 10 used tables (highest number of queries) by application. + +```query +ADXTableUsageStatistics +//| parse _ResourceId with * "providers/microsoft.kusto/clusters/" cluster_name // Uncomment to get the cluster name from the ResourceId string +//| where cluster_name == '' +//| where DatabaseName == '' +| summarize Count=count() by TableName, DatabaseName, ApplicationName +| top 10 by Count desc +| order by Count desc +``` + + + +### Table data scanned - top time windows + + +Top 10 data scanned lookback time windows. + +```query +ADXTableUsageStatistics +//| parse _ResourceId with * ""providers/microsoft.kusto/clusters/"" cluster_name // Uncomment to get the cluster name from the ResourceId string +//| where cluster_name == '' +//| where DatabaseName == '' +//| where TableName == '' +| extend TotalTime = (MaxCreatedOn - MinCreatedOn) +| top 10 by TotalTime desc +| order by TotalTime desc +| project TimeGenerated, TotalTime, TableName, DatabaseName, MinCreatedOn, MaxCreatedOn, ApplicationName +``` + + + +### Table data scanned - top tables + + +Top 10 data scanned lookback time windows by table. + +```query +ADXTableUsageStatistics +//| parse _ResourceId with * ""providers/microsoft.kusto/clusters/"" cluster_name // Uncomment to get the cluster name from the ResourceId string +//| where cluster_name == '' +//| where DatabaseName == '' +//| where TableName == '' +| extend TotalTime = (MaxCreatedOn - MinCreatedOn) +| summarize arg_max(TotalTime, *) by TableName +| order by TotalTime desc +| project TimeGenerated, TotalTime, TableName, DatabaseName, MinCreatedOn, MaxCreatedOn, ApplicationName +``` + diff --git a/articles/azure-monitor/reference/queries/aegdataplanerequests.md b/articles/azure-monitor/reference/queries/aegdataplanerequests.md new file mode 100644 index 0000000000..1bac39d919 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aegdataplanerequests.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AegDataPlaneRequests +description: Example queries for AegDataPlaneRequests log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AegDataPlaneRequests table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Unique unauthorized or forbidden client IP addresses + + +Get a list of client IP addresses from which EventGrid received unauthorized or forbidden requests. + +```query +EventGridDataPlaneRequests +| where OperationResult == "Unauthorized" or OperationResult == "Forbidden" +| summarize count() by ClientIpAddress +``` + diff --git a/articles/azure-monitor/reference/queries/aegdeliveryfailurelogs.md b/articles/azure-monitor/reference/queries/aegdeliveryfailurelogs.md new file mode 100644 index 0000000000..efedf6a218 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aegdeliveryfailurelogs.md @@ -0,0 +1,93 @@ +--- +title: Example log table queries for AegDeliveryFailureLogs +description: Example queries for AegDeliveryFailureLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AegDeliveryFailureLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Delivery failures by topic and error + + +Delivery failures logs by topic name and error message. + +```query +AegDeliveryFailureLogs +| parse Message with * ", httpStatusCode=" HttpStatusCode "," * "., errorMessage=" ErrorMessage "," * +| parse _ResourceId with * "/topics/" TopicName +| summarize by _ResourceId, TopicName, ErrorMessage +``` + + + +### Delivery failures by topic and error + + +Delivery failures logs by topic name and error message. + +```query +// To create an alert for this query, click '+ New alert rule' +AegDeliveryFailureLogs +| parse Message with * ", httpStatusCode=" HttpStatusCode "," * "., errorMessage=" ErrorMessage "," * +| parse _ResourceId with * "/topics/" TopicName +| summarize by _ResourceId, TopicName, ErrorMessage +``` + + + +### Delivery failures by domain and error + + +Delivery failures logs by domain name and error message. + +```query +// To create an alert for this query, click '+ New alert rule' +AegDeliveryFailureLogs +| parse Message with * ", httpStatusCode=" HttpStatusCode "," * "., errorMessage=" ErrorMessage "," * +| parse _ResourceId with * "/domains/" DomainName +| project TimeGenerated, _ResourceId, DomainName, TenantId, EventSubscriptionName, SubResourceName, OperationName, HttpStatusCode, ErrorMessage +| summarize by _ResourceId, DomainName, SubResourceName, EventSubscriptionName, ErrorMessage +``` + + + +### Topics Average Delivery Latency + + +Average Delivery Latency summarized by Topics, Event Subscriptions. + +```query +AegDeliveryFailureLogs +| parse _ResourceId with * "/topics/" TopicName +| where TopicName!= "" // and TopicName == "YOUR_TOPIC_NAME" +| parse Message with * ", latencyInMs=" LatencyInMilliSecond "," * +| summarize AverageDeliveryLatencyInMs = avg(todouble(LatencyInMilliSecond)) by TopicName, EventSubscriptionName +// Uncomment to filter for a specific Topic Name +``` + + + +### Domains Average Delivery Latency + + +Average Delivery Latency summarized by Domains, Event Subscriptions and SubResourceName. + +```query +AegDeliveryFailureLogs +| parse _ResourceId with * "/domains/" DomainName +| where DomainName != "" // and DomainName == "YOUR_DOMAIN_NAME" +| parse Message with * ", latencyInMs=" LatencyInMilliSecond "," * +| summarize AverageDeliveryLatencyInMs = avg(todouble(LatencyInMilliSecond)) by DomainName, EventSubscriptionName, SubResourceName +// Uncomment to filter by a specific Domain Name +``` + diff --git a/articles/azure-monitor/reference/queries/aegpublishfailurelogs.md b/articles/azure-monitor/reference/queries/aegpublishfailurelogs.md new file mode 100644 index 0000000000..2b9e93e3c4 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aegpublishfailurelogs.md @@ -0,0 +1,63 @@ +--- +title: Example log table queries for AegPublishFailureLogs +description: Example queries for AegPublishFailureLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AegPublishFailureLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Publish failures by topic and error + + +Publish failures logs by topic name and error message. + +```query +AegPublishFailureLogs +| parse Message with * "), httpStatusCode=" HttpStatusCode "," * ", errorMessage=" ErrorMessage +| parse _ResourceId with * "/topics/" TopicName +| project TimeGenerated, _ResourceId, TopicName, TenantId, OperationName, HttpStatusCode, ErrorMessage +| summarize by _ResourceId, TopicName, HttpStatusCode, ErrorMessage +``` + + + +### Publish failures by topic and error + + +Publish failures logs by topic name and error message. + +```query +// To create an alert for this query, click '+ New alert rule' +AegPublishFailureLogs +| parse Message with * "), httpStatusCode=" HttpStatusCode "," * ", errorMessage=" ErrorMessage +| parse _ResourceId with * "/topics/" TopicName +| project TimeGenerated, _ResourceId, TopicName, TenantId, OperationName, HttpStatusCode, ErrorMessage +| summarize by _ResourceId, TopicName, HttpStatusCode, ErrorMessage +``` + + + +### Publish failures by domain and error + + +Publish failures logs by domain name and error message. + +```query +// To create an alert for this query, click '+ New alert rule' +AegPublishFailureLogs +| parse Message with * "), httpStatusCode=" HttpStatusCode "," * ", errorMessage=" ErrorMessage +| parse _ResourceId with * "/domains/" DomainName +| project TimeGenerated, _ResourceId, DomainName, TenantId, OperationName, HttpStatusCode, ErrorMessage +| summarize by _ResourceId, DomainName, HttpStatusCode, ErrorMessage +``` + diff --git a/articles/azure-monitor/reference/queries/aewcomputepipelineslogs.md b/articles/azure-monitor/reference/queries/aewcomputepipelineslogs.md new file mode 100644 index 0000000000..55cc7f188a --- /dev/null +++ b/articles/azure-monitor/reference/queries/aewcomputepipelineslogs.md @@ -0,0 +1,90 @@ +--- +title: Example log table queries for AEWComputePipelinesLogs +description: Example queries for AEWComputePipelinesLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AEWComputePipelinesLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### AEWComputePipelinesLogs get daily tasks count + + +Get daily tasks count from compute pipelines records in selected time range. + +```query +AEWComputePipelinesLogs +| where EventName =~ "ScorecardRequestSucceeded" or EventName =~ "ScorecardRequestFailed" +| where Properties.ExperimentationGroup =~ "test~ExperimentationGroup" +| summarize Count = count() by Date = bin(TimeGenerated, 1d), ExperimentationGroup = tostring(Properties.ExperimentationGroup) +| sort by Date +``` + + + +### AEWComputePipelinesLogs get failed tasks detail + + +Get latest 100 failed tasks detail from compute pipelines records in selected time range. + +```query +AEWComputePipelinesLogs +| where EventName =~ "ScorecardRequestFailed" +| where Properties.ExperimentationGroup =~ "test~ExperimentationGroup" +| project + TimeGenerated + ,EventName + ,ExperimentationGroup = Properties.ExperimentationGroup + ,AnalysisType = Properties.AnalysisType +| sort by TimeGenerated desc +| take 100 +``` + + + +### AEWComputePipelinesLogs get long running jobs + + +Get long running jobs from compute pipelines records in last seven days. + +```query +AEWComputePipelinesLogs +| where EventName =~ "CosmosJobUtilization" +| where Properties.ExperimentationGroup =~ "test~ExperimentationGroup" +| where todouble(Properties.JobRunningInSeconds) >= 24 * 60 * 60 +| project + TimeGenerated + ,EventName + ,ExperimentationGroup = Properties.ExperimentationGroup + ,AnalysisType = Properties.AnalysisType +| sort by TimeGenerated desc + +``` + + + +### AEWComputePipelinesLogs get task E2E latency time + + +Get task E2E latency time of compute pipelines records in selected time range. + +```query +AEWComputePipelinesLogs +| where EventName =~ "ScorecardRequestSucceeded" or EventName =~ "ScorecardRequestFailed" +| where Properties.ExperimentationGroup =~ "test~ExperimentationGroup" +| summarize + ScorecardRequestTimeInHoursP99 = percentile(todouble(Properties.ScorecardProcessingInSeconds) / 60 / 60, 99) + ,ScorecardRequestTimeInHoursAvg = avg(todouble(Properties.ScorecardProcessingInSeconds) / 60 / 60) + by Date = bin(TimeGenerated, 1d), ExperimentationGroup = tostring(Properties.ExperimentationGroup) +| sort by Date, ExperimentationGroup +``` + diff --git a/articles/azure-monitor/reference/queries/afsauditlogs.md b/articles/azure-monitor/reference/queries/afsauditlogs.md new file mode 100644 index 0000000000..7f2bbbcb33 --- /dev/null +++ b/articles/azure-monitor/reference/queries/afsauditlogs.md @@ -0,0 +1,48 @@ +--- +title: Example log table queries for AFSAuditLogs +description: Example queries for AFSAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AFSAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Aggregate operations query + + +List all the UnsuspendAmlFilesystem requests for a givein time duration. + +```query +AFSAuditLogs +// The OperationName below can be replaced by obtain other operations such as "RebootAmlFilesystemNode" or "AmlFSRefreshHSMToken". +| where OperationName has "UnsuspendAmlFilesystem" +| project TimeGenerated, _ResourceId, ActivityId, ResultSignature, ResultDescription, Location +| sort by TimeGenerated asc +| limit 100 + +``` + + + +### Unauthorized requests query + + +Count of failed AMLFilesystems requests due to unathorized access. + +```query +AFSAuditLogs +// 401 below could be replaced by other result signatures to obtain different operation results. +// For example, 'ResultSignature == 202' to obtain accepted requests. +| where ResultSignature == 401 +| summarize count() by _ResourceId, OperationName +``` + diff --git a/articles/azure-monitor/reference/queries/agcaccesslogs.md b/articles/azure-monitor/reference/queries/agcaccesslogs.md new file mode 100644 index 0000000000..b3b967d482 --- /dev/null +++ b/articles/azure-monitor/reference/queries/agcaccesslogs.md @@ -0,0 +1,57 @@ +--- +title: Example log table queries for AGCAccessLogs +description: Example queries for AGCAccessLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AGCAccessLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Client requests per hour + + +Count of client requests hourly. + +```query +AGCAccessLogs +| summarize AggregatedValue = count() by bin(TimeGenerated, 1h), _ResourceId +| render timechart +``` + + + +### 5xx HTTP responses per hour + + +Count of client requests that resulted in 5xx responses hourly. + +```query +AGCAccessLogs +| where HttpStatusCode > 499 and HttpStatusCode < 600 +| summarize AggregatedValue = count() by bin(TimeGenerated, 1h), _ResourceId +| render timechart +``` + + + +### 4xx HTTP responses per hour + + +Count of client requests that resulted in 4xx responses hourly. + +```query +AGCAccessLogs +| where HttpStatusCode > 399 and HttpStatusCode < 500 +| summarize AggregatedValue = count() by bin(TimeGenerated, 1h), _ResourceId +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/agrifoodapplicationauditlogs.md b/articles/azure-monitor/reference/queries/agrifoodapplicationauditlogs.md new file mode 100644 index 0000000000..a1c2528193 --- /dev/null +++ b/articles/azure-monitor/reference/queries/agrifoodapplicationauditlogs.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AgriFoodApplicationAuditLogs +description: Example queries for AgriFoodApplicationAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AgriFoodApplicationAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed authorization + + +Identifies a list of users who failed to access your resource and the reason for this failure. + +```query +AgriFoodApplicationAuditLogs +| where OperationName startswith "Data Plane Authentication" +| where ResultType == "Failure" +| take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/agrifoodfarmmanagementlogs.md b/articles/azure-monitor/reference/queries/agrifoodfarmmanagementlogs.md new file mode 100644 index 0000000000..ad2411ef44 --- /dev/null +++ b/articles/azure-monitor/reference/queries/agrifoodfarmmanagementlogs.md @@ -0,0 +1,70 @@ +--- +title: Example log table queries for AgriFoodFarmManagementLogs +description: Example queries for AgriFoodFarmManagementLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AgriFoodFarmManagementLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Status of farm management operations for a farmer + + +Retrieves logs indicating the status (success or failure) for operations performed in the FarmManagement logs category for a farmer. + +```query +AgriFoodFarmManagementLogs +| summarize Count = count() by OperationName, ResultSignature + +``` + + + +### Status of all operations for a farmer + + +Aggregates failures and successes across categories for a farmer. + +```query +((AgriFoodFarmManagementLogs | where FarmerId != "" | summarize AgriFoodFarmManagementLogsCount=count() by FarmerId, ResultType)) +| join kind=fullouter (( AgriFoodSatelliteLogs | where FarmerId != "" | summarize AgriFoodSatelliteLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| join kind=fullouter (( AgriFoodWeatherLogs | where FarmerId != "" | summarize AgriFoodWeatherLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| join kind=fullouter (( AgriFoodJobProcessedLogs | where FarmerId != "" | summarize AgriFoodJobProcessedLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| join kind=fullouter (( AgriFoodFarmOperationLogs | where FarmerId != "" | summarize AgriFoodFarmOperationLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| join kind=fullouter (( AgriFoodInsightLogs | where FarmerId != "" | summarize AgriFoodInsightLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| join kind=fullouter (( AgriFoodProviderAuthLogs | where FarmerId != "" | summarize AgriFoodProviderAuthLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| join kind=fullouter (( AgriFoodModelInferenceLogs | where FarmerId != "" | summarize AgriFoodModelInferenceLogsCount=count() by FarmerId, ResultType)) on FarmerId, ResultType +| project FarmerId = coalesce(FarmerId, FarmerId1, FarmerId2, FarmerId3, FarmerId4, FarmerId5, FarmerId6, FarmerId7), AgriFoodFarmManagementLogsCount, AgriFoodSatelliteLogsCount, AgriFoodWeatherLogsCount, AgriFoodJobProcessedLogsCount, AgriFoodFarmOperationLogsCount, AgriFoodInsightLogsCount, AgriFoodProviderAuthLogsCount, AgriFoodModelInferenceLogsCount, ResultType = coalesce(ResultType, ResultType1, ResultType2, ResultType3, ResultType4, ResultType5, ResultType6, ResultType7) + +``` + + + +### Usage trend for top 100 farmers based on the operations performed + + +Retrieves a list of top 100 farmers based on the number of hits received across categories. + +```query +((AgriFoodFarmManagementLogs | where FarmerId != "" | summarize AgriFoodFarmManagementLogsCount=count() by FarmerId)) +| join kind=fullouter (( AgriFoodSatelliteLogs | where FarmerId != "" | summarize AgriFoodSatelliteLogsCount=count() by FarmerId)) on FarmerId +| join kind=fullouter (( AgriFoodWeatherLogs | where FarmerId != "" | summarize AgriFoodWeatherLogsCount=count() by FarmerId)) on FarmerId +| join kind=fullouter (( AgriFoodJobProcessedLogs | where FarmerId != "" | summarize AgriFoodJobProcessedLogsCount=count() by FarmerId)) on FarmerId +| join kind=fullouter (( AgriFoodFarmOperationLogs | where FarmerId != "" | summarize AgriFoodFarmOperationLogsCount=count() by FarmerId)) on FarmerId +| join kind=fullouter (( AgriFoodInsightLogs | where FarmerId != "" | summarize AgriFoodInsightLogsCount=count() by FarmerId)) on FarmerId +| join kind=fullouter (( AgriFoodProviderAuthLogs | where FarmerId != "" | summarize AgriFoodProviderAuthLogsCount=count() by FarmerId)) on FarmerId +| join kind=fullouter (( AgriFoodModelInferenceLogs | where FarmerId != "" | summarize AgriFoodModelInferenceLogsCount=count() by FarmerId)) on FarmerId +| project FarmerId = coalesce(FarmerId, FarmerId1, FarmerId2, FarmerId3, FarmerId4, FarmerId5, FarmerId6, FarmerId7), AgriFoodFarmManagementLogsCount, AgriFoodSatelliteLogsCount, AgriFoodWeatherLogsCount, AgriFoodJobProcessedLogsCount, AgriFoodFarmOperationLogsCount, AgriFoodInsightLogsCount, AgriFoodProviderAuthLogsCount, AgriFoodModelInferenceLogsCount +| take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/agrifoodjobprocessedlogs.md b/articles/azure-monitor/reference/queries/agrifoodjobprocessedlogs.md new file mode 100644 index 0000000000..ff1481365d --- /dev/null +++ b/articles/azure-monitor/reference/queries/agrifoodjobprocessedlogs.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AgriFoodJobProcessedLogs +description: Example queries for AgriFoodJobProcessedLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AgriFoodJobProcessedLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Job execution statistics for a farmer + + +Retrieves the status of job processing for a farmer. + +```query +AgriFoodJobProcessedLogs +| summarize Count = count() by FarmerId, ResultType, OperationName + +``` + diff --git a/articles/azure-monitor/reference/queries/agsgrafanaloginevents.md b/articles/azure-monitor/reference/queries/agsgrafanaloginevents.md new file mode 100644 index 0000000000..6c39e5c4b2 --- /dev/null +++ b/articles/azure-monitor/reference/queries/agsgrafanaloginevents.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AGSGrafanaLoginEvents +description: Example queries for AGSGrafanaLoginEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AGSGrafanaLoginEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show login error events + + +A list of login error event sorted by time. + +```query +AGSGrafanaLoginEvents +| where Level == "Error" +| sort by TimeGenerated asc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/ahdsdicomauditlogs.md b/articles/azure-monitor/reference/queries/ahdsdicomauditlogs.md new file mode 100644 index 0000000000..2b1fa9c21a --- /dev/null +++ b/articles/azure-monitor/reference/queries/ahdsdicomauditlogs.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AHDSDicomAuditLogs +description: Example queries for AHDSDicomAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AHDSDicomAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### DICOM privileged operations + + +Get the count of the privileged operation logs per operation. For example, how many requests have been received to store a DICOM instance. + +```query +AHDSDicomAuditLogs +| summarize Count = count() by OperationName + +``` + diff --git a/articles/azure-monitor/reference/queries/ahdsdicomdiagnosticlogs.md b/articles/azure-monitor/reference/queries/ahdsdicomdiagnosticlogs.md new file mode 100644 index 0000000000..419816cd16 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ahdsdicomdiagnosticlogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AHDSDicomDiagnosticLogs +description: Example queries for AHDSDicomDiagnosticLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AHDSDicomDiagnosticLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Log count per log starting with Dicom100 error code and CorrelationId + + +Get the count of logs starting with Dicom100 error emitted from Dicom service per CorrelationId. The result contains count by CorrelationId. + +```query +AHDSDicomDiagnosticLogs +| where Message startswith "DICOM100:" +| summarize Count = count() by CorrelationId + +``` + diff --git a/articles/azure-monitor/reference/queries/ahdsmedtechdiagnosticlogs.md b/articles/azure-monitor/reference/queries/ahdsmedtechdiagnosticlogs.md new file mode 100644 index 0000000000..767f6ffde7 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ahdsmedtechdiagnosticlogs.md @@ -0,0 +1,88 @@ +--- +title: Example log table queries for AHDSMedTechDiagnosticLogs +description: Example queries for AHDSMedTechDiagnosticLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AHDSMedTechDiagnosticLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most recent actionable MedTech logs + + +Get user actionable logs generated by MedTech service. + +```query +AHDSMedTechDiagnosticLogs +| order by TimeGenerated desc +| take 100 + +``` + + + +### Log count per MedTech log or exception type + + +Get the count of the logs emitted from MedTech service per log type and operation. The result contains what exception is thrown how many times. + +```query +AHDSMedTechDiagnosticLogs +| summarize Count = count() by LogType, OperationName + +``` + + + +### MedTech healthcheck exceptions + + +Get exceptions caused by failing healthchecks to dependent Azure resources (eg. FHIR Service, Event Hub). + +```query +AHDSMedTechDiagnosticLogs +| where LogType == "HealthCheckException" +| order by TimeGenerated desc +| take 100 + +``` + + + +### MedTech normalization stage logs + + +Get user actionable logs from the Normalization stage of the MedTech service. + +```query +AHDSMedTechDiagnosticLogs +| where OperationName == "Normalization" +| order by TimeGenerated desc +| take 100 + +``` + + + +### MedTech FHIR conversion stage logs + + +Get user actionable logs from the FHIR conversion stage of the MedTech service. + +```query +AHDSMedTechDiagnosticLogs +| where OperationName == "FHIRConversion" +| order by TimeGenerated desc +| take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/aksaudit.md b/articles/azure-monitor/reference/queries/aksaudit.md new file mode 100644 index 0000000000..0eaa3ebfc5 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aksaudit.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AKSAudit +description: Example queries for AKSAudit log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AKSAudit table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Volume of Kubernetes audit events per SourceIp + + +Display the count of Kubernetes audit events generated from a given source IP address for each AKS cluster. Requires Diagnostic Settings to use the Resource Specific destination table. + +```query +AKSAudit +| where ResponseStatus.code != 401 // Exclude unauthorized responses +| mv-expand SourceIps // Expand the list of SourceIp entries into individual rows +| summarize Count = count() by SourceIp = tostring(SourceIps), ResourceId = _ResourceId +| sort by Count desc +``` + diff --git a/articles/azure-monitor/reference/queries/aksauditadmin.md b/articles/azure-monitor/reference/queries/aksauditadmin.md new file mode 100644 index 0000000000..2847a512c5 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aksauditadmin.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for AKSAuditAdmin +description: Example queries for AKSAuditAdmin log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AKSAuditAdmin table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Volume of admin Kubernetes audit events per username + + +Display the count of admin Kubernetes audit events generated from a given user name for each AKS cluster. Requires Diagnostic Settings to use the Resource Specific destination table. + +```query +AKSAuditAdmin +| where ResponseStatus.code != 401 // Exclude unauthorized responses +| summarize Count = count() by Username = tostring(User.username), ResourceId = _ResourceId +| sort by Count desc +``` + + + +### Admin Kubernetes audit events for deployment + + +Query for admin Kubernetes audit events against deployments within the default namespace. Requires Diagnostic Settings to use the Resource Specific destination table. + +```query +AKSAuditAdmin +| where ObjectRef.resource == "deployments" +| where ObjectRef.namespace == "default" +| where User.username != "system:serviceaccount:kube-system:deployment-controller" // Exclude updates from the kube controller for deployments +| limit 100 +| project TimeGenerated, Verb, RequestUri, User, RequestObject, ObjectRef +``` + diff --git a/articles/azure-monitor/reference/queries/akscontrolplane.md b/articles/azure-monitor/reference/queries/akscontrolplane.md new file mode 100644 index 0000000000..53939cd64e --- /dev/null +++ b/articles/azure-monitor/reference/queries/akscontrolplane.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for AKSControlPlane +description: Example queries for AKSControlPlane log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AKSControlPlane table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Cluster Autoscaler logs + + +Query for logs from the cluster autoscaler. This can help explain why the cluster is unexpectedly scaling up or down. Requires Diagnostic Settings to use the Resource Specific destination table. + +```query +AKSControlPlane +| where Category=="cluster-autoscaler" +| limit 100 +| project TimeGenerated, Level, Message + +``` + + + +### Kubernetes API server logs + + +Query for logs from the Kubernetes API server. Requires Diagnostic Settings to use the Resource Specific destination table. + +```query +AKSControlPlane +| where Category=="kube-apiserver" +| limit 100 +| project TimeGenerated, Level, Message + +``` + diff --git a/articles/azure-monitor/reference/queries/albhealthevent.md b/articles/azure-monitor/reference/queries/albhealthevent.md new file mode 100644 index 0000000000..52003b50e9 --- /dev/null +++ b/articles/azure-monitor/reference/queries/albhealthevent.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for ALBHealthEvent +description: Example queries for ALBHealthEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ALBHealthEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Latest Snat Port Exhaustion Per LB Frontend + + +List the latest SNAT port exhaustion event per load balancer Frontend IP + +```query +ALBHealthEvent +| where TimeGenerated > ago(1d) +| where HealthEventType == "SnatPortExhaustion" +| summarize arg_max(TimeGenerated, *) by LoadBalancerResourceId, FrontendIP +``` + diff --git a/articles/azure-monitor/reference/queries/alertevidence.md b/articles/azure-monitor/reference/queries/alertevidence.md new file mode 100644 index 0000000000..315e541589 --- /dev/null +++ b/articles/azure-monitor/reference/queries/alertevidence.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for AlertEvidence +description: Example queries for AlertEvidence log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AlertEvidence table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Alerts involving a user + + +List 100 alerts involving a certain user. + +```query +let userID = ""; +let userSid = ""; +AlertEvidence +| where EntityType == "User" and (AccountObjectId == userID or AccountSid == userSid ) +| join AlertInfo on AlertId +| project Timestamp, AlertId, Title, Category , Severity , ServiceSource , DetectionSource , AttackTechniques, AccountObjectId, AccountName, AccountDomain , AccountSid +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/alertinfo.md b/articles/azure-monitor/reference/queries/alertinfo.md new file mode 100644 index 0000000000..c4c0b28d49 --- /dev/null +++ b/articles/azure-monitor/reference/queries/alertinfo.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AlertInfo +description: Example queries for AlertInfo log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AlertInfo table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Alerts by MITRE ATT&CK technique + + +List number of alerts by MITRE ATT&CK technique in descending order. + +```query +AlertInfo +| where isnotempty(AttackTechniques) +| mvexpand todynamic(AttackTechniques) to typeof(string) +| summarize AlertCount = dcount(AlertId) by AttackTechniques +| sort by AlertCount desc +``` + diff --git a/articles/azure-monitor/reference/queries/amlcomputeclusterevent.md b/articles/azure-monitor/reference/queries/amlcomputeclusterevent.md new file mode 100644 index 0000000000..99c432fdce --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlcomputeclusterevent.md @@ -0,0 +1,58 @@ +--- +title: Example log table queries for AmlComputeClusterEvent +description: Example queries for AmlComputeClusterEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlComputeClusterEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get cluster events for clusters for specific VM size + + +Get top 100 cluster events for clusters where the VM size is Standard_D1_V2. + +```query +AmlComputeClusterEvent +| where VmSize == "STANDARD_D1_V2" +| project ClusterName, InitialNodeCount, MaximumNodeCount, QuotaAllocated, QuotaUtilized +| limit 100 +``` + + + +### Get number of running nodes + + +Get number of running nodes across workspaces and clusters. + +```query +AmlComputeClusterEvent +| summarize avgRunningNodes=avg(TargetNodeCount), maxRunningNodes=max(TargetNodeCount) by Workspace=tostring(split(_ResourceId, "/")[8]), ClusterName, ClusterType, VmSize, VmPriority +| limit 100 +``` + + + +### Graph of Running and Idle Node instances + + +Graph of Running and Idle Node instances. + +```query +AmlComputeClusterEvent +| project TimeGenerated, WorkspaceName=split(_ResourceId, "/")[-1], ClusterName, ClusterType, VmSize, VmPriority, + InitialNodeCount , IdleNodeCount, RunningNodeCount, PreparingNodeCount, MinimumNodeCount, MaximumNodeCount , CurrentNodeCount, TargetNodeCount +|summarize round(sum(RunningNodeCount),1), round(sum(IdleNodeCount),1) by Hourly=bin(TimeGenerated, 60m) +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/amlcomputecpugpuutilization.md b/articles/azure-monitor/reference/queries/amlcomputecpugpuutilization.md new file mode 100644 index 0000000000..c025079e78 --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlcomputecpugpuutilization.md @@ -0,0 +1,35 @@ +--- +title: Example log table queries for AmlComputeCpuGpuUtilization +description: Example queries for AmlComputeCpuGpuUtilization log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlComputeCpuGpuUtilization table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Plot compute cluster utilization + + +Plot recent compute cluster CPU utilization over time for specific cluster. + +```query +AmlComputeCpuGpuUtilization +| join kind = inner (AmlComputeJobEvent + | where NodeId!="" and EventType =="JobSucceeded" + | project NodeId, ClusterName) + on NodeId +| project TimeGenerated, todecimal(Utilization), ClusterName, DeviceType +| where ClusterName=="Cpu-cluster" and DeviceType=="CPU" +| limit 100 +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/amlcomputejobevent.md b/articles/azure-monitor/reference/queries/amlcomputejobevent.md new file mode 100644 index 0000000000..a8c5e4e56c --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlcomputejobevent.md @@ -0,0 +1,62 @@ +--- +title: Example log table queries for AmlComputeJobEvent +description: Example queries for AmlComputeJobEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlComputeJobEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get failed jobs + + +Get top 100 failed jobs. + +```query +AmlComputeJobEvent +| where EventType == "JobFailed" +| project TimeGenerated, ClusterId, EventType, ExecutionState, ToolType, JobErrorMessage, ErrorDetails +| limit 100 +``` + + + +### Get records for a job + + +Get top 100 records for a specific job name. + +```query +AmlComputeJobEvent +| where JobName == "automl_a9940991-dedb-4262-9763-2fd08b79d8fb_setup" +| project TimeGenerated, ClusterId, EventType, ExecutionState, ToolType +| limit 100 +``` + + + +### Display top 5 longest job runs + + +Display top 5 longest job runs. + +```query +AmlComputeJobEvent +| where OperationName == "JobSubmitted" +| join kind = inner (AmlComputeJobEvent + | where OperationName == "JobSucceeded" + | project StopTime=TimeGenerated, JobId) + on JobId +|project Duration=(StopTime-TimeGenerated), ExperimentName, WorkspaceName, ClusterName, JobName +|top 5 by Duration desc nulls last +``` + diff --git a/articles/azure-monitor/reference/queries/amldatasetevent.md b/articles/azure-monitor/reference/queries/amldatasetevent.md new file mode 100644 index 0000000000..1da11608e9 --- /dev/null +++ b/articles/azure-monitor/reference/queries/amldatasetevent.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AmlDataSetEvent +description: Example queries for AmlDataSetEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlDataSetEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count datasets reads + + +Count datasets reads grouped by users and datasets. + +```query +AmlDataSetEvent +| where split(OperationName, "/")[-1]=="READ" and AmlDatasetId !="" +| extend Identity=(parse_json(Identity)) +| project AmlDatasetId, UserName=Identity.UserName +| summarize Count=count() by AmlDatasetId, UserName=tostring(UserName) +``` + diff --git a/articles/azure-monitor/reference/queries/amlenvironmentevent.md b/articles/azure-monitor/reference/queries/amlenvironmentevent.md new file mode 100644 index 0000000000..507c378907 --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlenvironmentevent.md @@ -0,0 +1,32 @@ +--- +title: Example log table queries for AmlEnvironmentEvent +description: Example queries for AmlEnvironmentEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlEnvironmentEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Request the history of accessing environment + + +Request the history of accessing specific environment in the specific AML workspace. + +```query +AmlEnvironmentEvent +| where AmlEnvironmentName =="experiment_env" and split(_ResourceId, "/")[-1]=="amlws" +| extend Identity=(parse_json(Identity)) +| where Identity.UserName!="" +| project TimeGenerated, OperationName=split(OperationName, "/")[-1], WorkspaceName=split(_ResourceId, "/")[-1], AmlEnvironmentName,AmlEnvironmentVersion, UserName=Identity.UserName +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/amlmodelsevent.md b/articles/azure-monitor/reference/queries/amlmodelsevent.md new file mode 100644 index 0000000000..8ec92e59bb --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlmodelsevent.md @@ -0,0 +1,32 @@ +--- +title: Example log table queries for AmlModelsEvent +description: Example queries for AmlModelsEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlModelsEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Found users who accessed models + + +Found top 100 users who accessed models. + +```query +AmlModelsEvent +| where AmlModelName !="" +| extend Identity=(parse_json(Identity)) +| where Identity.UserName!="" +| project AmlModelName, OperationName=split(OperationName, "/")[-1], UserName=Identity.UserName +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/amlonlineendpointconsolelog.md b/articles/azure-monitor/reference/queries/amlonlineendpointconsolelog.md new file mode 100644 index 0000000000..87742e4b7d --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlonlineendpointconsolelog.md @@ -0,0 +1,40 @@ +--- +title: Example log table queries for AmlOnlineEndpointConsoleLog +description: Example queries for AmlOnlineEndpointConsoleLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlOnlineEndpointConsoleLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Online endpoint console logs + + +Get latest 100 online endpoint console log records. + +```query +AmlOnlineEndpointConsoleLog +| parse kind=regex flags=i _ResourceId with ".*?/RESOURCEGROUPS/" ResourceGroup "/PROVIDERS/MICROSOFT.MACHINELEARNINGSERVICES/WORKSPACES/" Workspace "/ONLINEENDPOINTS/" EndpointName +| project + TimeGenerated, + Subscription = _SubscriptionId, + ResourceGroup, + Workspace, + EndpointName, + DeploymentName, + InstanceId, + ContainerName, + ContainerImageName, + Message +| top 100 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/amlonlineendpointeventlog.md b/articles/azure-monitor/reference/queries/amlonlineendpointeventlog.md new file mode 100644 index 0000000000..c6a073fafa --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlonlineendpointeventlog.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for AmlOnlineEndpointEventLog +description: Example queries for AmlOnlineEndpointEventLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlOnlineEndpointEventLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Online endpoint failure events + + +Get the latest Azure ML online endpoints failures. + +```query +AmlOnlineEndpointEventLog +| where Message contains "failed" +| parse kind=regex flags=i _ResourceId with ".*?/RESOURCEGROUPS/" ResourceGroup "/PROVIDERS/MICROSOFT.MACHINELEARNINGSERVICES/WORKSPACES/" Workspace "/ONLINEENDPOINTS/" EndpointName +| project + TimeGenerated, + Subscription = _SubscriptionId, + ResourceGroup, + Workspace, + EndpointName, + DeploymentName, + InstanceId, + Name, + Message +| order by TimeGenerated desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/amlonlineendpointtrafficlog.md b/articles/azure-monitor/reference/queries/amlonlineendpointtrafficlog.md new file mode 100644 index 0000000000..52eba05e32 --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlonlineendpointtrafficlog.md @@ -0,0 +1,54 @@ +--- +title: Example log table queries for AmlOnlineEndpointTrafficLog +description: Example queries for AmlOnlineEndpointTrafficLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlOnlineEndpointTrafficLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Online endpoint failed requests + + +Get the latest 100 failed inferencing requests to the online endpoint. + +```query +AmlOnlineEndpointTrafficLog +| where ResponseCode != "200" and ResponseCode != "100" +| project + TimeGenerated, + Location, + OperationName, + Method, + Path, + Subscription = _SubscriptionId, + AzureMLWorkspaceId, + EndpointName, + DeploymentName, + Protocol, + ResponseCode, + ResponseCodeReason, + ModelStatusCode, + ModelStatusReason, + RequestPayloadSize, + ResponsePayloadSize, + UserAgent, + XRequestId, + XMSClientRequestId, + TotalDurationMs, + RequestDurationMs, + ResponseDurationMs, + RequestThrottlingDelayMs, + ResponseThrottlingDelayMs +| top 100 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/amlregistrywriteeventslog.md b/articles/azure-monitor/reference/queries/amlregistrywriteeventslog.md new file mode 100644 index 0000000000..ae6d78b06f --- /dev/null +++ b/articles/azure-monitor/reference/queries/amlregistrywriteeventslog.md @@ -0,0 +1,35 @@ +--- +title: Example log table queries for AmlRegistryWriteEventsLog +description: Example queries for AmlRegistryWriteEventsLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AmlRegistryWriteEventsLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### All WRITE events + + +Retrieves a list of events of WRITE. + +```query +AmlRegistryWriteEventsLog +| project + TimeGenerated, + RegistryResourceId, + OperationType, + UserName, + AssetName, + AssetVersion +| top 100 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/amskeydeliveryrequests.md b/articles/azure-monitor/reference/queries/amskeydeliveryrequests.md new file mode 100644 index 0000000000..df11c7d9ef --- /dev/null +++ b/articles/azure-monitor/reference/queries/amskeydeliveryrequests.md @@ -0,0 +1,55 @@ +--- +title: Example log table queries for AMSKeyDeliveryRequests +description: Example queries for AMSKeyDeliveryRequests log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AMSKeyDeliveryRequests table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Key delivery successful request count by key type + + +Summarizes the count of successful key delivery requests by different key types. + +```query +AMSKeyDeliveryRequests +| where ResultType == "Succeeded" +| summarize Count = count() by KeyType +``` + + + +### Key delivery failed requests + + +Lists the details of failed key delivery requests. + +```query +AMSKeyDeliveryRequests +| where ResultType != "Succeeded" +| project KeyId, PolicyName, ResultSignature, StatusMessage, _ResourceId +| limit 100 +``` + + + +### Key delivery requests latency at 95 and 99 percentiles + + +Estimates the key delivery requests latency at 95th and 99th percentiles. + +```query +AMSKeyDeliveryRequests +| summarize percentiles(DurationMs, 95, 99) +``` + diff --git a/articles/azure-monitor/reference/queries/amsliveeventoperations.md b/articles/azure-monitor/reference/queries/amsliveeventoperations.md new file mode 100644 index 0000000000..e001968df3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/amsliveeventoperations.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for AMSLiveEventOperations +description: Example queries for AMSLiveEventOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AMSLiveEventOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Live event ingest discontinuity operation count + + +Summarizes the count of ingest discontinuities by different live events. + +```query +AMSLiveEventOperations +| where OperationName == "LIVEEVENTS/INGESTDISCONTINUITY" +| summarize Count = count() by tostring(Properties.liveEventName) +``` + + + +### Live event error operations + + +Lists the live event error operations. + +```query +AMSLiveEventOperations +| where Level == "Error" +| project _ResourceId, OperationName +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/amsmediaaccounthealth.md b/articles/azure-monitor/reference/queries/amsmediaaccounthealth.md new file mode 100644 index 0000000000..7be97375dd --- /dev/null +++ b/articles/azure-monitor/reference/queries/amsmediaaccounthealth.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AMSMediaAccountHealth +description: Example queries for AMSMediaAccountHealth log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AMSMediaAccountHealth table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Media account health events + + +Lists Media account health events details. + +```query +AMSMediaAccountHealth +| project EventCode, EventMessage, _ResourceId +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/amsstreamingendpointrequests.md b/articles/azure-monitor/reference/queries/amsstreamingendpointrequests.md new file mode 100644 index 0000000000..482e49d8f5 --- /dev/null +++ b/articles/azure-monitor/reference/queries/amsstreamingendpointrequests.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for AMSStreamingEndpointRequests +description: Example queries for AMSStreamingEndpointRequests log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AMSStreamingEndpointRequests table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Streaming endpoint successful request count by client IP + + +Summarizes the count of successful streaming endpoint requests by different client IPs. + +```query +AMSStreamingEndpointRequests +| where Status == "200" +| summarize Count = count() by ClientIP +``` + + + +### Streaming endpoint informational requests + + +Lists details of streaming endpoint requests with log level equal to informational. + +```query +AMSStreamingEndpointRequests +| where Level == "Informational" +| project _ResourceId, ClientIP, URL +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/anomalies.md b/articles/azure-monitor/reference/queries/anomalies.md new file mode 100644 index 0000000000..a74ded9d65 --- /dev/null +++ b/articles/azure-monitor/reference/queries/anomalies.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for Anomalies +description: Example queries for Anomalies log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Anomalies table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get Production Anomalies (last day) + + +Gets a list of all anomalies generated by a production Sentinel rule in the last day + +```query +Anomalies +| where TimeGenerated > ago(1d) +| where RuleStatus == "Production" +``` + + + +### Get Flighting Anomalies (last day) + + +Gets a list of all anomalies generated by a flighting Sentinel rule in the last day + +```query +Anomalies +| where TimeGenerated > ago(1d) +| where RuleStatus == "Flighting" +``` + diff --git a/articles/azure-monitor/reference/queries/aoidatabasequery.md b/articles/azure-monitor/reference/queries/aoidatabasequery.md new file mode 100644 index 0000000000..23f93d51c3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aoidatabasequery.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AOIDatabaseQuery +description: Example queries for AOIDatabaseQuery log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AOIDatabaseQuery table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Queries executed by a user on dataproduct + + +List all the queries run on a dataproduct by a particular user. + +```query +AOIDatabaseQuery +| where DatabaseName has_cs "edrdp" and User has_cs "username@domain.com" +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/aoidigestion.md b/articles/azure-monitor/reference/queries/aoidigestion.md new file mode 100644 index 0000000000..783a289fe0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/aoidigestion.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for AOIDigestion +description: Example queries for AOIDigestion log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AOIDigestion table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Row digestion errors + + +All logs about rows which have failed to be digested. + +```query +AOIDigestion +| where Message startswith_cs "Failed to decode row" +| take 100 +``` + + + +### Failed file digestion by source + + +Breakdown of files that could not be digested by the top-level directory that they were uploaded to (typically the SiteId). + +```query +AOIDigestion +| where Message startswith_cs "Failed to digest file" +| parse FilePath with Source:string "/" * +| summarize count() by Source +``` + diff --git a/articles/azure-monitor/reference/queries/aoistorage.md b/articles/azure-monitor/reference/queries/aoistorage.md new file mode 100644 index 0000000000..265880419e --- /dev/null +++ b/articles/azure-monitor/reference/queries/aoistorage.md @@ -0,0 +1,68 @@ +--- +title: Example log table queries for AOIStorage +description: Example queries for AOIStorage log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AOIStorage table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Ingestion operation on storage + + +Lists all the ingestion operation performed on storage of a dataproduct. + +```query +AOIStorage +| where Category has_cs "Ingestion" +| take 100 +``` + + + +### Delete operation on storage + + +Lists all delete operation performed on storage of a dataproduct. + +```query +AOIStorage +| where Category has_cs "IngestionDelete" +| take 100 +``` + + + +### Read operation on storage + + +Lists all Read operation performed on storage of a dataproduct. + +```query +AOIStorage +| where Category has_cs "ReadStorage" +| take 100 +``` + + + +### Read operation on input storage + + +Lists all Read operation performed on the input storage of a dataproduct. + +```query +AOIStorage +| where Category has_cs "IngestionRead" +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/apimanagementgatewaylogs.md b/articles/azure-monitor/reference/queries/apimanagementgatewaylogs.md new file mode 100644 index 0000000000..7147e66ea2 --- /dev/null +++ b/articles/azure-monitor/reference/queries/apimanagementgatewaylogs.md @@ -0,0 +1,237 @@ +--- +title: Example log table queries for ApiManagementGatewayLogs +description: Example queries for ApiManagementGatewayLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ApiManagementGatewayLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Number of requests + + +Count the total number of calls across all APIs in the last 24 hours. + +```query +//Total number of call per resource +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize count(CorrelationId) by _ResourceId +``` + + + +### Logs of the last 100 calls + + +Get the logs of the most recent 100 calls in the last 24 hours. + +```query +ApiManagementGatewayLogs +| top 100 by TimeGenerated desc +``` + + + +### Number of calls by APIs + + +View the number of calls per API in the last 24 hours. + +```query +//Calls by API ID +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize count(CorrelationId) by ApiId +``` + + + +### Bandwidth consumed + + +Total bandwidth consumed in the last 24 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| extend bandwidth = RequestSize + ResponseSize +| summarize sum(bandwidth) by bin(TimeGenerated, 15m), _ResourceId +| render timechart +``` + + + +### Request sizes + + +Statistics of request sizes in the last 24 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize Average=avg(RequestSize), Median=percentile(RequestSize, 50), 90th_Percentile=percentile(RequestSize, 90) by bin(TimeGenerated, 5m) +| render timechart +``` + + + +### Response sizes + + +Statistics of response sizes in the last 24 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize Average=avg(ResponseSize), Median=percentile(ResponseSize, 50), 90th_Percentile=percentile(ResponseSize, 90) by bin(TimeGenerated, 5m) +| render timechart +``` + + + +### Client TLS versions + + +Breakdown of client TLS versions in the last 24 hours. + +```query +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize count(CorrelationId) by ClientTlsVersion, _ResourceId +``` + + + +### Error reasons breakdown + + +Breakdown of all error reasons in the last 24 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| where IsRequestSuccess == false +| summarize count(CorrelationId) by LastErrorReason, _ResourceId +``` + + + +### Last 100 failed requests + + +Get the logs of the last 100 failed requests. + +```query +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| where IsRequestSuccess == false +| top 100 by TimeGenerated desc| where ResponseCode >= 400 +``` + + + +### Get failed requests due to issues related to the backend + + +Get the logs of failed requests due to backend issues. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| where IsRequestSuccess == false +| where BackendResponseCode >= 400 +``` + + + +### Get failed requests due to issues not related to the backend + + +Get the logs of failed requests due to issues not related to the backend (e.g., API Mangement policies configuration, rate limit exceeded, client disconnection). + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| where IsRequestSuccess == false +| where isnull(BackendResponseCode) or BackendResponseCode < 400 +| where ResponseCode >= 400 +``` + + + +### Overall latency + + +Statistics of overall latency (in miliseconds) between the time API Mangement starts receiving a request and the time API Management finishes sending the response back to the client. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize Average=avg(TotalTime), Median=percentile(TotalTime, 50), 90th_Percentile=percentile(TotalTime, 90) by bin(TimeGenerated, 15m) +| render timechart +``` + + + +### Backend latency + + +Statistics of time (in miliseconds) spent in backend IO. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize Average=avg(BackendTime), Median=percentile(BackendTime, 50), 90th_Percentile=percentile(BackendTime, 90) by bin(TimeGenerated, 15m) +| render timechart +``` + + + +### Client latency + + +Statistics of time (in miliseconds) spent in client IO. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize Average=avg(ClientTime), Median=percentile(ClientTime, 50), 90th_Percentile=percentile(ClientTime, 90) by bin(TimeGenerated, 15m) +| render timechart +``` + + + +### Cache hit ratio + + +Statistics of Cache hit/miss ratio. + +```query +// To create an alert for this query, click '+ New alert rule' +ApiManagementGatewayLogs +| where TimeGenerated > ago(1d) +| summarize Cache_Miss=countif(Cache == "miss"), Cache_Hit=countif(Cache == "hit") by bin(TimeGenerated, 15m) +| extend Ratio=Cache_Hit / (Cache_Hit + Cache_Miss) +| project-away Cache_Hit , Cache_Miss +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/appdependencies.md b/articles/azure-monitor/reference/queries/appdependencies.md new file mode 100644 index 0000000000..3f157599d1 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appdependencies.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AppDependencies +description: Example queries for AppDependencies log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppDependencies table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failing dependencies + + +Which 5 dependencies failed the most today? + +```query +AppDependencies +| where Success == false +| summarize totalCount=sum(ItemCount) by DependencyType +| top 5 by totalCount desc +``` + diff --git a/articles/azure-monitor/reference/queries/appenvspringappconsolelogs.md b/articles/azure-monitor/reference/queries/appenvspringappconsolelogs.md new file mode 100644 index 0000000000..7d8b316231 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appenvspringappconsolelogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AppEnvSpringAppConsoleLogs +description: Example queries for AppEnvSpringAppConsoleLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppEnvSpringAppConsoleLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Latest Container App first party Spring App errors + + +Get the latest errors generated by user deployed Container Apps with Spring App managedBy annotations. + +```query +AppEnvSpringAppConsoleLogs +| where Stream == "stderr" +| order by TimeGenerated desc +| top 100 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/appexceptions.md b/articles/azure-monitor/reference/queries/appexceptions.md new file mode 100644 index 0000000000..e4e3724422 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appexceptions.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AppExceptions +description: Example queries for AppExceptions log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppExceptions table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Top 3 browser exceptions + + +What were the highest reported exceptions today? + +```query +AppExceptions +| where notempty(ClientBrowser) and ClientType == 'Browser' +| summarize total_exceptions = sum(ItemCount) by ProblemId +| top 3 by total_exceptions desc +``` + diff --git a/articles/azure-monitor/reference/queries/apppageviews.md b/articles/azure-monitor/reference/queries/apppageviews.md new file mode 100644 index 0000000000..3a2cd21711 --- /dev/null +++ b/articles/azure-monitor/reference/queries/apppageviews.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for AppPageViews +description: Example queries for AppPageViews log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppPageViews table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Page views trend + + +Chart the page views count, during the last day. + +```query +// To create an alert for this query, click '+ New alert rule' +AppPageViews +| where ClientType == 'Browser' +| summarize count_sum = sum(ItemCount) by bin(TimeGenerated,30m), _ResourceId +| render timechart +``` + + + +### Slowest pages + + +What are the 3 slowest pages, and how slow are they? + +```query +AppPageViews +| where notempty(DurationMs) and ClientType == 'Browser' +| extend total_duration=DurationMs*ItemCount +| summarize avg_duration=(sum(total_duration)/sum(ItemCount)) by OperationName +| top 3 by avg_duration desc +``` + diff --git a/articles/azure-monitor/reference/queries/appplatformlogsforspring.md b/articles/azure-monitor/reference/queries/appplatformlogsforspring.md new file mode 100644 index 0000000000..7b92f4d768 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appplatformlogsforspring.md @@ -0,0 +1,49 @@ +--- +title: Example log table queries for AppPlatformLogsforSpring +description: Example queries for AppPlatformLogsforSpring log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppPlatformLogsforSpring table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show the application logs which contain the "error" or "exception" terms + + +Show the application logs which contain the "error" or "exception" terms in the last hour. + +```query +// To create an alert for this query, click '+ New alert rule' +AppPlatformLogsforSpring +| where TimeGenerated > ago(1h) +| where Log contains "error" or Log contains "exception" +| project TimeGenerated , ServiceName , AppName , InstanceName , Log , _ResourceId +``` + + + +### Show the error and exception number of each application + + +Show a pie chart of the number of the logs containing the "error" or "exception" terms in the last 24 hours, per application. + +```query +// To create an alert for this query, click '+ New alert rule' +AppPlatformLogsforSpring +| where TimeGenerated > ago(24h) +| where Log contains "error" or Log contains "exception" +| extend FullAppName = strcat(ServiceName, "/", AppName) +| summarize count_per_app = count() by FullAppName, ServiceName, AppName, _ResourceId +| sort by count_per_app desc +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/appplatformsystemlogs.md b/articles/azure-monitor/reference/queries/appplatformsystemlogs.md new file mode 100644 index 0000000000..059f90cc08 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appplatformsystemlogs.md @@ -0,0 +1,100 @@ +--- +title: Example log table queries for AppPlatformSystemLogs +description: Example queries for AppPlatformSystemLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppPlatformSystemLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show the config server logs + + +View config server logs of level warn and error. + +```query +AppPlatformSystemLogs +| where LogType == "ConfigServer" and Level in ("WARN", "ERROR") +| project TimeGenerated , Level , ServiceName , Thread , Stack , Log , _ResourceId +| limit 100 +``` + + + +### Show the service registry logs + + +View service registry logs of level warn and error for all tiers. + +```query +AppPlatformSystemLogs +| where LogType == "ServiceRegistry" and Level in ("WARN", "ERROR") +| project TimeGenerated , Level , ServiceName , Thread , Stack , Log , _ResourceId +| limit 100 +``` + + + +### Show the Spring Cloud Gateway logs + + +View Spring Cloud Gateway logs for Enterprise tiers. + +```query +AppPlatformSystemLogs +| where LogType == "SpringCloudGateway" +| project TimeGenerated , ServiceName , Log , _ResourceId +| limit 100 +``` + + + +### Show the API portal logs + + +View API portal logs for Enterprise tiers. + +```query +AppPlatformSystemLogs +| where LogType == "ApiPortal" +| project TimeGenerated , ServiceName , Log , _ResourceId +| limit 100 +``` + + + +### Show the Application Configuration Service logs + + +View Application Configuration Service logs for Enterprise tiers. + +```query +AppPlatformSystemLogs +| where LogType == "ApplicationConfigurationService" +| project TimeGenerated , ServiceName , Log , _ResourceId +| limit 100 +``` + + + +### Show the Spring Cloud Gateway operator logs + + +View Spring Cloud Gateway operator logs for Enterprise tiers. + +```query +AppPlatformSystemLogs +| where LogType == "SpringCloudGatewayOperator" +| project TimeGenerated , ServiceName , Log , _ResourceId +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/apprequests.md b/articles/azure-monitor/reference/queries/apprequests.md new file mode 100644 index 0000000000..1db8bb9e96 --- /dev/null +++ b/articles/azure-monitor/reference/queries/apprequests.md @@ -0,0 +1,135 @@ +--- +title: Example log table queries for AppRequests +description: Example queries for AppRequests log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppRequests table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Response time trend + + +Chart request duration over the last 12 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +AppRequests +| where TimeGenerated > ago(12h) +| summarize avgRequestDuration=avg(DurationMs) by bin(TimeGenerated, 10m), _ResourceId // use a time grain of 10 minutes +| render timechart +``` + + + +### Request count trend + + +Chart Request count over the last day. + +```query +// To create an alert for this query, click '+ New alert rule' +AppRequests +| summarize totalCount=sum(ItemCount) by bin(TimeGenerated, 30m), _ResourceId +| render timechart +``` + + + +### Response time buckets + + +Show how many requests are in each performance-bucket. + +```query +AppRequests +| summarize requestCount=sum(ItemCount), avgDuration=avg(DurationMs) by PerformanceBucket +| order by avgDuration asc // sort by average request duration +| project-away avgDuration // no need to display avgDuration, we used it only for sorting results +| render barchart +``` + + + +### Operations performance + + +Calculate request count and duration by operations. + +```query +// To create an alert for this query, click '+ New alert rule' +AppRequests +| summarize RequestsCount=sum(ItemCount), AverageDuration=avg(DurationMs), percentiles(DurationMs, 50, 95, 99) by OperationName, _ResourceId // you can replace 'OperationName' with another value to segment by a different property +| order by RequestsCount desc // order from highest to lower (descending) +``` + + + +### Top 10 countries by traffic + + +Chart the amount of requests from the top 10 countries. + +```query +AppRequests +| summarize CountByCountry=count() by ClientCountryOrRegion +| top 10 by CountByCountry +| render piechart +``` + + + +### Failed requests – top 10 + + +What are the 3 slowest pages, and how slow are they? + +```query +AppRequests +| where Success == false +| summarize failedCount=sum(ItemCount) by Name +| top 10 by failedCount desc +| render barchart +``` + + + +### Failed operations + + +Calculate how many times operations failed, and how many users were impacted. + +```query +// To create an alert for this query, click '+ New alert rule' +AppRequests +| where Success == false +| summarize failedCount=sum(ItemCount), impactedUsers=dcount(UserId) by OperationName, _ResourceId +| order by failedCount desc +``` + + + +### Exceptions causing request failures + + +Find which exceptions led to failed requests in the past hour. + +```query +AppRequests +| where TimeGenerated > ago(1h) and Success == false +| join kind= inner ( +AppExceptions +| where TimeGenerated > ago(1h) +) on OperationId +| project exceptionType = Type, failedMethod = Method, requestName = Name, requestDuration = DurationMs, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/appserviceapplogs.md b/articles/azure-monitor/reference/queries/appserviceapplogs.md new file mode 100644 index 0000000000..a9bf261876 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appserviceapplogs.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for AppServiceAppLogs +description: Example queries for AppServiceAppLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppServiceAppLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count app logs by severity + + +Bar chart of app log severities over time. + +```query +// To create an alert for this query, click '+ New alert rule' +AppServiceAppLogs +| summarize count() by CustomLevel, bin(TimeGenerated, 1h), _ResourceId +| render barchart +``` + + + +### App logs for each App Service + + +Breakdown of log levels for each App Service. + +```query +// To create an alert for this query, click '+ New alert rule' +AppServiceAppLogs +| project CustomLevel, _ResourceId +| summarize count() by CustomLevel, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/appserviceauditlogs.md b/articles/azure-monitor/reference/queries/appserviceauditlogs.md new file mode 100644 index 0000000000..b2846fb5d9 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appserviceauditlogs.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AppServiceAuditLogs +description: Example queries for AppServiceAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppServiceAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Audit Logs relating to unexpected users + + +List Audit Logs for users who logged in that aren't a listed user. + +```query +// To create an alert for this query, click '+ New alert rule' +AppServiceAuditLogs +| where UserDisplayName != "user@company.com" +``` + diff --git a/articles/azure-monitor/reference/queries/appserviceauthenticationlogs.md b/articles/azure-monitor/reference/queries/appserviceauthenticationlogs.md new file mode 100644 index 0000000000..601892485a --- /dev/null +++ b/articles/azure-monitor/reference/queries/appserviceauthenticationlogs.md @@ -0,0 +1,59 @@ +--- +title: Example log table queries for AppServiceAuthenticationLogs +description: Example queries for AppServiceAuthenticationLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppServiceAuthenticationLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most recent errors from App Service Authentication + + +Lists up to 100 most recent errors from App Service Authentication in selected time range. + +```query +AppServiceAuthenticationLogs +| where TaskName == "MiddlewareError" +| sort by TimeGenerated desc +| take 100 +``` + + + +### Most recent warnings from App Service Authentication + + +Lists up to 100 most recent warnings from App Service Authentication in selected time range. + +```query +AppServiceAuthenticationLogs +| where TaskName == "MiddlewareWarning" +| sort by TimeGenerated desc +| take 100 +``` + + + +### Top 100 most frequent errors and warnings from App Service Authentication + + +Count of top 100 most frequent error and warning messages from App Service Authentication in selected time range, sorted by type (errors shown first), then descending count. + +```query +AppServiceAuthenticationLogs +| where TaskName == "MiddlewareWarning" or TaskName == "MiddlewareError" +| summarize count() by Message, TaskName +| order by TaskName asc, count_ +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/appserviceconsolelogs.md b/articles/azure-monitor/reference/queries/appserviceconsolelogs.md new file mode 100644 index 0000000000..a66b708302 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appserviceconsolelogs.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AppServiceConsoleLogs +description: Example queries for AppServiceConsoleLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppServiceConsoleLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find console logs relating to application startup + + +List console logs that contain the term "starting". + +```query +AppServiceConsoleLogs +| where tolower(ResultDescription) contains "starting" +``` + diff --git a/articles/azure-monitor/reference/queries/appservicefileauditlogs.md b/articles/azure-monitor/reference/queries/appservicefileauditlogs.md new file mode 100644 index 0000000000..2781fe2f52 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appservicefileauditlogs.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AppServiceFileAuditLogs +description: Example queries for AppServiceFileAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppServiceFileAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### File Audit Logs relating to a "Delete" operation + + +List File Audit Logs that has a "Delete" operation. + +```query +// To create an alert for this query, click '+ New alert rule' +AppServiceFileAuditLogs +| where OperationName == "Delete" +``` + diff --git a/articles/azure-monitor/reference/queries/appservicehttplogs.md b/articles/azure-monitor/reference/queries/appservicehttplogs.md new file mode 100644 index 0000000000..c7137a8915 --- /dev/null +++ b/articles/azure-monitor/reference/queries/appservicehttplogs.md @@ -0,0 +1,83 @@ +--- +title: Example log table queries for AppServiceHTTPLogs +description: Example queries for AppServiceHTTPLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AppServiceHTTPLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### App Service Health + + +Time series of App Service Health (over 5 minute intervals). + +```query +AppServiceHTTPLogs +| summarize (count() - countif(ScStatus >= 500)) * 100.0 / count() by bin(TimeGenerated, 5m), _ResourceId +| render timechart +``` + + + +### Failure Categorization + + +Categorize all requests which resulted in 5xx. + +```query +AppServiceHTTPLogs +//| where ResourceId = "MyResourceId" // Uncomment to get results for a specific resource Id when querying over a group of Apps +| where ScStatus >= 500 +| reduce by strcat(CsMethod, ':\\', CsUriStem) +``` + + + +### Response times of requests + + +Avg & 90, 95 and 99 percentile response times (in milliseconds) per App Service. + +```query +AppServiceHTTPLogs +| summarize avg(TimeTaken), percentiles(TimeTaken, 90, 95, 99) by _ResourceId +``` + + + +### Top 5 Clients + + +Top 5 clients which are generating traffic. + +```query +AppServiceHTTPLogs +| top-nested of _ResourceId by dummy=max(0), // Display results for each resource (App) + top-nested 5 of UserAgent by count() +| project-away dummy // Remove dummy line from the result set +``` + + + +### Top 5 Machines + + +Top 5 machines which are generating traffic. + +```query +AppServiceHTTPLogs +| top-nested of _ResourceId by dummy=max(0), // Display results for each resource (App) + top-nested 5 of CIp by count() +| project-away dummy // Remove dummy line from the result set +``` + diff --git a/articles/azure-monitor/reference/queries/ascdeviceevents.md b/articles/azure-monitor/reference/queries/ascdeviceevents.md new file mode 100644 index 0000000000..8d37405d05 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ascdeviceevents.md @@ -0,0 +1,95 @@ +--- +title: Example log table queries for ASCDeviceEvents +description: Example queries for ASCDeviceEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ASCDeviceEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Azure Sphere device authentication and attestation failures + + +A list of Azure Sphere device authentication and attestation failures for the last week, sorted by time. + +```query +ASCDeviceEvents +| where OperationName == "DeviceCertificateEvent" and + Properties.EventType == "DeviceAttestationFailure" or Properties.EventType == "DeviceCertificateEvent" and + ResultType == "Failure" // Filter by time by adding " | where TimeGenerated > ago(7d) " for last 7 days of data or using time picker in the UI +| project TimeGenerated, DeviceId, Properties, ResultDescription, Location +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Azure Sphere device events timeline + + +A sorted timeline of all events generated by an Azure Sphere device during the last week, to monitor and troubleshoot any unexpected failures. + +```query +ASCDeviceEvents +| where OperationName == "DeviceCertificateEvent" or Properties.DeviceTelemetryEventCategory == "AppCrash" // Remove/Add filters to see all/specific events. Filter data by Device by adding " | where DeviceId == "Your Device ID" " +| project TimeGenerated, OperationName, ResultType, ResultDescription, Properties, Location +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Azure Sphere device heartbeat events timechart + + +A timechart of all certificate generation events initiated by Azure Sphere devices over the last week, to continuously monitor device health and see trends. + +```query +let Interval = timespan(1d); // Interval for the Chart +ASCDeviceEvents +| where OperationName == "DeviceCertificateEvent" and + Properties.EventType == "DeviceCertificatesGenerate" and + ResultType == "Success" +| summarize Device_Heartbeat_Events=count() by bin(TimeGenerated, Interval) +| render timechart +``` + + + +### Azure Sphere devices not updated to latest OS + + +A list of Azure Sphere devices that have not been updated to the latest OS version over the last week. + +```query +ASCDeviceEvents +| where OperationName == "DeviceUpdateEvent" and + todouble(Properties.InstalledOSVersion) != todouble(Properties.TargetedOSVersion) // Filter by time by adding " | where TimeGenerated > ago(7d) " for last 7 days of data or using time picker in the UI +| summarize by DeviceId +| limit 100 + +``` + + + +### Azure Sphere device telemetry events summary + + +A piechart summarizing the share of each of the event categories generated by Azure Sphere Devices over the last week, to monitor the overall device health. + +```query +ASCDeviceEvents +| where OperationName == "DeviceTelemetryEvent" // Filter by time by adding " | where TimeGenerated > ago(7d) " for last 7 days of data or using time picker in the UI +| summarize count() by tostring(Properties.DeviceTelemetryEventCategory) +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/asimdnsactivitylogs.md b/articles/azure-monitor/reference/queries/asimdnsactivitylogs.md new file mode 100644 index 0000000000..5579a4e072 --- /dev/null +++ b/articles/azure-monitor/reference/queries/asimdnsactivitylogs.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for ASimDnsActivityLogs +description: Example queries for ASimDnsActivityLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ASimDnsActivityLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count DNS failures for a source by source and type + + +Count the number of failed DNS queries for each source IP address and failure type + +```query +ASimDnsActivityLogs +| where EventType == 'Query' and EventResult == 'Failure' +| summarize count() by SrcIpAddr, EventResultDetails +``` + + + +### Identify excessive query for a nonexistent domain by a source + + +Count the number of queries that return NXDOMAIN, indicating that the queries domain name does not exist, and compares the count to a threshold of 100. + +```query +ASimDnsActivityLogs +| where EventResultDetails == 'NXDOMAIN' +| summarize c=count() by SrcIpAddr +| where c > 100 +``` + diff --git a/articles/azure-monitor/reference/queries/asrjobs.md b/articles/azure-monitor/reference/queries/asrjobs.md new file mode 100644 index 0000000000..f732f750ef --- /dev/null +++ b/articles/azure-monitor/reference/queries/asrjobs.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for ASRJobs +description: Example queries for ASRJobs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ASRJobs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get all test failover jobs run + + +Get all test failover jobs run for your ASR protected items to verify if recoverability is being tested regularly for all your important resources. + +```query +ASRJobs +//| where TimeGenerated >= ago(30d) // uncomment this line to view last 30 days +| summarize arg_max(TimeGenerated,*) by JobUniqueId +| where OperationName == "Test failover" +| project StartTime, EndTime, SourceResourceId, SourceFriendlyName, DurationMs, ResultDescription +``` + diff --git a/articles/azure-monitor/reference/queries/asrreplicateditems.md b/articles/azure-monitor/reference/queries/asrreplicateditems.md new file mode 100644 index 0000000000..67ae3fb769 --- /dev/null +++ b/articles/azure-monitor/reference/queries/asrreplicateditems.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for ASRReplicatedItems +description: Example queries for ASRReplicatedItems log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ASRReplicatedItems table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get replication health status history + + +Get replication health status history for a virtual machine. + +```query +let replicatedItemFriendlyName = ""; +ASRReplicatedItems +//| where TimeGenerated >= ago(30d) // uncomment this line to view last 30 days +//| where _ResourceId == resourceId // uncomment this line and enter resource ID +| where ReplicatedItemFriendlyName == replicatedItemFriendlyName +| project Day=startofday(TimeGenerated), TimeGenerated, ReplicatedItemId, ReplicatedItemFriendlyName, ReplicationStatus +| summarize arg_max(TimeGenerated,*) by Day +``` + diff --git a/articles/azure-monitor/reference/queries/autoscaleevaluationslog.md b/articles/azure-monitor/reference/queries/autoscaleevaluationslog.md new file mode 100644 index 0000000000..6a9bad1fb0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/autoscaleevaluationslog.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AutoscaleEvaluationsLog +description: Example queries for AutoscaleEvaluationsLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AutoscaleEvaluationsLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Review Autoscale evaluations + + +Counts Autoscale evaluations in the last hour. + +```query +AutoscaleEvaluationsLog +| where TimeGenerated > ago(1h) +| summarize count() by ResourceId, Profile, OperationName, EvaluationResult +``` + diff --git a/articles/azure-monitor/reference/queries/autoscalescaleactionslog.md b/articles/azure-monitor/reference/queries/autoscalescaleactionslog.md new file mode 100644 index 0000000000..2e554b079a --- /dev/null +++ b/articles/azure-monitor/reference/queries/autoscalescaleactionslog.md @@ -0,0 +1,56 @@ +--- +title: Example log table queries for AutoscaleScaleActionsLog +description: Example queries for AutoscaleScaleActionsLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AutoscaleScaleActionsLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Display top Autoscale 50 logs + + +Show the latest Azure Autoscale logs in the last 24 hours. + +```query +AutoscaleScaleActionsLog +| where TimeGenerated > ago(24h) +| limit 50 +``` + + + +### Autoscale operation status + + +Lists latest Autoscale operations, scale direction, instance count and it's status. + +```query +AutoscaleScaleActionsLog +| project TimeGenerated, ResourceId, CurrentInstanceCount, NewInstanceCount, ScaleDirection, ResultType +| sort by TimeGenerated desc +``` + + + +### Autoscale failed operations + + +List all reports of failed operations, over the last day. + +```query +// To create an alert for this query, click '+ New alert rule' +AutoscaleScaleActionsLog +| where TimeGenerated > ago(24h) +| where ResultType == "Failed" +``` + diff --git a/articles/azure-monitor/reference/queries/avnmconnectivityconfigurationchange.md b/articles/azure-monitor/reference/queries/avnmconnectivityconfigurationchange.md new file mode 100644 index 0000000000..2515868f2d --- /dev/null +++ b/articles/azure-monitor/reference/queries/avnmconnectivityconfigurationchange.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for AVNMConnectivityConfigurationChange +description: Example queries for AVNMConnectivityConfigurationChange log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AVNMConnectivityConfigurationChange table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Recent connectivity configuration changes + + +List 10 most recent connectivity configuration changes. + +```query +AVNMConnectivityConfigurationChange +| top 10 by TimeGenerated desc +| project TimeGenerated, NetworkResourceIds, AppliedConnectivityConfigurations, ResultType +``` + + + +### Recent failed connectivity configuration changes + + +List 100 most recent failed connectivity configuration changes. + +```query +AVNMConnectivityConfigurationChange +| where ResultType != "Success" +| sort by TimeGenerated desc +| take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/avnmipampoolallocationchange.md b/articles/azure-monitor/reference/queries/avnmipampoolallocationchange.md new file mode 100644 index 0000000000..2081f2220e --- /dev/null +++ b/articles/azure-monitor/reference/queries/avnmipampoolallocationchange.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for AVNMIPAMPoolAllocationChange +description: Example queries for AVNMIPAMPoolAllocationChange log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AVNMIPAMPoolAllocationChange table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### AVNM IPAM pool allocation changes + + +List 10 most recent Azure Virtual Network Manager (AVNM) IPAM pool allocation additions, removals, and updates. Pool allocations include child pools, static cidrs, and resource associations. + +```query +AVNMIPAMPoolAllocationChange +| top 10 by TimeGenerated desc +| project TimeGenerated, ChangeType, ChangeReason, AllocationResources, ResultType +``` + + + +### Failed AVNM IPAM pool allocation changes + + +List 100 most recent failures in Azure Virtual Network Manager (AVNM) IPAM pool allocation additions, removals, and updates. Pool allocations include child pools, static cidrs, and resource associations + +```query +AVNMIPAMPoolAllocationChange +| where ResultType != "Success" +| sort by TimeGenerated desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/avnmnetworkgroupmembershipchange.md b/articles/azure-monitor/reference/queries/avnmnetworkgroupmembershipchange.md new file mode 100644 index 0000000000..fe02052003 --- /dev/null +++ b/articles/azure-monitor/reference/queries/avnmnetworkgroupmembershipchange.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for AVNMNetworkGroupMembershipChange +description: Example queries for AVNMNetworkGroupMembershipChange log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AVNMNetworkGroupMembershipChange table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get recent Network Group Membership changes + + +List 10 most recent Network Group Membership changes. + +```query +//GroupMemberships column would have list of NetworkGroupIds and the respective MembershipDetails(Membership type - Static/Policy and their respective Ids) which NetworkResourceIds are part of. +AVNMNetworkGroupMembershipChange +|top 10 by TimeGenerated desc +|project TimeGenerated, NetworkResourceIds, GroupMemberships, ResultType + +``` + + + +### Failed Network Group Membership Changes + + +List failed Network Group Membership changes. + +```query +AVNMNetworkGroupMembershipChange +|where ResultType != "Success" +|sort by TimeGenerated desc +|take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/avnmrulecollectionchange.md b/articles/azure-monitor/reference/queries/avnmrulecollectionchange.md new file mode 100644 index 0000000000..1e77bf7408 --- /dev/null +++ b/articles/azure-monitor/reference/queries/avnmrulecollectionchange.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for AVNMRuleCollectionChange +description: Example queries for AVNMRuleCollectionChange log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AVNMRuleCollectionChange table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get recent security admin rule collection changes + + +List 10 most recent security admin rule collection changes. + +```query +AVNMRuleCollectionChange +|where OperationName has("securityAdminRuleCollections") +|top 10 by TimeGenerated desc +|project TimeGenerated, NetworkResourceIds, AppliedRuleCollectionIds, ResultType +``` + + + +### Get recent failed security admin rule collection changes + + +List 100 most recent failed security admin rule collection changes. + +```query +AVNMRuleCollectionChange +|where OperationName has("securityAdminRuleCollections") +|where ResultType != "Success" +|sort by TimeGenerated desc +|take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/avssyslog.md b/articles/azure-monitor/reference/queries/avssyslog.md new file mode 100644 index 0000000000..2ca2127d19 --- /dev/null +++ b/articles/azure-monitor/reference/queries/avssyslog.md @@ -0,0 +1,264 @@ +--- +title: Example log table queries for AVSSyslog +description: Example queries for AVSSyslog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AVSSyslog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get DNS failures + + +Gets 100 AVS failed DNS query logs. If you are receiving DNS query failures, check your DNS configuration. + +```query +AVSSyslog +| where AppName == "dnsmasq" // do some initial filtering to optimize 'has' +| where Message has "Failed DNS Query" // filter to only Failed DNS Query messages +| take 100 +``` + + + +### Get distributed Firewall logs + + +Gets 100 AVS distributed firewall logs. + +```query +AVSSyslog +| where AppName == "FIREWALL" or ProcId == "FIREWALL" +| take 100 +``` + + + +### Get audit events for VM created + + +Gets 100 AVS audit events for VM created events. + +```query +AVSSyslog +| where Message has "vmcreatedevent" +| take 100 +``` + + + +### Get audit events for VM deleted + + +Gets 100 AVS audit events for VM deleted events. + +```query +AVSSyslog +| where Message has "vmremovedevent" +| take 100 +``` + + + +### Get audit events for VM powered on + + +Gets 100 AVS audits events for VM powered on events. + +```query +AVSSyslog +| where Message has "VmPowerStateChangedEvent" and Message has "poweredon" +| take 100 +``` + + + +### Get audit events for VM disconnected + + +Gets 100 AVS audit events for VM disconnected events. + +```query +AVSSyslog +| where Message has "vmdisconnectedevent" +| take 100 +``` + + + +### Get audit events for VM rebooted + + +Gets 100 AVS audit events for VM rebooted events. + +```query +AVSSyslog +| where Message has "VmGuestRebootEvent" +| take 100 +``` + + + +### Get audit events for VM migrated + + +Gets 100 AVS audit events for VM migrated events. + +```query +AVSSyslog +| where Message has "vmmigratedevent" +| take 100 +``` + + + +### Get audit events for host added + + +Gets 100 AVS audit events for host added events. + +```query +AVSSyslog +| where Message has "hostaddedevent" +| take 100 +``` + + + +### Get audit events for host shutdown + + +Gets 100 AVS audit events for host shutdown events. + +```query +AVSSyslog +| where Message has "hostshutdownevent" +| take 100 +``` + + + +### Get audit events for host enter maintenance mode + + +Gets 100 AVS audit events for host enter maintenance mode events. + +```query +AVSSyslog +| where Message has "The host has entered maintenance mode" +| take 100 +``` + + + +### Get audit events for host exit maintenance mode + + +Gets 100 AVS audit events for host exit maintenance mode events. + +```query +AVSSyslog +| where Message has "The host has exited maintenance mode" +| take 100 +``` + + + +### Get audit events for host connected + + +Gets 100 AVS audit events for host connected events. + +```query +AVSSyslog +| where Message has "hostconnectedevent" +| take 100 +``` + + + +### Get audit events for host connection lost + + +Gets 100 AVS audit events for host connections lost events. + +```query +AVSSyslog +| where Message has "lost connection to the host" +| take 100 +``` + + + +### Get audit events for cluster + + +Gets 100 AVS audit events for cluster events. + +```query +AVSSyslog +| where Message has "cluster" and Message has "event" +| take 100 +``` + + + +### Get audit events count for NSX + + +Gets the AVS audit events count for NSX. + +```query +AVSSyslog +| where Message has "nsx" and Message has "event" +| count +``` + + + +### Get audit events count for vCenter + + +Gets the AVS audit events count for vCenter events. + +```query +AVSSyslog +| where Message has "vcenter" and Message has "event" +| count +``` + + + +### Get audit events for role added + + +Gets 100 AVS audit events for role added events. + +```query +AVSSyslog +| where Message has "RoleAddedEvent" +| take 100 +``` + + + +### Get AVS events with severity of Info + + +Gets 100 AVS events by severity level equals Info. Swap it out with other severity level (Notice, Debug, Warning, Error) to get similar. + +```query +AVSSyslog +| where severity == "info" +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/awscloudtrail.md b/articles/azure-monitor/reference/queries/awscloudtrail.md new file mode 100644 index 0000000000..19f66c328d --- /dev/null +++ b/articles/azure-monitor/reference/queries/awscloudtrail.md @@ -0,0 +1,70 @@ +--- +title: Example log table queries for AWSCloudTrail +description: Example queries for AWSCloudTrail log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AWSCloudTrail table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### New users per region + + +Returns count of created users per region. + +```query +AWSCloudTrail +| where EventName == "CreateUser" +| summarize count() by AWSRegion +``` + + + +### All AWS CloudTrail events + + +Lists all AWS cloud trail events. + +```query +AWSCloudTrail +| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements, SessionIssuerUserName +``` + + + +### AWSCT for user + + +AWS activity for a user. + +```query +// Set v_sessionissuerusername and v_userpid with the details of the user of interest +let v_sessionissuerusername ="abc";let v_userpid ="AIDxXxXxXxXxXxX"; +AWSCloudTrail +| where SessionIssuerUserName == v_sessionissuerusername or UserIdentityPrincipalid ==v_userpid +| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements, SessionIssuerUserName +``` + + + +### AWS console sign in + + +Lists AWS signin events. + +```query +AWSCloudTrail +| where EventName =~ "ConsoleLogin" +| extend MFAUsed = tostring(parse_json(AdditionalEventData).MFAUsed), LoginResult = tostring(parse_json(ResponseElements).ConsoleLogin) +| summarize Count=count() by UserIdentityAccountId, UserIdentityUserName, MFAUsed, LoginResult +``` + diff --git a/articles/azure-monitor/reference/queries/awsguardduty.md b/articles/azure-monitor/reference/queries/awsguardduty.md new file mode 100644 index 0000000000..3408f3627b --- /dev/null +++ b/articles/azure-monitor/reference/queries/awsguardduty.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for AWSGuardDuty +description: Example queries for AWSGuardDuty log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AWSGuardDuty table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### High severity findings + + +Returns high severity findings summarize by activity type. + +```query +AWSGuardDuty +| where Severity > 7 +| summarize count() by ActivityType +``` + diff --git a/articles/azure-monitor/reference/queries/awsvpcflow.md b/articles/azure-monitor/reference/queries/awsvpcflow.md new file mode 100644 index 0000000000..33f3063398 --- /dev/null +++ b/articles/azure-monitor/reference/queries/awsvpcflow.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for AWSVPCFlow +description: Example queries for AWSVPCFlow log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AWSVPCFlow table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Rejected IPv4 actions + + +Returns 10 rejected actions of type IPv4. + +```query +AWSVPCFlow +| where Action == "REJECT" +| where Type == "IPv4" +| take 10 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwapplicationrule.md b/articles/azure-monitor/reference/queries/azfwapplicationrule.md new file mode 100644 index 0000000000..d2d56ce953 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwapplicationrule.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for AZFWApplicationRule +description: Example queries for AZFWApplicationRule log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWApplicationRule table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Application rule logs + + +Connections that matched Application rules. HTTP, HTTPS and MSSQL are supported. Both connection and rule metadata is displayed. + +```query +AZFWApplicationRule +| take 100 + +``` + + + +### All firewall decisions + + +All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits. + +```query +AZFWNetworkRule +| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwdnsquery.md b/articles/azure-monitor/reference/queries/azfwdnsquery.md new file mode 100644 index 0000000000..b137f3670d --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwdnsquery.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AZFWDnsQuery +description: Example queries for AZFWDnsQuery log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWDnsQuery table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### DNS proxy logs + + +DNS Proxy events. These logs are only available when DNS Proxy is enabled. + +```query +AZFWDnsQuery +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwfatflow.md b/articles/azure-monitor/reference/queries/azfwfatflow.md new file mode 100644 index 0000000000..c2d9060a9d --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwfatflow.md @@ -0,0 +1,32 @@ +--- +title: Example log table queries for AZFWFatFlow +description: Example queries for AZFWFatFlow log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWFatFlow table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Azure Firewall Top Flow Logs + + +Identify top flows across Azure Firewall instances. Log contains flow information, date transmission rate (in Megabits per second units) and the time period when the flows were recorded. + +```query +// Get the fatflows from past 1000 samples with rate atleast 5 mbps +AZFWFatFlow +| take 1000 +| order by TimeGenerated desc +| where FlowRate > 5 + +``` + diff --git a/articles/azure-monitor/reference/queries/azfwflowtrace.md b/articles/azure-monitor/reference/queries/azfwflowtrace.md new file mode 100644 index 0000000000..0a94374231 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwflowtrace.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AZFWFlowTrace +description: Example queries for AZFWFlowTrace log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWFlowTrace table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Azure Firewall flow trace logs + + +Identify flow traces across Azure Firewall instances. Log contains flow information, flags and the time period when the flows were recorded. + +```query +AZFWFlowTrace +| where Flag == "INVALID" +| order by TimeGenerated desc +| take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/azfwidpssignature.md b/articles/azure-monitor/reference/queries/azfwidpssignature.md new file mode 100644 index 0000000000..98b03ae96d --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwidpssignature.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for AZFWIdpsSignature +description: Example queries for AZFWIdpsSignature log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWIdpsSignature table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### IDPS event logs + + +IDPS events. These logs are only available when IDPS is enabled. + +```query +AZFWIdpsSignature +| take 100 + +``` + + + +### All firewall decisions + + +All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits. + +```query +AZFWNetworkRule +| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwinternalfqdnresolutionfailure.md b/articles/azure-monitor/reference/queries/azfwinternalfqdnresolutionfailure.md new file mode 100644 index 0000000000..0c9f0e6a43 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwinternalfqdnresolutionfailure.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for AZFWInternalFqdnResolutionFailure +description: Example queries for AZFWInternalFqdnResolutionFailure log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWInternalFqdnResolutionFailure table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Internal FQDN resolution failures + + +Failures encountered when firewall is unable to resolve a FQDN for a rule. + +```query +AZFWInternalFqdnResolutionFailure +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwnatrule.md b/articles/azure-monitor/reference/queries/azfwnatrule.md new file mode 100644 index 0000000000..8549fadbfb --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwnatrule.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for AZFWNatRule +description: Example queries for AZFWNatRule log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWNatRule table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### DNAT rule logs + + +Connections which were redirected to a client behind the firewall's NAT rules. + +```query +AZFWNatRule +| take 100 +``` + + + +### All firewall decisions + + +All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits. + +```query +AZFWNetworkRule +| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwnetworkrule.md b/articles/azure-monitor/reference/queries/azfwnetworkrule.md new file mode 100644 index 0000000000..e069109bef --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwnetworkrule.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for AZFWNetworkRule +description: Example queries for AZFWNetworkRule log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWNetworkRule table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Network rule logs + + +Packets that matched Network rules. Both packet and rule metadata is displayed. + +```query +AZFWNetworkRule +| take 100 +``` + + + +### All firewall decisions + + +All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits. + +```query +AZFWNetworkRule +| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azfwthreatintel.md b/articles/azure-monitor/reference/queries/azfwthreatintel.md new file mode 100644 index 0000000000..fff973fe1e --- /dev/null +++ b/articles/azure-monitor/reference/queries/azfwthreatintel.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for AZFWThreatIntel +description: Example queries for AZFWThreatIntel log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZFWThreatIntel table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Threat intelligence logs + + +Threat intelligence events recognized by the firewall. + +```query +AZFWThreatIntel +| take 100 +``` + + + +### All firewall decisions + + +All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits. + +```query +AZFWNetworkRule +| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azkvauditlogs.md b/articles/azure-monitor/reference/queries/azkvauditlogs.md new file mode 100644 index 0000000000..908c581335 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azkvauditlogs.md @@ -0,0 +1,100 @@ +--- +title: Example log table queries for AZKVAuditLogs +description: Example queries for AZKVAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZKVAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Are there any failures? + + +Count of failed keyvault requests by status code. + +```query +AZKVAuditLogs +| where HttpStatusCode >= 300 and not(OperationName == "Authentication" and HttpStatusCode == 401) +| summarize count() by RequestUri, ResultSignature, _ResourceId +``` + + + +### Are there any slow requests? + + +List of keyvault requests taking longer than 1 second. + +```query +let threshold=1000; +AZKVAuditLogs +| where DurationMs > threshold +| summarize count() by OperationName, _ResourceId + +``` + + + +### How active has this KeyVault been? + + +Line chart showing trend of KeyVault requests volume, per operation over time. + +```query +AZKVAuditLogs +| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour +| render timechart + +``` + + + +### How fast is this KeyVault serving requests? + + +Line chart showing trend of request duration over time using different aggregations. + +```query +AZKVAuditLogs +| summarize avg(DurationMs) by RequestUri, bin(TimeGenerated, 1h) // requestUri_s contains the URI of the request +| render timechart + +``` + + + +### What changes occurred last month? + + +Lists all update and patch requests from the last 30 days. + +```query +AZKVAuditLogs +| where TimeGenerated > ago(30d) +| where OperationName == "VaultPut" or OperationName == "VaultPatch" +| sort by TimeGenerated desc + +``` + + + +### Who is calling this KeyVault? + + +List of callers identified by their IP address with their request count. + +```query +AZKVAuditLogs +| summarize count() by CallerIpAddress + +``` + diff --git a/articles/azure-monitor/reference/queries/azmsdiagnosticerrorlogs.md b/articles/azure-monitor/reference/queries/azmsdiagnosticerrorlogs.md new file mode 100644 index 0000000000..619a8884bf --- /dev/null +++ b/articles/azure-monitor/reference/queries/azmsdiagnosticerrorlogs.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for AZMSDiagnosticErrorLogs +description: Example queries for AZMSDiagnosticErrorLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZMSDiagnosticErrorLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Publish detailed error logs + + +Publish detailed error logs for diagnostics. + +```query +AZMSDiagnosticErrorLogs +| where Provider =~ "EventHub" +| project ActivityName, _ResourceId, OperationResult,ErrorMessage +| summarize by ActivityName +``` + + + +### Publish detailed error logs + + +Publish detailed error logs for diagnostics. + +```query +AZMSDiagnosticErrorLogs +| where Provider =~ "ServiceBus" +| project ActivityName, _ResourceId, OperationResult,ErrorMessage +| summarize by ActivityName +``` + diff --git a/articles/azure-monitor/reference/queries/azmshybridconnectionsevents.md b/articles/azure-monitor/reference/queries/azmshybridconnectionsevents.md new file mode 100644 index 0000000000..6eaf918c58 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azmshybridconnectionsevents.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for AZMSHybridConnectionsEvents +description: Example queries for AZMSHybridConnectionsEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZMSHybridConnectionsEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Publish HTTP send data for hybrid connection + + +Publish details for send events on a hybrid connection. + +```query +//Endpoint needs to be replaced with client specific endpoint. +AZMSHybridConnectionsEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where OperationName == "Microsoft.Relay/HybridConnections/SenderSentHttpRequest" +| where Endpoint contains "shamavijay-relay-hybconn" +| project NamespaceName, TaskName, Message, OperationName +| summarize by NamespaceName, TaskName +``` + diff --git a/articles/azure-monitor/reference/queries/azmsoperationallogs.md b/articles/azure-monitor/reference/queries/azmsoperationallogs.md new file mode 100644 index 0000000000..a17f3f1cf7 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azmsoperationallogs.md @@ -0,0 +1,128 @@ +--- +title: Example log table queries for AZMSOperationalLogs +description: Example queries for AZMSOperationalLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZMSOperationalLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Publish success data for topics + + +Publish success data for topics for OperationLogs. + +```query +AZMSOperationalLogs +| extend TopicName = tostring(split(_ResourceId, "/")[10]) +| where Provider =~ "EventHub" +| where isnotnull(TopicName) and Status == "Succeeded" +| project TopicName, _ResourceId, EventName, Status, Caller, _SubscriptionId +| summarize by TopicName, EventName +``` + + + +### Publish failures for subscription + + +Publish management action failures for subscription. + +```query +AZMSOperationalLogs +| extend SubInfo = _SubscriptionId +| where Provider =~ "EventHub" +| where isnotnull(SubInfo) and Status != "Succeeded" +| project SubInfo, _ResourceId, EventName, Status, Caller +| summarize by SubInfo, EventName +``` + + + +### Publish failures for namespace + + +Publish management action failures for namespace. + +```query +AZMSOperationalLogs +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| where isnotnull(NamespaceName) and Status != "Succeeded" +| project NamespaceName, _ResourceId, EventName, Status, Caller, _SubscriptionId +| summarize by NamespaceName, EventName +``` + + + +### Publish success data for topics + + +Publish success data for topics on CRUD Operations in Server Bus. + +```query +AZMSOperationalLogs +| extend TopicName = tostring(split(_ResourceId, "/")[10]) +| where Provider =~ "ServiceBus" +| where isnotnull(TopicName) and Status == "Succeeded" +| project TopicName, _ResourceId, EventName, Status, Caller, _SubscriptionId +| summarize by TopicName, EventName +``` + + + +### Publish failures for Topics + + +Publish management action failures for topics. + +```query +AZMSOperationalLogs +| extend TopicName = tostring(split(_ResourceId, "/")[10]) +| where Provider =~ "ServiceBus" +| where isnotnull(TopicName) and Status != "Succeeded" +| project TopicName, _ResourceId, EventName, Status, Caller, SubscriptionId +| summarize by TopicName, EventName +``` + + + +### Publish failures for subscription + + +Publish management action failures for subscription. + +```query +AZMSOperationalLogs +| extend SubInfo = _SubscriptionId +| where Provider =~ "ServiceBus" +| where isnotnull(SubInfo) and Status != "Succeeded" +| project SubInfo, _ResourceId, EventName, Status, Caller +| summarize by SubInfo, EventName +``` + + + +### Publish failures for namespace + + +Publish management action failures for namespace. + +```query +AZMSOperationalLogs +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| where isnotnull(NamespaceName) and Status != "Succeeded" +| project NamespaceName, _ResourceId, EventName, Status, Caller, _SubscriptionId +| summarize by NamespaceName, EventName +``` + diff --git a/articles/azure-monitor/reference/queries/azmsruntimeauditlogs.md b/articles/azure-monitor/reference/queries/azmsruntimeauditlogs.md new file mode 100644 index 0000000000..843d020501 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azmsruntimeauditlogs.md @@ -0,0 +1,188 @@ +--- +title: Example log table queries for AZMSRunTimeAuditLogs +description: Example queries for AZMSRunTimeAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZMSRunTimeAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Publish successful connection for AMQP protocol + + +Publish runtime successful connection for Advanced Message Queuing Protocol(AMQP). + +```query +AZMSRunTimeAuditLogs +| where Provider =~ "EventHub" +| where Protocol == "AMQP" and Status == "Success" +| project ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by ActivityName +``` + + + +### Publish failed AAD logs + + +Publish the failed entries for AAD auth. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "AAD" and Status != "Success" +| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, AuthKey, ActivityName +``` + + + +### Publish failed SAS logs + + +Publish the failed entries for SAS auth. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "SAS" and Status != "Success" +| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, AuthKey, ActivityName +``` + + + +### Publish failure for send message + + +Publish the runtime failure for send message event. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| where isnotnull(NamespaceInfo) and Status != "Success" and ActivityName == "SendMessage" +| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, ActivityName +``` + + + +### Publish failure for Namespace + + +Publish the runtime failure for multiple namespaces. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| where isnotnull(NamespaceInfo) and Status != "Success" +| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, ActivityName +``` + + + +### [Classic] Errors in the last 7 days + + +This lists all the errors for the last 7 days. + +```query +AzureDiagnostics +| where ResourceProvider ==\"MICROSOFT.EVENTHUB\" +| where Category == \"OperationalLogs\" +| summarize count() by \"EventName\", _ResourceId +``` + + + +### Publish successful connection for AMQP protocol + + +Publish runtime successful connection for Advanced Message Queuing Protocol(AMQP). + +```query +AZMSRunTimeAuditLogs +| where Provider =~ "ServiceBus" +| where Protocol == "AMQP" and Status == "Success" +| project ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by ActivityName +``` + + + +### Publish failures for send message + + +Publish the runtime failures for send message event. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| where isnotnull(NamespaceInfo) and Status != "Success" and ActivityName == "SendMessage" +| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, ActivityName +``` + + + +### Publish failure for namespace + + +Publish the runtime failure for multiple namespaces. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| where isnotnull(NamespaceInfo) and Status != "Success" +| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, ActivityName +``` + + + +### Publish failed AAD logs + + +Publish the failed entries for AAD authorization. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "AAD" and Status != "Success" +| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, AuthKey, ActivityName +``` + + + +### Publish failed SAS logs + + +Publish the failed entries for SAS authorization. + +```query +AZMSRunTimeAuditLogs +| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "SAS" and Status != "Success" +| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId +| summarize by NamespaceInfo, AuthKey, ActivityName +``` + diff --git a/articles/azure-monitor/reference/queries/azmsvnetconnectionevents.md b/articles/azure-monitor/reference/queries/azmsvnetconnectionevents.md new file mode 100644 index 0000000000..da0dd36a1f --- /dev/null +++ b/articles/azure-monitor/reference/queries/azmsvnetconnectionevents.md @@ -0,0 +1,109 @@ +--- +title: Example log table queries for AZMSVnetConnectionEvents +description: Example queries for AZMSVnetConnectionEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AZMSVnetConnectionEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Publish deny connection by namespace + + +Publish deny connection by namespace on network data. + +```query +AZMSVnetConnectionEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| where Action == "Deny Connection" +| project Action, _SubscriptionId, NamespaceName, AddressIp, Reason, Count +| summarize by Action, NamespaceName +``` + + + +### Publish namespace vnet data + + +Publish vnet data for namespace by action status. + +```query +AZMSVnetConnectionEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "EventHub" +| project Action, _SubscriptionId, NamespaceName, AddressIp, Reason, Count, _ResourceId +| summarize by NamespaceName, Action +``` + + + +### Publish deny connection by namespace + + +Publish deny network connection information by namespace. + +```query +AZMSVNetConnectionEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "Relay" +| where Action == "Deny Connection" +| project Action, _SubscriptionId, NamespaceName, AddressIp, Reason, Count +| summarize by Action, NamespaceName +``` + + + +### Publish virtual network events by namespace + + +Publish virtual network events with outcome for namespace. + +```query +AZMSVNetConnectionEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "Relay" +| project Action, _SubscriptionId, NamespaceName, AddressIp, Reason, Count, _ResourceId +| summarize by NamespaceName, Action +``` + + + +### Publish deny connection by namespace + + +Publish deny network connection information by namespace. + +```query +AZMSVNetConnectionEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| where Action == "Deny Connection" +| project Action, _SubscriptionId, NamespaceName, AddressIp, Reason, Count +| summarize by Action, NamespaceName +``` + + + +### Publish virtual network events by namespace + + +Publish virtual network events with outcome for namespace. + +```query +AZMSVNetConnectionEvents +| extend NamespaceName = tostring(split(_ResourceId, "/")[8]) +| where Provider =~ "ServiceBus" +| project Action, _SubscriptionId, NamespaceName, AddressIp, Reason, Count, _ResourceId +| summarize by NamespaceName, Action +``` + diff --git a/articles/azure-monitor/reference/queries/azureactivity.md b/articles/azure-monitor/reference/queries/azureactivity.md new file mode 100644 index 0000000000..8fd753c463 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azureactivity.md @@ -0,0 +1,289 @@ +--- +title: Example log table queries for AzureActivity +description: Example queries for AzureActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AzureActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### [Classic] Find In AzureActivity + + +[Classic] Find in AzureActivity to search for a specific value in the AzureActivity table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +AzureActivity +| where ResourceProvider == "MICROSOFT.KEYVAULT" +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +### Shut down Virtual Machines + + +Virtual Machines successfully shut down in the last 10 minutes. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureActivity +| where TimeGenerated > ago(10m) +| where OperationName == "Deallocate Virtual Machine" and ActivityStatus == "Succeeded" + +``` + + + +### Latest 50 logs + + +Show the latest Azure Activity logs for this resource. + +```query +AzureActivity +| top 50 by TimeGenerated desc +``` + + + +### Operations' status + + +Show the latest Azure activity log for each operation. + +```query +AzureActivity +| summarize arg_max(TimeGenerated, *) by OperationName +``` + + + +### Recent Azure Activity logs + + +Display all Azure Activity logs from the last hour. + +```query +AzureActivity +| where Level == "Error" or Level == "Warning" +| project TimeGenerated, Level, ResourceProvider, ActivityStatus, Caller, Category, Properties, CorrelationId +``` + + + +### Failed operations + + +List all reports of failed operations, over the past hour. + +```query +AzureActivity +| where TimeGenerated > ago(1h) +| where ActivityStatus == "Failed" +``` + + + +### Resources creation + + +List created Azure resources. Can be useful for monitoring and alerts. + +```query +AzureActivity +| where OperationNameValue has "Microsoft.Resources/deployments/write" +| where CategoryValue == "Administrative" +| where ActivityStatusValue == "Success" +| project Caller, TimeGenerated, _ResourceId + +``` + + + +### Find In AzureActivity + + +Find in AzureActivity to search for a specific value in the AzureActivity table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +AzureActivity +| where ResourceProvider == "Microsoft.ContainerService" +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +### Show logs from AzureActivity table + + +Lists the latest logs in AzureActivity table, sorted by time (latest first). + +```query +AzureActivity +| top 10 by TimeGenerated +``` + + + +### Show logs from AzureActivity table + + +Lists the latest logs in AzureActivity table, sorted by time (latest first). + +```query +AzureActivity +| top 10 by TimeGenerated +``` + + + +### Display top 50 Activity log events + + +Display top 50 Activity log events. + +```query +AzureActivity +| project TimeGenerated, SubscriptionId, ResourceGroup,ResourceProviderValue,OperationNameValue,CategoryValue,CorrelationId,ActivityStatusValue, ActivitySubstatusValue, Properties_d, Caller +| top 50 by TimeGenerated +``` + + + +### Display Activity log Administrative events + + +Displays Activity log for Administrative category. + +```query +AzureActivity +| where CategoryValue == "Administrative" +| order by TimeGenerated desc +``` + + + +### VM creation + + +This query displays results of when a VM is created. + +```query +AzureActivity +| where TimeGenerated >= ago(1d) +| where OperationNameValue == "MICROSOFT.COMPUTE/VIRTUALMACHINES/WRITE" and ActivityStatusValue == "Start" +| where Authorization_d.action == "Microsoft.Compute/virtualMachines/write" +| project OperationNameValue, ActivityStatusValue, VM_Name=Properties_d.resource, ResourceGroup, SubscriptionId, Created_By=Caller +``` + + + +### Display Activity log events generated from Policy + + +Display top 100 records of all effect action operations performed by Azure Policy. + +```query +AzureActivity +| project TimeGenerated, SubscriptionId, ResourceProviderValue, OperationNameValue, Caller, CategoryValue, CorrelationId, ActivityStatusValue, Properties_d +| where OperationNameValue has "audit" +| top 100 by TimeGenerated desc +``` + + + +### List callers and their associated action in last 48 hours + + +List callers and their associated action in last 48 hours. + +```query +AzureActivity +| where TimeGenerated > ago(2d) +| project Caller, OperationNameValue, ActivityStatusValue, CategoryValue +| where Caller has "@" +``` + + + +### All Azure Activity + + +The query presents all AzureActivity events. + +```query +AzureActivity +| project TimeGenerated, Caller, OperationName, ActivityStatus, _ResourceId +``` + + + +### Azure Activity for user + + +Show the user's activity over Azure Activity. + +```query +// Replace the UPN in the query with the UPN of the user of interest +let v_Users_UPN= "osotnoc@contoso.com"; +AzureActivity +| where Caller == v_Users_UPN +| project TimeGenerated, Caller, OperationName, ActivityStatus +``` + + + +### Successful key enumaration + + +Lists users who performed key enumeration, and their location. + +```query +AzureActivity +| where OperationName == "List Storage Account Keys" +| where ActivityStatus == "Succeeded" +| project TimeGenerated, Caller, CallerIpAddress, OperationName +``` + + + +### Network Access JIT initiation + + +Lists the initiation of JIT network access permissions. + +```query +AzureActivity +| where OperationName == "Initiate JIT Network Access Policy" +| where ActivityStatus == "Started" +``` + + + +### Azure Activity operation statistics + + +Statistics of operations over Azure Activity. + +```query +AzureActivity +| summarize Count=count() by OperationName, _ResourceId +| sort by Count desc nulls last +``` + diff --git a/articles/azure-monitor/reference/queries/azureattestationdiagnostics.md b/articles/azure-monitor/reference/queries/azureattestationdiagnostics.md new file mode 100644 index 0000000000..509533dcf2 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azureattestationdiagnostics.md @@ -0,0 +1,133 @@ +--- +title: Example log table queries for AzureAttestationDiagnostics +description: Example queries for AzureAttestationDiagnostics log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AzureAttestationDiagnostics table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Are there any authorization failures? + + +Count of Attestation provider requests which failed authorization. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureAttestationDiagnostics +| where toint(ResultSignature) == 403 +| summarize count() by ResourceUri, ResultSignature, _ResourceId +// ResultSignature contains HTTP status code returned by the request, (e.g. 200, 300, 401, etc.) +// ResourceUri contains the URI of the request +``` + + + +### Are there any slow requests? + + +List of Attestation provider requests that took longer than 1 second. + +```query +// To create an alert for this query, click '+ New alert rule' +let threshold=1000; // let operator defines a constant that can be further used in the query +AzureAttestationDiagnostics +| where DurationMs > threshold +| summarize count() by OperationName, _ResourceId +``` + + + +### How active has this Attestation provider been? + + +Line chart showing trend of Attestation provider requests volume, per operation over time. + +```query +AzureAttestationDiagnostics +| where TimeGenerated > ago(1d) +| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour +| render timechart +``` + + + +### Who is calling this attestation provider? + + +List of callers identified by their IP address and AAD UPN with their request count. + +```query +AzureAttestationDiagnostics +| summarize count() by CallerIpAddress, tostring(Identity.callerAadUPN) +``` + + + +### Have there been any changes to attestation policy? + + +List of successful Attestation provider requests to change the attestation policy or policy signing certificates. + +```query +// To create an alert for this query, click '+ New alert rule' +let policyOperations = pack_array( + "AddPolicyCertificate", + "AddPolicyManagementCertificate", + "AddPolicyManagementCertificates", + "RemovePolicyCertificate", + "RemovePolicyManagementCertificate", + "RemovePolicyManagementCertificates", + "ResetAttestationPolicy", + "SetCurrentPolicy", + "SetCurrentPolicyWithHttpMessagesAsync", + "SetEffectiveAttestationPolicy", + "DeleteCurrentPolicy", + "DeletePolicy" +); +AzureAttestationDiagnostics +| where toint(ResultSignature) == 200 +| where policyOperations contains OperationName +| take 100 +``` + + + +### Have there been any errors attempting to configure the attestation policy? + + +List of any errors attempting to configure the attestation policy or policy signing certificates. + +```query +// To create an alert for this query, click '+ New alert rule' +let policyOperations = pack_array( + "AddPolicyCertificate", + "AddPolicyManagementCertificate", + "AddPolicyManagementCertificates", + "PrepareToSetPolicy", + "PrepareToUpdatePolicy", + "RemovePolicyCertificate", + "RemovePolicyManagementCertificate", + "RemovePolicyManagementCertificates", + "ResetAttestationPolicy", + "SetCurrentPolicy", + "SetCurrentPolicyWithHttpMessagesAsync", + "SetEffectiveAttestationPolicy", + "DeleteCurrentPolicy", + "DeletePolicy" +); +AzureAttestationDiagnostics +| where toint(ResultSignature) >= 300 +| where policyOperations contains OperationName +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/azurebackupoperations.md b/articles/azure-monitor/reference/queries/azurebackupoperations.md new file mode 100644 index 0000000000..d8f9af8d72 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azurebackupoperations.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for AzureBackupOperations +description: Example queries for AzureBackupOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AzureBackupOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get all backup operations + + +Get all backup operations for change passphrase. + +```query +AzureBackupOperations +//| where TimeGenerated >= ago(30d) // uncomment this line to view last 30 days +| where OperationType == "ChangePassphrase" +| project TimeGenerated, OperationType, OperationStartTime, ExtendedProperties, BackupManagementType +| limit 10 +``` + diff --git a/articles/azure-monitor/reference/queries/azurediagnostics.md b/articles/azure-monitor/reference/queries/azurediagnostics.md new file mode 100644 index 0000000000..653cb6ea2d --- /dev/null +++ b/articles/azure-monitor/reference/queries/azurediagnostics.md @@ -0,0 +1,2438 @@ +--- +title: Example log table queries for AzureDiagnostics +description: Example queries for AzureDiagnostics log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AzureDiagnostics table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +## Queries for microsoft.automation + +### Errors in automation jobs + +Find logs reporting errors in automation jobs from the last day. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.AUTOMATION" +| where StreamType_s == "Error" +| project TimeGenerated, Category, JobId_g, OperationName, RunbookName_s, ResultDescription +``` + + + + +### Find logs reporting errors in automation jobs from the last day + +List all the errors in the automation jobs. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.AUTOMATION" +| where StreamType_s == "Error" +| project TimeGenerated, Category, JobId_g, OperationName, RunbookName_s, ResultDescription, _ResourceId +``` + + + + +### Azure Automation jobs that are failed, suspended, or stopped + +List all the automation jobs that failed , suspended or stopped. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Stopped" or ResultType == "Suspended") +| project TimeGenerated , RunbookName_s , ResultType , _ResourceId , JobId_g +``` + + + + +### Runbook completed successfully with errors + +List all jobs that completed with errors. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" +| project TimeGenerated , RunbookName_s , StreamType_s , _ResourceId , ResultDescription , JobId_g +``` + + + + +### View historical job status + +List all automation jobs. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and ResultType != "started" +| summarize AggregatedValue = count() by ResultType, bin(TimeGenerated, 1h) , RunbookName_s , JobId_g, _ResourceId +``` + + + + +### Azure Automation jobs that are Completed + +List all automation jobs that got completed. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and ResultType == "Completed" +| project TimeGenerated , RunbookName_s , ResultType , _ResourceId , JobId_g +``` + + + +## Queries for microsoft.batch + +### Successful tasks per job + +Provides the number of successful tasks per job. + +```query +AzureDiagnostics +| where OperationName=="TaskCompleteEvent" +| where executionInfo_exitCode_d==0 // Your application may use an exit code other than 0 to denote a successful operation +| summarize successfulTasks=count(id_s) by jobId=jobId_s +``` + + + + +### Failed tasks per job + +Lists failed tasks by parent job. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where OperationName=="TaskFailEvent" +| summarize failedTaskList=make_list(id_s) by jobId=jobId_s, ResourceId +``` + + + + +### Task durations + +Gives the elapsed time of tasks in seconds, from task start to task complete. + +```query +AzureDiagnostics +| where OperationName=="TaskCompleteEvent" +| extend taskId=id_s, ElapsedTime=datetime_diff('second', executionInfo_endTime_t, executionInfo_startTime_t) // For longer running tasks, consider changing 'second' to 'minute' or 'hour' +| summarize taskList=make_list(taskId) by ElapsedTime +``` + + + + +### Pool resizes + +List resize times by pool and result code (success or failure). + +```query +AzureDiagnostics +| where OperationName=="PoolResizeCompleteEvent" +| summarize operationTimes=make_list(startTime_s) by poolName=id_s, resultCode=resultCode_s +``` + + + + +### Pool resize failures + +List pool resize failures by error code and time. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where OperationName=="PoolResizeCompleteEvent" +| where resultCode_s=="Failure" // Filter only on failed pool resizes +| summarize by poolName=id_s, resultCode=resultCode_s, resultMessage=resultMessage_s, operationTime=startTime_s, ResourceId +``` + + + +## Queries for microsoft.cdn + +### [Microsoft CDN (classic)] Requests per hour + +Render line chart showing total request per hour. + +```query +// Summarize number of requests per hour +// Change bins resolution from 1hr to 5m to get real time results) +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write" and Category == "AzureCdnAccessLog" +| where isReceivedFromClient_b == "true" +| summarize RequestCount = count() by bin(TimeGenerated, 1h), Resource, _ResourceId +| render timechart +``` + + + + +### [Microsoft CDN (classic)] Traffic by URL + +Show egress from CDN edge by URL. + +```query +// Change bins resolution from 1 hour to 5 minutes to get real time results) +// CDN edge response traffic by URL +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write" and Category == "AzureCdnAccessLog" +| where isReceivedFromClient_b == true +| summarize ResponseBytes = sum(toint(responseBytes_s)) by requestUri_s +``` + + + + +### [Microsoft CDN (classic)] 4XX error rate by URL + +Show 4XX error rate by URL. + +```query +// Request errors rate by URL +// Count number of requests with error responses by URL. +// Summarize number of requests by URL, and status codes are 4XX +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write" and Category == "AzureCdnAccessLog" and isReceivedFromClient_b == true +| extend Is4XX = (toint(httpStatusCode_s ) >= 400 and toint(httpStatusCode_s ) < 500) +| summarize 4xxrate = (1.0 * countif(Is4XX) / count()) * 100 by requestUri_s, bin(TimeGenerated, 1h), _ResourceId +``` + + + + +### [Microsoft CDN (classic)] Request errors by user agent + +Count number of requests with error responses by user agent. + +```query +// Summarize number of requests per user agent and status codes >= 400 +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write" and Category == "AzureCdnAccessLog" +| where isReceivedFromClient_b == true +| where toint(httpStatusCode_s) >= 400 +| summarize RequestCount = count() by UserAgent = userAgent_s, StatusCode = httpStatusCode_s , Resource, _ResourceId +| order by RequestCount desc +``` + + + + +### [Microsoft CDN (classic)] Top 10 URL request count + +Show top 10 URLs by request count. + +```query +// top URLs by request count +// Render line chart showing total requests per hour . +// Summarize number of requests per hour +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write" and Category == "AzureCdnAccessLog" +| where isReceivedFromClient_b == true +| summarize UserRequestCount = count() by requestUri_s +| order by UserRequestCount +| limit 10 +``` + + + + +### [Microsoft CDN (classic)] Unique IP request count + +Show Unique IP request count. + +```query +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write"and Category == "AzureCdnAccessLog" +| where isReceivedFromClient_b == true +| summarize dcount(clientIp_s) by bin(TimeGenerated, 1h) +| render timechart +``` + + + + +### [Microsoft CDN (classic)] Top 10 client IPs and HTTP versions + +Show top 10 client IPs and http versions. + +```query +// Top 10 client IPs and http versions +// Show top 10 client IPs and http versions. +// Summarize top 10 client ips and http versions +AzureDiagnostics +| where OperationName == "Microsoft.Cdn/Profiles/AccessLog/Write" and Category == "AzureCdnAccessLog" +| where isReceivedFromClient_b == true +| summarize RequestCount = count() by ClientIP = clientIp_s, HttpVersion = httpVersion_s, Resource +| top 10 by RequestCount +| order by RequestCount desc +``` + + + + +### [Azure Front Door Standard/Premium] Top 20 blocked clients by IP and rule + +Show top 20 blocked clients by IP and rule name. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog" +| where action_s == "Block" +| summarize RequestCount = count() by ClientIP = clientIP_s, UserAgent = userAgent_s, RuleName = ruleName_s,Resource +| top 20 by RequestCount +| order by RequestCount desc +``` + + + + +### [Azure Front Door Standard/Premium] Requests to origin by route + +Count number of requests for each route and origin per minute. Summarize number of requests per minute for each route and origin. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| summarize RequestCount = count() by bin(TimeGenerated, 1m), Resource, RouteName = routingRuleName_s, originName = originName_s, ResourceId +``` + + + + +### [Azure Front Door Standard/Premium] Request errors by user agent + +Count number of requests with error responses by user agent. Summarize number of requests per user agent and status codes >= 400. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| where toint(httpStatusCode_s) >= 400 +| summarize RequestCount = count() by UserAgent = userAgent_s, StatusCode = httpStatusCode_s , Resource, ResourceId +| order by RequestCount desc +``` + + + + +### [Azure Front Door Standard/Premium] Top 10 client IPs and http versions + +Show top 10 client IPs and http versions by request count. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| summarize RequestCount = count() by ClientIP = clientIp_s, HttpVersion = httpVersion_s, Resource +|top 10 by RequestCount +| order by RequestCount desc +``` + + + + +### [Azure Front Door Standard/Premium] Request errors by host and path + +Count number of requests with error responses by host and path. Summarize number of requests by host, path, and status codes >= 400. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| where toint(httpStatusCode_s) >= 400 +| extend ParsedUrl = parseurl(requestUri_s) +| summarize RequestCount = count() by Host = tostring(ParsedUrl.Host), Path = tostring(ParsedUrl.Path), StatusCode = httpStatusCode_s, ResourceId +| order by RequestCount desc +``` + + + + +### [Azure Front Door Standard/Premium] Firewall blocked request count per hour + +Count number of firewall blocked requests per hour. Summarize number of firewall blocked requests per hour by policy. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog" +| where action_s == "Block" +| summarize RequestCount = count() by bin(TimeGenerated, 1h), Policy = policy_s, PolicyMode = policyMode_s, Resource, ResourceId +| order by RequestCount desc + +``` + + + + +### [Azure Front Door Standard/Premium] Firewall request count by host, path, rule, and action + +Count firewall processed requests by host, path, rule, and action taken. Summarize request count by host, path, rule, and action. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog" +| extend ParsedUrl = parseurl(requestUri_s) +| summarize RequestCount = count() by Host = tostring(ParsedUrl.Host), Path = tostring(ParsedUrl.Path), RuleName = ruleName_s, Action = action_s, ResourceId +| order by RequestCount desc + +``` + + + + +### [Azure Front Door Standard/Premium] Requests per hour + +Render line chart showing total requests per hour for each FrontDoor resource. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog" +| summarize RequestCount = count() by bin(TimeGenerated, 1h), Resource, ResourceId +| render timechart + +``` + + + + +### [Azure Front Door Standard/Premium] Top 10 URL request count + +Show top 10 URLs by request count. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| summarize UserRequestCount = count() by requestUri_s +| order by UserRequestCount +| limit 10 + +``` + + + + +### [Azure Front Door Standard/Premium] Top 10 URL request count + + Show egress from AFD edge by URL. Change bins resolution from 1hr to 5m to get real time results. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| summarize ResponseBytes = sum(toint(responseBytes_s)) by requestUri_s + +``` + + + + +### [Azure Front Door Standard/Premium] Unique IP request count + +Show unique IP request count. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" +| summarize dcount(clientIp_s) by bin(TimeGenerated, 1h) +| render timechart + +``` + + + +## Queries for microsoft.containerservice + +### Find In AzureDiagnostics + +Find in AzureDiagnostics to search for a specific value in the AzureDiagnostics table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +AzureDiagnostics +| where ResourceProvider == "Microsoft.ContainerService" +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +## Queries for microsoft.dbformariadb + +### Execution time exceeding a threshold + +Identify queries that their run time exceeds 10 seconds. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMARIADB" +| where Category == 'MySqlSlowLogs' +| project TimeGenerated, LogicalServerName_s, event_class_s, start_time_t , query_time_d, sql_text_s, ResourceId +| where query_time_d > 10 // You may change the time threshold +``` + + + + +### Show the Slowest queries + +Identify top 5 slowest queries. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMARIADB" +| where Category == 'MySqlSlowLogs' +| project TimeGenerated, LogicalServerName_s, event_class_s, start_time_t , query_time_d, sql_text_s +| top 5 by query_time_d desc +``` + + + + +### Show Query's statistics + +Construct a summary statistics table by query. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMARIADB" +| where Category == 'MySqlSlowLogs' +| project TimeGenerated, LogicalServerName_s, event_class_s, start_time_t , query_time_d, sql_text_s +| summarize count(), min(query_time_d), max(query_time_d), avg(query_time_d), stdev(query_time_d), percentile(query_time_d, 95) by LogicalServerName_s ,sql_text_s +| top 50 by percentile_query_time_d_95 desc +``` + + + + +### Review audit log events in GENERAL class + +Identify general class events for your server. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMARIADB" +| where Category == 'MySqlAuditLogs' and event_class_s == "general_log" +| project TimeGenerated, LogicalServerName_s, event_class_s, event_subclass_s, event_time_t, user_s , ip_s , sql_text_s +| order by TimeGenerated asc +``` + + + + +### Review audit log events in CONNECTION class + +Identify connection related events for your server. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMARIADB" +| where Category == 'MySqlAuditLogs' and event_class_s == "connection_log" +| project TimeGenerated, LogicalServerName_s, event_class_s, event_subclass_s, event_time_t, user_s , ip_s , sql_text_s +| order by TimeGenerated asc +``` + + + +## Queries for microsoft.dbformysql + +### Execution time exceeding a threshold + +Identify queries that their run time exceeds 10 seconds. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORMYSQL" +| where Category == 'MySqlSlowLogs' +| project TimeGenerated, LogicalServerName_s, event_class_s, start_time_t , query_time_d, sql_text_s, ResourceId +| where query_time_d > 10 //You may change the time threshold +``` + + + + +### Show the Slowest queries + +Identify top 5 slowest queries. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORMYSQL" +| where Category == 'MySqlSlowLogs' +| project TimeGenerated, LogicalServerName_s, event_class_s, start_time_t , query_time_d, sql_text_s +| top 5 by query_time_d desc +``` + + + + +### Show Query's statistics + +Construct a summary statistics table by query. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORMYSQL" +| where Category == 'MySqlSlowLogs' +| project TimeGenerated, LogicalServerName_s, event_class_s, start_time_t , query_time_d, sql_text_s +| summarize count(), min(query_time_d), max(query_time_d), avg(query_time_d), stdev(query_time_d), percentile(query_time_d, 95) by LogicalServerName_s ,sql_text_s +| top 50 by percentile_query_time_d_95 desc +``` + + + + +### Review audit log events in GENERAL class + +Identify general class events for your server. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMYSQL" +| where Category == 'MySqlAuditLogs' and event_class_s == "general_log" +| project TimeGenerated, LogicalServerName_s, event_class_s, event_subclass_s, event_time_t, user_s , ip_s , sql_text_s +| order by TimeGenerated asc +``` + + + + +### Review audit log events in CONNECTION class + +Identify connection related events for your server. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORMYSQL" +| where Category == 'MySqlAuditLogs' and event_class_s == "connection_log" +| project TimeGenerated, LogicalServerName_s, event_class_s, event_subclass_s, event_time_t, user_s , ip_s , sql_text_s +| order by TimeGenerated asc +``` + + + +## Queries for microsoft.dbforpostgresql + +### Autovacuum events + +Search for autovacuum events over the last 24 hours. It requires parameter 'log_autovacuum_min_duration' enabled. + +```query +AzureDiagnostics +| where TimeGenerated > ago(1d) +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Category == "PostgreSQLLogs" +| where Message contains "automatic vacuum" + +``` + + + + +### Server restarts + +Search for server shut down and server ready events. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where TimeGenerated > ago(7d) +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Category == "PostgreSQLLogs" +| where Message contains "database system was shut down at" or Message contains "database system is ready to accept" + +``` + + + + +### Find Errors + +Search for errors in the last 6 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where TimeGenerated > ago(6h) +| where Category == "PostgreSQLLogs" +| where errorLevel_s contains "error" + +``` + + + + +### Unauthorized connections + +Search for unauthorized (rejected) connection attempts. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Category == "PostgreSQLLogs" +| where Message contains "password authentication failed" or Message contains "no pg_hba.conf entry for host" +``` + + + + +### Deadlocks + +Search for deadlock events. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Category == "PostgreSQLLogs" +| where Message contains "deadlock detected" +``` + + + + +### Lock contention + +Search for lock contention. It requires log_lock_waits=ON and depends on deadlock_timeout setting. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Message contains "still waiting for ShareLock on transaction" +``` + + + + +### Audit logs + +Get all audit logs. It requires audit logs to be enabled [https://docs.microsoft.com/azure/postgresql/concepts-audit]. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Category == "PostgreSQLLogs" +| where Message contains "AUDIT:" +``` + + + + +### Audit logs for table(s) and event type(s) + +Search for audit logs for a specific table and event type DDL. Other event types are READ, WRITE, FUNCTION, MISC. It requires audit logs enabled. [https://docs.microsoft.com/azure/postgresql/concepts-audit]. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL" +| where Category == "PostgreSQLLogs" +| where Message contains "AUDIT:" +| where Message contains "table name" and Message contains "DDL" +``` + + + + +### Queries with execution time exceeding a threshold + +Identify queries that take longer than 10 seconds. The query store normalizes actual queries to aggregate similar queries. By default, entries are aggregated every 15 mins. Query utilizes mean execution time every 15 mins and other query statistics such as max, min can be used as appropriate. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORPOSTGRESQL" +| where Category == "QueryStoreRuntimeStatistics" +| where user_id_s != "10" //exclude azure system user +| project TimeGenerated, LogicalServerName_s, event_type_s , mean_time_s , db_id_s , start_time_s , query_id_s, _ResourceId +| where todouble(mean_time_s) > 0 // You may change the time threshold +``` + + + + +### Slowest queries + +Identify top 5 slowest queries. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORPOSTGRESQL" +| where Category == "QueryStoreRuntimeStatistics" +| where user_id_s != "10" //exclude azure system user +| summarize avg(todouble(mean_time_s)) by event_class_s , db_id_s ,query_id_s +| top 5 by avg_mean_time_s desc + +``` + + + + +### Query statistics + +Construct a summary statistics table by query. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORPOSTGRESQL" +| where Category == "QueryStoreRuntimeStatistics" +| where user_id_s != "10" //exclude azure system user +| summarize sum(toint(calls_s)), min(todouble(min_time_s)),max(todouble(max_time_s)),avg(todouble(mean_time_s)),percentile(todouble(mean_time_s),95) by db_id_s ,query_id_s +| order by percentile_mean_time_s_95 desc nulls last +``` + + + + +### Execution count trends + +Execution trend by query aggregated by 15 minute-intervals. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORPOSTGRESQL" +| where Category == "QueryStoreRuntimeStatistics" +| where user_id_s != "10" //exclude azure system user +| summarize sum(toint(calls_s)) by tostring(query_id_s), bin(TimeGenerated, 15m), ResourceId +| render timechart +``` + + + + +### Top wait events + +Identify top 5 wait events by queries. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORPOSTGRESQL" +| where Category == "QueryStoreWaitStatistics" +| where user_id_s != "10" //exclude azure system user +| where query_id_s != 0 +| summarize sum(toint(calls_s)) by event_s, query_id_s, bin(TimeGenerated, 15m) +| top 5 by sum_calls_s desc nulls last +``` + + + + +### Wait event trends + +Display wait event trends over time. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DBFORPOSTGRESQL" +| where Category == "QueryStoreWaitStatistics" +| where user_id_s != "10" //exclude azure system user +| extend query_id_s = tostring(query_id_s) +| summarize sum(toint(calls_s)) by event_s, query_id_s, bin(TimeGenerated, 15m), ResourceId // You may change the time threshold +| render timechart +``` + + + +## Queries for microsoft.devices + +### Connectvity errors + +Identify device connection errors. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DEVICES" and ResourceType == "IOTHUBS" +| where Category == "Connections" and Level == "Error" +``` + + + + +### Devices with most throttling errors + +Identify devices that made the most requests resulting in throttling errors. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DEVICES" and ResourceType == "IOTHUBS" +| where ResultType == "429001" +| extend DeviceId = tostring(parse_json(properties_s).deviceId) +| summarize count() by DeviceId, Category , _ResourceId +| order by count_ desc +``` + + + + +### Dead endpoints + +Identify dead or unhealthy endpoints by the number times the issue was reported, as well as the reason why. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DEVICES" and ResourceType == "IOTHUBS" +| where Category == "Routes" and OperationName in ("endpointDead", "endpointUnhealthy") +| extend parsed_json = parse_json(properties_s) +| extend Endpoint = tostring(parsed_json.endpointName), Reason =tostring(parsed_json.details) +| summarize count() by Endpoint, OperationName, Reason, _ResourceId +| order by count_ desc +``` + + + + +### Error summary + +Count of errors across all operations by type. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DEVICES" and ResourceType == "IOTHUBS" +| where Level == "Error" +| summarize count() by ResultType, ResultDescription, Category, _ResourceId +``` + + + + +### Recently connected devices + +List of devices that IoT Hub saw connect in the specified time period. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DEVICES" and ResourceType == "IOTHUBS" +| where Category == "Connections" and OperationName == "deviceConnect" +| extend DeviceId = tostring(parse_json(properties_s).deviceId) +| summarize max(TimeGenerated) by DeviceId, _ResourceId +``` + + + + +### SDK version of devices + +List of devices and their SDK versions. + +```query +// this query works on device connection or when your device uses device to cloud twin operations +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.DEVICES" and ResourceType == "IOTHUBS" +| where Category == "Connections" or Category == "D2CTwinOperations" +| extend parsed_json = parse_json(properties_s) +| extend SDKVersion = tostring(parsed_json.sdkVersion) , DeviceId = tostring(parsed_json.deviceId) +| distinct DeviceId, SDKVersion, TimeGenerated, _ResourceId +``` + + + +## Queries for microsoft.documentdb + +### Consumed RU/s in last 24 hours + +Identify consumed RU/s on Cosmos databases and collections. + +```query +// To create an alert for this query, click '+ New alert rule' +//You can compare the RU/s consumption with your provisioned RU/s to determine if you should scale up or down RU/s based on your workload. +AzureDiagnostics +| where TimeGenerated >= ago(24hr) +| where Category == "DataPlaneRequests" +//| where collectionName_s == "CollectionToAnalyze" //Replace to target the query to a collection +| summarize ConsumedRUsPerMinute = sum(todouble(requestCharge_s)) by collectionName_s, _ResourceId, bin(TimeGenerated, 1m) +| project TimeGenerated , ConsumedRUsPerMinute , collectionName_s, _ResourceId +| render timechart +``` + + + + +### Collections with throttles (429) in past 24 hours + +Identify collections and operations that have received 429 (throttles), which occur when consumed throughput (RU/s) exceeds provisioned throughput. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where TimeGenerated >= ago(24hr) +| where Category == "DataPlaneRequests" +| where statusCode_s == 429 +| summarize numberOfThrottles = count() by databaseName_s, collectionName_s, requestResourceType_s, _ResourceId, bin(TimeGenerated, 1hr) +| order by numberOfThrottles +``` + + + + +### Top operations by consumed Request Units (RUs) in last 24 hours + +Identify top operations on Cosmos resources by count and consumed RU per operation. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where TimeGenerated >= ago(24h) +| where Category == "DataPlaneRequests" +| summarize numberOfOperations = count(), totalConsumedRU = sum(todouble(requestCharge_s)) by databaseName_s, collectionName_s, OperationName, requestResourceType_s, requestResourceId_s, _ResourceId +| extend averageRUPerOperation = totalConsumedRU / numberOfOperations +| order by numberOfOperations +``` + + + + +### Top logical partition keys by storage + +Identify largest logical partition key values. PartitionKeyStatistics will emit data for top logical partition keys by storage. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where Category == "PartitionKeyStatistics" +//| where collectionName_s == "CollectionToAnalyze" //Replace to target the query to a collection +| summarize arg_max(TimeGenerated, *) by databaseName_s, collectionName_s, partitionKey_s, _ResourceId //Get the latest storage size +| extend utilizationOf20GBLogicalPartition = sizeKb_d / 20000000 //20GB +| project TimeGenerated, databaseName_s , collectionName_s , partitionKey_s, sizeKb_d, utilizationOf20GBLogicalPartition, _ResourceId +``` + + + +## Queries for microsoft.eventhub + +### [Classic] Duration of Capture failure + +Summarizes the duaration of failure on Capture. + +```query +AzureDiagnostics +| where ResourceProvider == \"MICROSOFT.EVENTHUB\" +| where Category == \"ArchiveLogs\" +| summarize count() by \"failures\", \"durationInSeconds\", _ResourceId +``` + + + + +### [Classic] Join request for client + +Summarized the status of join request for client. + +```query +AzureDiagnostics // Need to turn on the Capture for this +| where ResourceProvider == \"MICROSOFT.EVENTHUB\" +| project \"OperationName\" + +``` + + + + +### [Classic] Access to keyvault - key not found + +Summarizes the access to keyvault when key is not found. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == \"MICROSOFT.EVENTHUB\" +| where Category == \"Error\" and OperationName == \"wrapkey\" +| project Message, _ResourceId +``` + + + + +### [Classic] Operation performed with keyvault + +Summarizes the operation performed with keyvault to disable or restore the key. + +```query +AzureDiagnostics +| where ResourceProvider == \"MICROSOFT.EVENTHUB\" +| where Category == \"info\" and OperationName == \"disable\" or OperationName == \"restore\" +| project Message +``` + + + + +### Errors in the last 7 days + +This lists all the errors for the last 7 days. + +```query +AzureDiagnostics +| where TimeGenerated > ago(7d) +| where ResourceProvider =="MICROSOFT.EVENTHUB" +| where Category == "OperationalLogs" +| summarize count() by "EventName", _ResourceId +``` + + + + +### Duration of Capture failure + +Summarizes the duaration of failure on Capture. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.EVENTHUB" +| where Category == "ArchiveLogs" +| summarize count() by "failures", "durationInSeconds", _ResourceId +``` + + + + +### Join request for client + +Summarized the status of join request for client. + +```query +AzureDiagnostics // Need to turn on the Capture for this +| where ResourceProvider == "MICROSOFT.EVENTHUB" +| project "OperationName" +``` + + + + +### Access to keyvault - key not found + +Summarizes the access to keyvault when key is not found. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.EVENTHUB" +| where Category == "Error" and OperationName == "wrapkey" +| project Message, ResourceId +``` + + + + +### Operation performed with keyvault + +Summarizes the operation performed with keyvault to disable or restore the key. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.EVENTHUB" +| where Category == "info" and OperationName == "disable" or OperationName == "restore" +| project Message +``` + + + +## Queries for microsoft.keyvault + +### [Classic] How active has this KeyVault been? + +[Classic] Line chart showing trend of KeyVault requests volume, per operation over time. + +```query +// KeyVault diagnostic currently stores logs in AzureDiagnostics table which stores logs for multiple services. +// Filter on ResourceProvider for logs specific to a service. +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.KEYVAULT" +| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour +| render timechart +``` + + + + +### [Classic] Who is calling this KeyVault? + +[Classic] List of callers identified by their IP address with their request count. + +```query +// KeyVault diagnostic currently stores logs in AzureDiagnostics table which stores logs for multiple services. +// Filter on ResourceProvider for logs specific to a service. +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.KEYVAULT" +| summarize count() by CallerIPAddress +``` + + + + +### [Classic] Are there any slow requests? + +[Classic] List of KeyVault requests that took longer than 1sec. + +```query +// To create an alert for this query, click '+ New alert rule' +let threshold=1000; // let operator defines a constant that can be further used in the query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.KEYVAULT" +| where DurationMs > threshold +| summarize count() by OperationName, _ResourceId +``` + + + + +### [Classic] How fast is this KeyVault serving requests? + +[Classic] Line chart showing trend of request duration over time using different aggregations. + +```query +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.KEYVAULT" +| summarize avg(DurationMs) by requestUri_s, bin(TimeGenerated, 1h) // requestUri_s contains the URI of the request +| render timechart +``` + + + + +### [Classic] Are there any failures? + +[Classic] Count of failed KeyVault requests by status code. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider =="MICROSOFT.KEYVAULT" +| where httpStatusCode_d >= 300 and not(OperationName == "Authentication" and httpStatusCode_d == 401) +| summarize count() by requestUri_s, ResultSignature, _ResourceId +// ResultSignature contains HTTP status, e.g. "OK" or "Forbidden" +// httpStatusCode_d contains HTTP status code returned by the request (e.g. 200, 300 or 401) +// requestUri_s contains the URI of the request +``` + + + + +### [Classic] What changes occurred last month? + +[Classic] Lists all update and patch requests from the last 30 days. + +```query +// KeyVault diagnostic currently stores logs in AzureDiagnostics table which stores logs for multiple services. +// Filter on ResourceProvider for logs specific to a service. +AzureDiagnostics +| where TimeGenerated > ago(30d) // Time range specified in the query. Overrides time picker in portal. +| where ResourceProvider =="MICROSOFT.KEYVAULT" +| where OperationName == "VaultPut" or OperationName == "VaultPatch" +| sort by TimeGenerated desc +``` + + + + +### [Classic] List all input deserialization errors + +[Classic] Shows errors caused due to malformed events that could not be deserialized by the job. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.KEYVAULT" and parse_json(properties_s).DataErrorType in ("InputDeserializerError.InvalidData", "InputDeserializerError.TypeConversionError", "InputDeserializerError.MissingColumns", "InputDeserializerError.InvalidHeader", "InputDeserializerError.InvalidCompressionType") +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### [Classic] Find In AzureDiagnostics + +[Classic] Find in AzureDiagnostics to search for a specific value in the AzureDiagnostics table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.KEYVAULT" +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +## Queries for microsoft.logic + +### Total billable executions + +Total billable executions by operation name. + +```query +// Total billable executions +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.LOGIC" +| where Category == "WorkflowRuntime" +| where OperationName has "workflowTriggerStarted" or OperationName has "workflowActionStarted" +| summarize dcount(resource_runId_s) by OperationName, resource_workflowName_s +``` + + + + +### Logic App execution distribution by workflows + +Hourly timechart for Logic App execution, distribution by workflows. + +```query +// Hourly Time chart for Logic App execution distribution by workflows +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.LOGIC" +| where Category == "WorkflowRuntime" +| where OperationName has "workflowRunStarted" +| summarize dcount(resource_runId_s) by bin(TimeGenerated, 1h), resource_workflowName_s +| render timechart +``` + + + + +### Logic App execution distribution by status + +Completed executions by workflow,status and error. + +```query +//logic app execution status summary +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.LOGIC" +| where OperationName has "workflowRunCompleted" +| summarize dcount(resource_runId_s) by resource_workflowName_s, status_s, error_code_s +| project LogicAppName = resource_workflowName_s , NumberOfExecutions = dcount_resource_runId_s , RunStatus = status_s , Error = error_code_s +``` + + + + +### Triggered failures count + +Show Action/Trigger failures for all Logic App executions by Resource name. + +```query +// To create an alert for this query, click '+ New alert rule' +//Action/Trigger failures for all Logic App executions +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.LOGIC" +| where Category == "WorkflowRuntime" +| where status_s == "Failed" +| where OperationName has "workflowActionCompleted" or OperationName has "workflowTriggerCompleted" +| extend ResourceName = coalesce(resource_actionName_s, resource_triggerName_s) +| extend ResourceCategory = substring(OperationName, 34, strlen(OperationName) - 43) | summarize dcount(resource_runId_s) by code_s, ResourceName, resource_workflowName_s, ResourceCategory, _ResourceId +| project ResourceCategory, ResourceName , FailureCount = dcount_resource_runId_s , ErrorCode = code_s, LogicAppName = resource_workflowName_s, _ResourceId +| order by FailureCount desc +``` + + + +## Queries for microsoft.network + +### Requests per hour + +Count of the incoming requests on the Application Gateway. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" +| summarize AggregatedValue = count() by bin(TimeGenerated, 1h), _ResourceId +| render timechart +``` + + + + +### Non-SSL requests per hour + +Count of the Non-SSL requests on the Application Gateway. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" and sslEnabled_s == "off" +| summarize AggregatedValue = count() by bin(TimeGenerated, 1h), _ResourceId +| render timechart +``` + + + + +### Failed requests per hour + +Count of requests to which Application Gateway responded with an error. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" and httpStatus_d > 399 +| summarize AggregatedValue = count() by bin(TimeGenerated, 1h), _ResourceId +| render timechart +``` + + + + +### Errors by user agent + +Number of errors by user agent. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" and httpStatus_d > 399 +| summarize AggregatedValue = count() by userAgent_s, _ResourceId +| sort by AggregatedValue desc +``` + + + + +### Errors by URI + +Number of errors by URI. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" and httpStatus_d > 399 +| summarize AggregatedValue = count() by requestUri_s, _ResourceId +| sort by AggregatedValue desc +``` + + + + +### Top 10 Client IPs + +Count of requests per client IP. + +```query +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" +| summarize AggregatedValue = count() by clientIP_s +| top 10 by AggregatedValue +``` + + + + +### Top HTTP versions + +Count of request per HTTP version. + +```query +AzureDiagnostics +| where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess" +| summarize AggregatedValue = count() by httpVersion_s +| top 10 by AggregatedValue +``` + + + + +### Network security events + +Find Network security events reporting blocked incoming traffic. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" +| where Category == "NetworkSecurityGroupEvent" +| where direction_s == "In" and type_s == "block" +``` + + + + +### Requests per hour + +Render line chart showing total requests per hour for each FrontDoor resource. + +```query +// Summarize number of requests per hour for each FrontDoor resource +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorAccessLog" +| summarize RequestCount = count() by bin(TimeGenerated, 1h), Resource, ResourceId +| render timechart +``` + + + + +### Forwarded backend requests by routing rule + +Count number of requests for each routing rule and backend host per minute. + +```query +// Summarize number of requests per minute for each routing rule and backend host +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorAccessLog" +| summarize RequestCount = count() by bin(TimeGenerated, 1m), Resource, RoutingRuleName = routingRuleName_s, BackendHostname = backendHostname_s, ResourceId +``` + + + + +### Request errors by host and path + +Count number of requests with error responses by host and path. + +```query +// Summarize number of requests by host, path, and status codes >= 400 +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorAccessLog" +| where toint(httpStatusCode_s) >= 400 +| extend ParsedUrl = parseurl(requestUri_s) +| summarize RequestCount = count() by Host = tostring(ParsedUrl.Host), Path = tostring(ParsedUrl.Path), StatusCode = httpStatusCode_s, ResourceId +| order by RequestCount desc +``` + + + + +### Request errors by user agent + +Count number of requests with error responses by user agent. + +```query +// Summarize number of requests per user agent and status codes >= 400 +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorAccessLog" +| where toint(httpStatusCode_s) >= 400 +| summarize RequestCount = count() by UserAgent = userAgent_s, StatusCode = httpStatusCode_s , Resource, ResourceId +| order by RequestCount desc +``` + + + + +### Top 10 client IPs and http versions + +Show top 10 client IPs and http versions. + +```query +// Summarize top 10 client ips and http versions +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorAccessLog" +| summarize RequestCount = count() by ClientIP = clientIp_s, HttpVersion = httpVersion_s, Resource +| top 10 by RequestCount +| order by RequestCount desc +``` + + + + +### Firewall blocked request count per hour + +Count number of firewall blocked requests per hour. + +```query +// Summarize number of firewall blocked requests per hour by policy +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorWebApplicationFirewallLog" +| where action_s == "Block" +| summarize RequestCount = count() by bin(TimeGenerated, 1h), Policy = policy_s, PolicyMode = policyMode_s, Resource, ResourceId +| order by RequestCount desc +``` + + + + +### Top 20 blocked clients by IP and rule + +Show top 20 blocked clients by IP and rule name. + +```query +// Summarize top 20 blocked clients by IP and rule +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorWebApplicationFirewallLog" +| where action_s == "Block" +| summarize RequestCount = count() by ClientIP = clientIP_s, UserAgent = userAgent_s, RuleName = ruleName_s ,Resource +| top 20 by RequestCount +| order by RequestCount desc +``` + + + + +### Firewall request count by host, path, rule, and action + +Count firewall processed requests by host, path, rule, and action taken. + +```query +// Summarize request count by host, path, rule, and action +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "FrontdoorWebApplicationFirewallLog" +| extend ParsedUrl = parseurl(requestUri_s) +| summarize RequestCount = count() by Host = tostring(ParsedUrl.Host), Path = tostring(ParsedUrl.Path), RuleName = ruleName_s, Action = action_s, ResourceId +| order by RequestCount desc +``` + + + + +### Application rule log data + +Parses the application rule log data. + +```query +AzureDiagnostics +| where Category == "AzureFirewallApplicationRule" +//this first parse statement is valid for all entries as they all start with this format +| parse msg_s with Protocol " request from " SourceIP ":" SourcePort:int * +//Parse action as this is the same for all log lines +| parse kind=regex flags=U msg_s with * ". Action\\: " Action "\\." +// case1: Action: A. Reason: R. +| parse kind=regex flags=U msg_s with "\\. Reason\\: " Reason "\\." +//case 2a: to FQDN:PORT Url: U. Action: A. Policy: P. Rule Collection Group: RCG. Rule Collection: RC. Rule: R. +| parse msg_s with * "to " FQDN ":" TargetPort:int * "." * +//Parse policy if present +| parse msg_s with * ". Policy: " Policy ". Rule Collection Group: " RuleCollectionGroup "." * +| parse msg_s with * " Rule Collection: " RuleCollection ". Rule: " Rule +//case 2.b: Web Category: WC. +| parse Rule with * ". Web Category: " WebCategory +//case 3: No rule matched. Proceeding with default action" +| extend DefaultRule = iff(msg_s contains "No rule matched. Proceeding with default action", true, false) +| extend +SourcePort = tostring(SourcePort), +TargetPort = tostring(TargetPort) +| extend + Action = case(Action == "","N/A", case(DefaultRule, "Deny" ,Action)), + FQDN = case(FQDN == "", "N/A", FQDN), + TargetPort = case(TargetPort == "", "N/A", tostring(TargetPort)), + Policy = case(RuleCollection contains ":", split(RuleCollection, ":")[0] ,case(Policy == "", "N/A", Policy)), + RuleCollectionGroup = case(RuleCollection contains ":", split(RuleCollection, ":")[1], case(RuleCollectionGroup == "", "N/A", RuleCollectionGroup)), + RuleCollection = case(RuleCollection contains ":", split(RuleCollection, ":")[2], case(RuleCollection == "", "N/A", RuleCollection)), + WebCategory = case(WebCategory == "", "N/A", WebCategory), + Rule = case(Rule == "" , "N/A", case(WebCategory == "N/A", Rule, split(Rule, '.')[0])), + Reason = case(Reason == "", case(DefaultRule, "No rule matched - default action", "N/A"), Reason ) +| project TimeGenerated, msg_s, Protocol, SourceIP, SourcePort, FQDN, TargetPort, Action, Policy, RuleCollectionGroup, RuleCollection, Rule, Reason ,WebCategory +``` + + + + +### Network rule log data + +Parses the network rule log data. + +```query +AzureDiagnostics +| where Category == "AzureFirewallNetworkRule" +| where OperationName == "AzureFirewallNatRuleLog" or OperationName == "AzureFirewallNetworkRuleLog" +//case 1: for records that look like this: +//PROTO request from IP:PORT to IP:PORT. +| parse msg_s with Protocol " request from " SourceIP ":" SourcePortInt:int " to " TargetIP ":" TargetPortInt:int * +//case 1a: for regular network rules +| parse kind=regex flags=U msg_s with * ". Action\\: " Action1a "\\." +//case 1b: for NAT rules +//TCP request from IP:PORT to IP:PORT was DNAT'ed to IP:PORT +| parse msg_s with * " was " Action1b:string " to " TranslatedDestination:string ":" TranslatedPort:int * +//Parse rule data if present +| parse msg_s with * ". Policy: " Policy ". Rule Collection Group: " RuleCollectionGroup "." * +| parse msg_s with * " Rule Collection: " RuleCollection ". Rule: " Rule +//case 2: for ICMP records +//ICMP request from 10.0.2.4 to 10.0.3.4. Action: Allow +| parse msg_s with Protocol2 " request from " SourceIP2 " to " TargetIP2 ". Action: " Action2 +| extend +SourcePort = tostring(SourcePortInt), +TargetPort = tostring(TargetPortInt) +| extend + Action = case(Action1a == "", case(Action1b == "",Action2,Action1b), split(Action1a,".")[0]), + Protocol = case(Protocol == "", Protocol2, Protocol), + SourceIP = case(SourceIP == "", SourceIP2, SourceIP), + TargetIP = case(TargetIP == "", TargetIP2, TargetIP), + //ICMP records don't have port information + SourcePort = case(SourcePort == "", "N/A", SourcePort), + TargetPort = case(TargetPort == "", "N/A", TargetPort), + //Regular network rules don't have a DNAT destination + TranslatedDestination = case(TranslatedDestination == "", "N/A", TranslatedDestination), + TranslatedPort = case(isnull(TranslatedPort), "N/A", tostring(TranslatedPort)), + //Rule information + Policy = case(Policy == "", "N/A", Policy), + RuleCollectionGroup = case(RuleCollectionGroup == "", "N/A", RuleCollectionGroup ), + RuleCollection = case(RuleCollection == "", "N/A", RuleCollection ), + Rule = case(Rule == "", "N/A", Rule) +| project TimeGenerated, msg_s, Protocol, SourceIP,SourcePort,TargetIP,TargetPort,Action, TranslatedDestination, TranslatedPort, Policy, RuleCollectionGroup, RuleCollection, Rule +``` + + + + +### Threat Intelligence rule log data + +Parses the Threat Intelligence rule log data. + +```query +AzureDiagnostics +| where OperationName == "AzureFirewallThreatIntelLog" +| parse msg_s with Protocol " request from " SourceIP ":" SourcePortInt:int " to " TargetIP ":" TargetPortInt:int * +| parse msg_s with * ". Action: " Action "." Message +| parse msg_s with Protocol2 " request from " SourceIP2 " to " TargetIP2 ". Action: " Action2 +| extend SourcePort = tostring(SourcePortInt),TargetPort = tostring(TargetPortInt) +| extend Protocol = case(Protocol == "", Protocol2, Protocol),SourceIP = case(SourceIP == "", SourceIP2, SourceIP),TargetIP = case(TargetIP == "", TargetIP2, TargetIP),SourcePort = case(SourcePort == "", "N/A", SourcePort),TargetPort = case(TargetPort == "", "N/A", TargetPort) +| sort by TimeGenerated desc +| project TimeGenerated, msg_s, Protocol, SourceIP,SourcePort,TargetIP,TargetPort,Action,Message +``` + + + + +### Azure Firewall log data + +Start from this query if you want to parse the logs from network rules, application rules, NAT rules, IDS, threat intelligence and more to understand why certain traffic was allowed or denied. This query will show the last 100 log records but by adding simple filter statements at the end of the query the results can be tweaked. + +```query +// Parses the azure firewall rule log data. +// Includes network rules, application rules, threat intelligence, ips/ids, ... +AzureDiagnostics +| where Category == "AzureFirewallNetworkRule" or Category == "AzureFirewallApplicationRule" +//optionally apply filters to only look at a certain type of log data +//| where OperationName == "AzureFirewallNetworkRuleLog" +//| where OperationName == "AzureFirewallNatRuleLog" +//| where OperationName == "AzureFirewallApplicationRuleLog" +//| where OperationName == "AzureFirewallIDSLog" +//| where OperationName == "AzureFirewallThreatIntelLog" +| extend msg_original = msg_s +// normalize data so it's eassier to parse later +| extend msg_s = replace(@'. Action: Deny. Reason: SNI TLS extension was missing.', @' to no_data:no_data. Action: Deny. Rule Collection: default behavior. Rule: SNI TLS extension missing', msg_s) +| extend msg_s = replace(@'No rule matched. Proceeding with default action', @'Rule Collection: default behavior. Rule: no rule matched', msg_s) +// extract web category, then remove it from further parsing +| parse msg_s with * " Web Category: " WebCategory +| extend msg_s = replace(@'(. Web Category:).*','', msg_s) +// extract RuleCollection and Rule information, then remove it from further parsing +| parse msg_s with * ". Rule Collection: " RuleCollection ". Rule: " Rule +| extend msg_s = replace(@'(. Rule Collection:).*','', msg_s) +// extract Rule Collection Group information, then remove it from further parsing +| parse msg_s with * ". Rule Collection Group: " RuleCollectionGroup +| extend msg_s = replace(@'(. Rule Collection Group:).*','', msg_s) +// extract Policy information, then remove it from further parsing +| parse msg_s with * ". Policy: " Policy +| extend msg_s = replace(@'(. Policy:).*','', msg_s) +// extract IDS fields, for now it's always add the end, then remove it from further parsing +| parse msg_s with * ". Signature: " IDSSignatureIDInt ". IDS: " IDSSignatureDescription ". Priority: " IDSPriorityInt ". Classification: " IDSClassification +| extend msg_s = replace(@'(. Signature:).*','', msg_s) +// extra NAT info, then remove it from further parsing +| parse msg_s with * " was DNAT'ed to " NatDestination +| extend msg_s = replace(@"( was DNAT'ed to ).*",". Action: DNAT", msg_s) +// extract Threat Intellingence info, then remove it from further parsing +| parse msg_s with * ". ThreatIntel: " ThreatIntel +| extend msg_s = replace(@'(. ThreatIntel:).*','', msg_s) +// extract URL, then remove it from further parsing +| extend URL = extract(@"(Url: )(.*)(\. Action)",2,msg_s) +| extend msg_s=replace(@"(Url: .*)(Action)",@"\2",msg_s) +// parse remaining "simple" fields +| parse msg_s with Protocol " request from " SourceIP " to " Target ". Action: " Action +| extend + SourceIP = iif(SourceIP contains ":",strcat_array(split(SourceIP,":",0),""),SourceIP), + SourcePort = iif(SourceIP contains ":",strcat_array(split(SourceIP,":",1),""),""), + Target = iif(Target contains ":",strcat_array(split(Target,":",0),""),Target), + TargetPort = iif(SourceIP contains ":",strcat_array(split(Target,":",1),""),""), + Action = iif(Action contains ".",strcat_array(split(Action,".",0),""),Action), + Policy = case(RuleCollection contains ":", split(RuleCollection, ":")[0] ,Policy), + RuleCollectionGroup = case(RuleCollection contains ":", split(RuleCollection, ":")[1], RuleCollectionGroup), + RuleCollection = case(RuleCollection contains ":", split(RuleCollection, ":")[2], RuleCollection), + IDSSignatureID = tostring(IDSSignatureIDInt), + IDSPriority = tostring(IDSPriorityInt) +| project msg_original,TimeGenerated,Protocol,SourceIP,SourcePort,Target,TargetPort,URL,Action, NatDestination, OperationName,ThreatIntel,IDSSignatureID,IDSSignatureDescription,IDSPriority,IDSClassification,Policy,RuleCollectionGroup,RuleCollection,Rule,WebCategory +| order by TimeGenerated +| limit 100 +``` + + + + +### Azure Firewall DNS proxy log data + +Start from this query if you want to understand the Firewall DNS proxy log data. This query will show the last 100 log records but by adding simple filter statements at the end of the query the results can be tweaked. + +```query +// DNS proxy log data +// Parses the DNS proxy log data. +AzureDiagnostics +| where Category == "AzureFirewallDnsProxy" +| parse msg_s with "DNS Request: " SourceIP ":" SourcePortInt:int " - " QueryID:int " " RequestType " " RequestClass " " hostname ". " protocol " " details +| extend + ResponseDuration = extract("[0-9]*.?[0-9]+s$", 0, msg_s), + SourcePort = tostring(SourcePortInt), + QueryID = tostring(QueryID) +| project TimeGenerated,SourceIP,hostname,RequestType,ResponseDuration,details,msg_s +| order by TimeGenerated +| limit 100 +``` + + + + +### BGP route table + +BPG route table learned over last 12 hours. + +```query +AzureDiagnostics +| where TimeGenerated > ago(12h) +| where ResourceType == "EXPRESSROUTECIRCUITS" +| project TimeGenerated , ResourceType , network_s , path_s , OperationName +``` + + + + +### BGP informational messages + +BGP informational messages by level, resource type and network. + +```query +AzureDiagnostics +| where Level == "Informational" +| project TimeGenerated , ResourceId, Level, ResourceType , network_s , path_s +``` + + + + +### Endpoints with monitoring Status down + +Find the reason why the monitoring status of Azure Traffic Manager endpoints is down. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceType == "TRAFFICMANAGERPROFILES" and Category == "ProbeHealthStatusEvents" +| where Status_s == "Down" +| project TimeGenerated, EndpointName_s, Status_s, ResultDescription, SubscriptionId , _ResourceId +``` + + + + +### Successful P2S connections + +Successful P2S connections in the last 12 hours. + +```query +AzureDiagnostics +| where TimeGenerated > ago(12h) +| where Category == "P2SDiagnosticLog" and Message has "Connection successful" +| project TimeGenerated, Resource ,Message +``` + + + + +### Failed P2S connections + +Failed P2S connections in the last 12 hours. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where TimeGenerated > ago(12h) +| where Category == "P2SDiagnosticLog" and Message has "Connection failed" +| project TimeGenerated, Resource ,Message +``` + + + + +### Gateway configuration changes + +Successful gateway configuration changes made by administrator during the last 24 hours. + +```query +AzureDiagnostics +| where TimeGenerated > ago(24h) +| where Category == "GatewayDiagnosticLog" and operationStatus_s == "Success" and configuration_ConnectionTrafficType_s == "Internet" +| project TimeGenerated, Resource, OperationName, Message, operationStatus_s +``` + + + + +### S2S tunnel connet/disconnect events + +S2S tunnel connet/disconnect events during the last 24 hours. + +```query +AzureDiagnostics +| where TimeGenerated > ago(24h) +| where Category == "TunnelDiagnosticLog" and (status_s == "Connected" or status_s == "Disconnected") +| project TimeGenerated, Resource , status_s, remoteIP_s, stateChangeReason_s +``` + + + + +### BGP route updates + +BGP route updates over the last 24 hours. + +```query +AzureDiagnostics +| where TimeGenerated > ago(24h) +| where Category == "RouteDiagnosticLog" and OperationName == "BgpRouteUpdate" +``` + + + + +### Show logs from AzureDiagnostics table + +Lists the latest logs in AzureDiagnostics table, sorted by time (latest first). + +```query +AzureDiagnostics +| top 10 by TimeGenerated +``` + + + +## Queries for microsoft.recoveryservices + +### Failed backup jobs + +Find logs reported failed backup jobs from the last day. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.RECOVERYSERVICES" and Category == "AzureBackupReport" +| where OperationName == "Job" and JobOperation_s == "Backup" and JobStatus_s == "Failed" +| project TimeGenerated, JobUniqueId_g, JobStartDateTime_s, JobOperation_s, JobOperationSubType_s, JobStatus_s , JobFailureCode_s, JobDurationInSecs_s , AdHocOrScheduledJob_s +``` + + + +## Queries for microsoft.servicebus + +### [Classic] List Management operations + +This lists all the management calls. + +```query +AzureDiagnostics +| where ResourceProvider ==\"MICROSOFT.SERVICEBUS\" +| where Category == \"OperationalLogs\" +| summarize count() by EventName_s, _ResourceId +``` + + + + +### [Classic] Error Summary + +Summarizes all the errors encountered. + +```query +AzureDiagnostics +| where ResourceProvider ==\"MICROSOFT.SERVICEBUS\" +| where Category == \"Error\" +| summarize count() by EventName_s, _ResourceId +``` + + + + +### [Classic] Keyvault access attempt - key not found + +Summarizes the access to keyvault when key is not found. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == \"MICROSOFT.SERVICEBUS\" +| where Category == \"Error\" and OperationName == \"wrapkey\" +| project Message, _ResourceId + +``` + + + + +### [Classic] AutoDeleted entities + +Summary of all the entities that have been auto-deleted. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == \"MICROSOFT.SERVICEBUS\" +| where Category == \"OperationalLogs\" +| where EventName_s startswith \"AutoDelete\" +| summarize count() by EventName_s, _ResourceId +``` + + + + +### [Classic] Keyvault performed operational + +Summarizes the operation performed with keyvault to disable or restore the key. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == \"MICROSOFT.SERVICEBUS\" +| where (Category == \"info\" and (OperationName == \"disable\" or OperationName == \"restore\")) +| project Message, _ResourceId +``` + + + + +### Management operations in the last 7 days + +This lists all the management calls for the last 7 days. + +```query +AzureDiagnostics +| where TimeGenerated > ago(7d) +| where ResourceProvider =="MICROSOFT.SERVICEBUS" +| where Category == "OperationalLogs" +| summarize count() by EventName_s, _ResourceId +``` + + + + +### Errors summary + +Summarizes all the errors seen in the last 7 days. + +```query +AzureDiagnostics +| where TimeGenerated > ago(7d) +| where ResourceProvider =="MICROSOFT.SERVICEBUS" +| where Category == "Error" +| summarize count() by EventName_s, _ResourceId +``` + + + + +### Keyvault access attempt - key not found + +Summarizes the access to keyvault when key is not found. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.SERVICEBUS" +| where Category == "Error" and OperationName == "wrapkey" +| project Message, _ResourceId +``` + + + + +### AutoDeleted entities + +Summary of all the entities that have been auto-deleted. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.SERVICEBUS" +| where Category == "OperationalLogs" +| where EventName_s startswith "AutoDelete" +| summarize count() by EventName_s, _ResourceId +``` + + + + +### Keyvault performed operational + +Summarizes the operation performed with keyvault to disable or restore the key. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.SERVICEBUS" +| where (Category == "info" and (OperationName == "disable" or OperationName == "restore")) +| project Message, _ResourceId +``` + + + +## Queries for microsoft.sql + +### Storage on managed instances above 90% + +Display all managed instances with storage utilization above 90%. + +```query +// To create an alert for this query, click '+ New alert rule' +let storage_percentage_threshold = 90; +AzureDiagnostics +| where Category =="ResourceUsageStats" +| summarize (TimeGenerated, calculated_storage_percentage) = arg_max(TimeGenerated, todouble(storage_space_used_mb_s) *100 / todouble (reserved_storage_mb_s)) + by _ResourceId +| where calculated_storage_percentage > storage_percentage_threshold +``` + + + + +### CPU utilization treshold above 95% on managed instances + +Display all managed instances with CPU treshold being over 95% of treshold. + +```query +// To create an alert for this query, click '+ New alert rule' +let cpu_percentage_threshold = 95; +let time_threshold = ago(1h); +AzureDiagnostics +| where Category == "ResourceUsageStats" and TimeGenerated > time_threshold +| summarize avg_cpu = max(todouble(avg_cpu_percent_s)) by _ResourceId +| where avg_cpu > cpu_percentage_threshold +``` + + + + +### Display all active intelligent insights + +Display all active performance issues detected by intelligent insights. Please note that SQLInsights log needs to be enabled for each database monitored. + +```query +AzureDiagnostics +| where Category == "SQLInsights" and status_s == "Active" +| distinct rootCauseAnalysis_s +``` + + + + +### Wait stats + +Wait stats over the last hour, by Logical Server and Database. + +```query +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.SQL" +| where TimeGenerated >= ago(60min) +| parse _ResourceId with * "/microsoft.sql/servers/" LogicalServerName "/databases/" DatabaseName +| summarize Total_count_60mins = sum(delta_waiting_tasks_count_d) by LogicalServerName, DatabaseName, wait_type_s +``` + + + +## Queries for microsoft.streamanalytics + +### List all input data errors + +Shows all errors that occurred while processing the data from inputs. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).Type == "DataError" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all input deserialization errors + +Shows errors caused due to malformed events that could not be deserialized by the job. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType in ("InputDeserializerError.InvalidData", "InputDeserializerError.TypeConversionError", "InputDeserializerError.MissingColumns", "InputDeserializerError.InvalidHeader", "InputDeserializerError.InvalidCompressionType") +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all InvalidInputTimeStamp errors + +Shows errors caused due to events where value of the TIMESTAMP BY expression can't be converted to datetime. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "InvalidInputTimeStamp" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all InvalidInputTimeStampKey errors + +Shows errors caused due to events where value of the TIMESTAMP BY OVER timestampColumn is NULL. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "InvalidInputTimeStampKey" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Events that arrived late + +Shows errors due to events where difference between application time and arrival time is greater than the late arrival policy. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "LateInputEvent" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Events that arrived early + +Shows errors due to events where difference between Application time and Arrival time is greater than 5 minutes. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "EarlyInputEvent" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Events that arrived out of order + +Shows errors due to events that arrive out of order according to the out-of-order policy. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "OutOfOrderEvent" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### All output data errors + +Shows all errors that occurred while writing the results of the query to the outputs in your job. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType in ("OutputDataConversionError.RequiredColumnMissing", "OutputDataConversionError.ColumnNameInvalid", "OutputDataConversionError.TypeConversionError", "OutputDataConversionError.RecordExceededSizeLimit", "OutputDataConversionError.DuplicateKey") +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all RequiredColumnMissing errors + +Shows all errors where the output record produced by your job has a missing column. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "OutputDataConversionError.RequiredColumnMissing" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all ColumnNameInvalid errors + +Shows errors where the output record produced by your job has a column name that doesn't map to a column in your output. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "OutputDataConversionError.ColumnNameInvalid" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all TypeConversionError errors + +Shows errors where the output record produced by your job has a column can't be converted to a valid type in the output. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "OutputDataConversionError.TypeConversionError" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all RecordExceededSizeLimit errors + +Shows errors where the size of the output record produced by your job is greater than the supported output size. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "OutputDataConversionError.RecordExceededSizeLimit" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### List all DuplicateKey errors + +Shows errors where the output record produced by job contains a column with the same name as a System column. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).DataErrorType == "OutputDataConversionError.DuplicateKey" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### All logs with level "Error" + +Shows all logs that are likely to have negatively impacted your job. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and Level == "Error" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Operations that have "Failed" + +Shows all operations on your job that have resulted in a failure. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and status_s == "Failed" +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Output Throttling logs (Cosmos DB, Power BI, Event Hubs) + +Shows all instances where writing to one of your outputs was throttled by the destination service. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).Type in ("DocumentDbOutputAdapterWriteThrottlingError", "EventHubOutputAdapterEventHubThrottlingError", "PowerBIServiceThrottlingError", "PowerBIServiceThrottlingError") +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Transient input and output errors + +Shows all errors related to input and output that are intermittent in nature. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureDiagnostics +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).Type in ("AzureFunctionOutputAdapterTransientError", "BlobInputAdapterTransientError", "DataLakeOutputAdapterTransientError", "DocumentDbOutputAdapterTransientError", "EdgeHubOutputAdapterEdgeHubTransientError", "EventHubBasedInputInvalidOperationTransientError", "EventHubBasedInputOperationCanceledTransientError", "EventHubBasedInputTimeoutTransientError", "EventHubBasedInputTransientError", "EventHubOutputAdapterEventHubTransientError", "InputProcessorTransientFailure", "OutputProcessorTransientError", "ReferenceDataInputAdapterTransientError", "ServiceBusOutputAdapterTransientError", "TableOutputAdapterTransientError") +| project TimeGenerated, Resource, Region_s, OperationName, properties_s, Level, _ResourceId +``` + + + + +### Summary of all data errors in the last 7 days + +Summary of all data errors in the last 7 days. + +```query +AzureDiagnostics +| where TimeGenerated > ago(7d) //last 7 days +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and parse_json(properties_s).Type == "DataError" +| extend DataErrorType = tostring(parse_json(properties_s).DataErrorType) +| summarize Count=count(), sampleEvent=any(properties_s) by DataErrorType, JobName=Resource +``` + + + + +### Summary of all errors in the last 7 days + +Summary of all errors in the last 7 days. + +```query +AzureDiagnostics +| where TimeGenerated > ago(7d) //last 7 days +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" +| extend ErrorType = tostring(parse_json(properties_s).Type) +| summarize Count=count(), sampleEvent=any(properties_s) by ErrorType, JobName=Resource +``` + + + + +### Summary of 'Failed' operations in the last 7 days + +Summary of 'Failed' operations in the last 7 days. + +```query +AzureDiagnostics +| where TimeGenerated > ago(7d) //last 7 days +| where ResourceProvider == "MICROSOFT.STREAMANALYTICS" and status_s == "Failed" +| summarize Count=count(), sampleEvent=any(properties_s) by JobName=Resource +``` + diff --git a/articles/azure-monitor/reference/queries/azureloadtestingoperation.md b/articles/azure-monitor/reference/queries/azureloadtestingoperation.md new file mode 100644 index 0000000000..c0e8b22c84 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azureloadtestingoperation.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for AzureLoadTestingOperation +description: Example queries for AzureLoadTestingOperation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AzureLoadTestingOperation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Azure load test creation count + + +Counts the number of tests creation by resource ID. + +```query +AzureLoadTestingOperation +| where OperationId == "Test_CreateOrUpdateTest" +| where HttpStatusCode == 201 +| summarize count() by _ResourceId +``` + + + +### Azure load test run creation count + + +Counts the number of successful test runs started by resource ID. + +```query +AzureLoadTestingOperation +| where OperationId == "TestRun_CreateAndUpdateTest" +| where HttpStatusCode == 200 +| summarize count() by _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/azuremetrics.md b/articles/azure-monitor/reference/queries/azuremetrics.md new file mode 100644 index 0000000000..bc34e178c3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/azuremetrics.md @@ -0,0 +1,282 @@ +--- +title: Example log table queries for AzureMetrics +description: Example queries for AzureMetrics log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the AzureMetrics table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Pie chart of HTTP response codes + + +Breakdown of response codes for each metric, over the last 12 hours. + +```query +AzureMetrics +| where TimeGenerated > ago(12h) +| where MetricName in ("Http2xx", "Http3xx", "Http4xx", "Http5xx") +| summarize sum(Total) by MetricName +| render piechart +``` + + + +### Line chart of response times + + +Time series of mean response time (over 5 minute intervals). + +```query +AzureMetrics +| extend timeBin = bin(TimeGenerated, 5m) +| summarize ResponseTime = sumif(Average, MetricName=="AverageResponseTime") by timeBin, bin(TimeGenerated, 1h) +| sort by TimeGenerated desc +| render timechart +``` + + + +### [Classic] Find In AzureMetrics + + +[Classic] Find in AzureMetrics to search for a specific value in the AzureMetrics table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +AzureMetrics +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +### Latest metrics + + +Show the latest metrics reports for each reported metric. + +```query +AzureMetrics +| summarize arg_max(TimeGenerated, UnitName, Total, Count, Maximum, Minimum, Average) by MetricName +``` + + + +### Find In AzureMetrics + + +Find in AzureMetrics to search for a specific value in the AzureMetrics table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +AzureMetrics +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +### ExpressRoute Circuit BitsInPerSecond traffic graph + + +Traffic graph BitsInPerSecond (last one hour). + +```query +AzureMetrics +| where MetricName == "BitsInPerSecond" +| summarize by Average, bin(TimeGenerated, 1h), Resource +| render timechart +``` + + + +### ExpressRoute Circuit BitsOutPerSecond traffic graph + + +Traffic graph BitsOutPerSecond (last one hour). + +```query +AzureMetrics +| where MetricName == "BitsOutPerSecond" +| summarize by Average, bin(TimeGenerated, 1h), Resource +| render timechart +``` + + + +### ExpressRoute Circuit ArpAvailablility graph + + +Traffic graph for ArpAvailability (5 minutes). + +```query +AzureMetrics +| where MetricName == "ArpAvailability" +| summarize by Average, bin(TimeGenerated, 5m), Resource +| render timechart +``` + + + +### ExpressRoute Circuit BGP availability + + +Traffic graph for BgpAvailability (5 minutes). + +```query +AzureMetrics +| where MetricName == "BgpAvailability" +| summarize by Average, bin(TimeGenerated, 5m), Resource +| render timechart +``` + + + +### Avg CPU usage + + +Avg CPU usage in the last hour by resource name. + +```query +//consistently high averages could indicate a customer needs to move to a larger SKU +AzureMetrics +| where ResourceProvider == "MICROSOFT.SQL" // /DATABASES +| where TimeGenerated >= ago(60min) +| where MetricName in ('cpu_percent') +| parse _ResourceId with * "/microsoft.sql/servers/" Resource // subtract Resource name for _ResourceId +| summarize CPU_Maximum_last15mins = max(Maximum), CPU_Minimum_last15mins = min(Minimum), CPU_Average_last15mins = avg(Average) by Resource , MetricName +``` + + + +### Performance troubleshooting + + +Potentially query or deadlock on the system that could lead to poor performance. + +```query +//potentially a query or deadlock on the system that could lead to poor performance +AzureMetrics +| where ResourceProvider == "MICROSOFT.SQL" +| where TimeGenerated >=ago(60min) +| where MetricName in ('deadlock') +| parse _ResourceId with * "/microsoft.sql/servers/" Resource // subtract Resource name for _ResourceId +| summarize Deadlock_max_60Mins = max(Maximum) by Resource, MetricName +``` + + + +### Loading Data + + +Monitor data loading in the last hour. + +```query +AzureMetrics +| where ResourceProvider == "MICROSOFT.SQL" +| where TimeGenerated >= ago(60min) +| where MetricName in ('log_write_percent') +| parse _ResourceId with * "/microsoft.sql/servers/" Resource// subtract Resource name for _ResourceId +| summarize Log_Maximum_last60mins = max(Maximum), Log_Minimum_last60mins = min(Minimum), Log_Average_last60mins = avg(Average) by Resource, MetricName +``` + + + +### P2S connection count + + +Active P2S connection count for the last 30 days. + +```query +AzureMetrics +| where TimeGenerated > ago(30d) +| where MetricName == "P2SConnectionCount" +| summarize by Maximum, bin(TimeGenerated,1h), Resource +| render timechart +``` + + + +### P2S bandwidth utilization + + +Average P2S bandwidth utilization during the last 12 hours in bits/second. + +```query +AzureMetrics +| where TimeGenerated > ago(24h) +| where MetricName == "P2SBandwidth" +| summarize by Average, bin(TimeGenerated, 1h), Resource +| render timechart +``` + + + +### Gateway throughput + + +Aggregate gateway throughput in Bytes/sec. + +```query +AzureMetrics +| where TimeGenerated > ago(24h) +| where MetricName == "AverageBandwidth" +| summarize by Average, bin(TimeGenerated, 1h), Resource +| render timechart +``` + + + +### Show logs from AzureMetrics table + + +Lists the latest logs in AzureMetrics table, sorted by time (latest first). + +```query +AzureMetrics +| top 10 by TimeGenerated +``` + + + +### Show logs from AzureMetrics table + + +Lists the latest logs in AzureMetrics table, sorted by time (latest first). + +```query +AzureMetrics +| top 10 by TimeGenerated +``` + + + +### Cluster availability (KeepAlive) + + +Display the cluster's availability during the last hour. + +```query +// To create an alert for this query, click '+ New alert rule' +AzureMetrics +| where ResourceProvider == "MICROSOFT.KUSTO" +| where TimeGenerated > ago(1d) +| where MetricName == "KeepAlive" +| parse _ResourceId with * "providers/microsoft.kusto/clusters/" cluster_name // Get the cluster name from the ResourceId string +| summarize heartbeat_count = count() by bin(TimeGenerated, 30m), cluster_name // bin is used to set the time grain to 30 minutes +| extend alive=iff(heartbeat_count > 0, true, false) +| sort by TimeGenerated asc // sort the results by time (ascending order) +``` + diff --git a/articles/azure-monitor/reference/queries/cassandralogs.md b/articles/azure-monitor/reference/queries/cassandralogs.md new file mode 100644 index 0000000000..587744e124 --- /dev/null +++ b/articles/azure-monitor/reference/queries/cassandralogs.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for CassandraLogs +description: Example queries for CassandraLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CassandraLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Cassandra logs + + +Cassandra logs for a specific node, sorted by time (latest logs shown first). + +```query +let nodeIPAddress = "10.0.0.0"; // Replace with your node IP address +CassandraLogs +| where AddressIP == nodeIPAddress +| sort by TimeGenerated desc +``` + + + +### Cassandra errors or warnings + + +Error or warning logs from Cassandra, sorted by time (latest logs shown first). + +```query +CassandraLogs +| where Level == "ERROR" or Level == "WARN" +| project TimeGenerated, Level, AddressIp, ThreadName, ThreadId, SourceFile, SourceLine, Message, Exception, EventProduct, EventCategory, EventType +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/ccfapplicationlogs.md b/articles/azure-monitor/reference/queries/ccfapplicationlogs.md new file mode 100644 index 0000000000..242fbee385 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ccfapplicationlogs.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for CCFApplicationLogs +description: Example queries for CCFApplicationLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CCFApplicationLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### CCF application errors + + +View the latest Confidential Consortium Framework application errors. + +```query +// To create an alert for this query, click '+ New alert rule' +CCFApplicationLogs +| where Level == "fail" +| sort by TimeGenerated desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/chaosstudioexperimenteventlogs.md b/articles/azure-monitor/reference/queries/chaosstudioexperimenteventlogs.md new file mode 100644 index 0000000000..a78a26270a --- /dev/null +++ b/articles/azure-monitor/reference/queries/chaosstudioexperimenteventlogs.md @@ -0,0 +1,46 @@ +--- +title: Example log table queries for ChaosStudioExperimentEventLogs +description: Example queries for ChaosStudioExperimentEventLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ChaosStudioExperimentEventLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed experiment runs + + +List failed experiment runs. + +```query +ChaosStudioExperimentEventLogs +| where Status == 'Failed' and SpanType == 'Experiment' +| sort by TimeGenerated desc +``` + + + +### Experiment events on last experiment run + + +List experiment events on the last experiment run. + +```query +ChaosStudioExperimentEventLogs +| lookup kind=inner ( + ChaosStudioExperimentEventLogs + | top 1 by TimeGenerated desc + | project CorrelationId +) on CorrelationId +| order by TimeGenerated asc +``` + diff --git a/articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md b/articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md new file mode 100644 index 0000000000..753ffb70a4 --- /dev/null +++ b/articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md @@ -0,0 +1,58 @@ +--- +title: Example log table queries for CHSMManagementAuditLogs +description: Example queries for CHSMManagementAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CHSMManagementAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Aggregate operations query + + +List logs for specific HSM partition operations. + +```query +CHSMManagementAuditLogs +| where OperationName == "END_MARKER_OPCODE (0xffff)/SPECIAL (0xffff)" +| where OperationName == "CN_GENERATE_KEY_PAIR (0x19)/CN_MGMT_CMD (0x0)" +| sort by TimeGenerated desc +| limit 100 + +``` + + + +### Failed operations count + + +Count of failed HSM partition operations requests by userId, operationName and opCode. + +```query +CHSMManagementAuditLogs +| where not(Response contains "FAIL") +| summarize count() by TimeGenerated, UserId, OperationName, Opcode +``` + + + +### Operations per user + + +Count of total HSM partition operations performed per user. + +```query +CHSMManagementAuditLogs +| summarize count() by UserId + +``` + diff --git a/articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md b/articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md new file mode 100644 index 0000000000..157e57c20b --- /dev/null +++ b/articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md @@ -0,0 +1,68 @@ +--- +title: Example log table queries for CHSMServiceOperationAuditLogs +description: Example queries for CHSMServiceOperationAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CHSMServiceOperationAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Are there any slow requests? + + +List of Cloud HSM requests taking longer than 1 second. + +```query +let threshold=1000; +CHSMServiceOperationAuditLogs +| where DurationMs > threshold +| summarize count() by OperationName, _ResourceId +``` + + + +### How active has this Cloud HSM been? + + +Line chart showing trend of Cloud HSM requests volume, per operation over time. + +```query +CHSMServiceOperationAuditLogs +| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour +| render timechart +``` + + + +### Are there any failures? + + +Count of failed requests by request type + +```query +CHSMServiceOperationAuditLogs +| where ResultType == "Failure" +| summarize count() by ResultSignature, _ResourceId +``` + + + +### Who is calling this Cloud HSM? + + +List of callers identified by their IP address with their request count. + +```query +CHSMServiceOperationAuditLogs +| summarize count() by CallerIpAddress +``` + diff --git a/articles/azure-monitor/reference/queries/cieventsaudit.md b/articles/azure-monitor/reference/queries/cieventsaudit.md new file mode 100644 index 0000000000..600a0dbb0f --- /dev/null +++ b/articles/azure-monitor/reference/queries/cieventsaudit.md @@ -0,0 +1,85 @@ +--- +title: Example log table queries for CIEventsAudit +description: Example queries for CIEventsAudit log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CIEventsAudit table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### CIEventsAudit - API response codes line chart + + +Line chart showing requests response duration per operation. + +```query +CIEventsAudit +| summarize DurationMs = avg(DurationMs) by bin(TimeGenerated, 5m), OperationName +| render timechart +``` + + + +### CIEventsAudit - result type ClientError + + +Gets a list of operational events request that finished with result type ClientError: HTTP status code < 500. + +```query +CIEventsAudit +| where ResultType has "ClientError" +| sort by TimeGenerated desc +| limit 100 // You can adjust the limit value to the number of logs you would like to retrieve. +``` + + + +### CIEventsAudit - security level Error + + +Gets a list of API requests that finished with Error severity level. + +```query +CIEventsAudit +| where Level has "Error" +| sort by TimeGenerated desc +| limit 100 // You can adjust the limit value to the number of logs you would like to retrieve. +``` + + + +### CIEvents - all events for a specific correlation id + + +Gets a list of all events request for a specific correlation id + +```query +union CIEventsAudit , CIEventsOperational +| where CorrelationId == "" // Add your CorrelationId in the quotation marks +| sort by TimeGenerated desc +| limit 100 +``` + + + +### CIEventsAudit - all events for a specific instance ID + + +Gets a list of API events requests for a specific instance ID. + +```query +CIEventsAudit +| where InstanceId == "" // Add your InstanceId in the quotation marks +| sort by TimeGenerated desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/cieventsoperational.md b/articles/azure-monitor/reference/queries/cieventsoperational.md new file mode 100644 index 0000000000..e309a143b1 --- /dev/null +++ b/articles/azure-monitor/reference/queries/cieventsoperational.md @@ -0,0 +1,72 @@ +--- +title: Example log table queries for CIEventsOperational +description: Example queries for CIEventsOperational log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CIEventsOperational table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### CIEventsOperational - event type ApiEvent + + +Gets a list of operational events with eventType as APIEvent. + +```query +CIEventsOperational +| where EventType has "ApiEvent" +| sort by TimeGenerated desc +| limit 100 // You can adjust the limit value to the number of logs you would like to retrieve. +``` + + + +### CIEventsOperational- event type WorkflowEvent + + +Gets a list of operational events with eventType as WorkflowEvent. + +```query +CIEventsOperational +| where EventType has "WorkflowEvent" +| sort by TimeGenerated desc +| limit 100 // You can adjust the limit value to the number of logs you would like to retrieve. +``` + + + +### CIEvents - all events for a specific correlation id + + +Gets a list of all events request for a specific correlation id + +```query +union CIEventsAudit , CIEventsOperational +| where CorrelationId == "" // Add your CorrelationId in the quotation marks +| sort by TimeGenerated desc +| limit 100 +``` + + + +### CIEventsOperational - all events for a specific instance ID + + +Gets a list of API events requests for a specific instance ID. + +```query +CIEventsOperational +| where InstanceId == "" // Add your InstanceId in the quotation marks +| sort by TimeGenerated desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/cloudappevents.md b/articles/azure-monitor/reference/queries/cloudappevents.md new file mode 100644 index 0000000000..22ef38a27e --- /dev/null +++ b/articles/azure-monitor/reference/queries/cloudappevents.md @@ -0,0 +1,38 @@ +--- +title: Example log table queries for CloudAppEvents +description: Example queries for CloudAppEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CloudAppEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### File name extension change + + +Display files that were renamed. + +```query +CloudAppEvents +| where Application in ("Microsoft OneDrive for Business", "Microsoft SharePoint Online") and ActionType == "FileRenamed" +| extend NewFileNameExtension = tostring(RawEventData.DestinationFileExtension) +| extend OldFileNameExtension = tostring(RawEventData.SourceFileExtension) +| extend OldFileName = tostring(RawEventData.SourceFileName) +| extend NewFileName = tostring(RawEventData.DestinationFileName) +| where NewFileNameExtension == "doc" and OldFileNameExtension == "docx" +| project RenameTime = Timestamp, OldFileNameExtension, OldFileName, NewFileNameExtension, NewFileName, ActionType, Application, AccountDisplayName, AccountObjectId +| join kind=inner (DeviceFileEvents +| project FileName, AccountObjectId = InitiatingProcessAccountObjectId , DeviceName, SeenOnDevice = Timestamp, FolderPath) on $left.NewFileName == $right.FileName, AccountObjectId +| project RenameTime, NewFileName, OldFileName, Application, AccountObjectId, AccountDisplayName, DeviceName , SeenOnDevice, FolderPath +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/commonsecuritylog.md b/articles/azure-monitor/reference/queries/commonsecuritylog.md new file mode 100644 index 0000000000..46b8212e94 --- /dev/null +++ b/articles/azure-monitor/reference/queries/commonsecuritylog.md @@ -0,0 +1,69 @@ +--- +title: Example log table queries for CommonSecurityLog +description: Example queries for CommonSecurityLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CommonSecurityLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Palo Alto collector machine usage + + +This query displays a descending list of all collector machines hostname according to the amount of events they are recieving from a Palo Alto appliance. + +```query +CommonSecurityLog +// Quering on the past 7 days +| where TimeGenerated > ago(7d) +// Quering only on incoming events from a Palo Alto appliance +| where DeviceProduct has 'PAN-OS' +| where DeviceVendor =~ 'Palo Alto Networks' +// Find the the collector machine with the highest usage +| summarize Count=count() by Computer +// Sort in a descending order- Most used Collector hostname comes first +| sort by Count desc +``` + + + +### Cisco ASA events type usage + + +This query displays a descending list of the amount of events ingested for each DeviceEventClassID + +```query +CommonSecurityLog +// Quering on the past 7 days +| where TimeGenerated > ago(7d) +// Only filter on Cisco ASA events +| where DeviceVendor == "Cisco" and DeviceProduct == "ASA" +// group events by their DeviceEventClassID value, which represents the Cisco message id +| summarize count_events=count() by DeviceEventClassID +// Sort in a descending order- most used DeviceEventClassID comes first +| sort by count_events desc +``` + + + +### Device events volume statistics + + +Devices sending most events. + +```query +CommonSecurityLog +| top-nested 15 of DeviceVendor by Vendor=count(), + top-nested 5 of DeviceProduct by Product=count(), + top-nested 5 of DeviceVersion by Version=count() +``` + diff --git a/articles/azure-monitor/reference/queries/confidentialwatchlist.md b/articles/azure-monitor/reference/queries/confidentialwatchlist.md new file mode 100644 index 0000000000..be919d9b90 --- /dev/null +++ b/articles/azure-monitor/reference/queries/confidentialwatchlist.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for ConfidentialWatchlist +description: Example queries for ConfidentialWatchlist log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ConfidentialWatchlist table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get confidential Watchlist aliases + + +Gets a distinct list of all confidential Watchlist aliases in a workspace. + +```query +ConfidentialWatchlist +| take 100 +``` + + + +### Lookup events using a confidential Watchlist + + +Lookup events in Heartbeat table against data from a Watchlist by treating the confidential Watchlist as a table for joins and lookups. + +```query +Heartbeat +| lookup kind=leftouter _GetWatchlist('mywatchlist') + on $left.ComputerIP == $right.SearchKey + | limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/configurationchange.md b/articles/azure-monitor/reference/queries/configurationchange.md new file mode 100644 index 0000000000..ba4369cb8f --- /dev/null +++ b/articles/azure-monitor/reference/queries/configurationchange.md @@ -0,0 +1,109 @@ +--- +title: Example log table queries for ConfigurationChange +description: Example queries for ConfigurationChange log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ConfigurationChange table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Stopped Windows services + + +Find all windows services that stopped in the last 30 minutes. + +```query +// To create an alert for this query, click '+ New alert rule' +ConfigurationChange // (relies on the Change Tracking solution): +| where ConfigChangeType == "WindowsServices" and SvcChangeType == "State" +| where SvcPreviousState == "Running" and SvcState == "Stopped" +| where SvcStartupType == "Auto" and TimeGenerated > ago(30m) +``` + + + +### Software changes + + +Lists software changes sorted by time (newest first). + +```query +ConfigurationChange +| where ConfigChangeType == "Software" +| sort by TimeGenerated desc +``` + + + +### Service changes + + +Lists service changes sorted by time (newest first). + +```query +ConfigurationChange +| where ConfigChangeType == "Services" +| sort by TimeGenerated desc +``` + + + +### Software change type per computer + + +Count software changes by computer. + +```query +ConfigurationChange +| where ConfigChangeType == "Software" +| summarize AggregatedValue = count() by Computer +``` + + + +### Stopped services + + +Lists stopped service changes sorted by time. + +```query +ConfigurationChange +| where ConfigChangeType == "WindowsServices" and SvcState == "Stopped" +| sort by TimeGenerated desc +``` + + + +### Software change count per category + + +Count software changes by change category. + +```query +ConfigurationChange +| where ConfigChangeType == "Software" +| summarize AggregatedValue = count() by ChangeCategory +``` + + + +### Removed software changes + + +Shows change records for removed software. + +```query +ConfigurationChange +| where ConfigChangeType == "Software" and ChangeCategory == "Removed" +| order by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/configurationdata.md b/articles/azure-monitor/reference/queries/configurationdata.md new file mode 100644 index 0000000000..b5efa67030 --- /dev/null +++ b/articles/azure-monitor/reference/queries/configurationdata.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for ConfigurationData +description: Example queries for ConfigurationData log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ConfigurationData table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Recent stopped auto services + + +Shows most recent services that were set to Auto but reported as being stopped. + +```query +ConfigurationData +| where ConfigDataType == "WindowsServices" and SvcStartupType == "Auto" +| where SvcState == "Stopped" +| summarize arg_max(TimeGenerated, *) by SoftwareName, Computer +``` + diff --git a/articles/azure-monitor/reference/queries/containerappconsolelogs.md b/articles/azure-monitor/reference/queries/containerappconsolelogs.md new file mode 100644 index 0000000000..34520a8964 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerappconsolelogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for ContainerAppConsoleLogs +description: Example queries for ContainerAppConsoleLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerAppConsoleLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Latest Container App user errors + + +Get the latest errors generated by user deployed Container Apps. + +```query +ContainerAppConsoleLogs +| where Stream == "stderr" +| order by TimeGenerated desc +| top 100 by TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/containerimageinventory.md b/articles/azure-monitor/reference/queries/containerimageinventory.md new file mode 100644 index 0000000000..17081dacc0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerimageinventory.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for ContainerImageInventory +description: Example queries for ContainerImageInventory log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerImageInventory table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Image inventory + + +Lists all the container image with their status. + +```query +ContainerImageInventory +| summarize AggregatedValue = count() by Image, ImageTag, Running, _ResourceId +``` + + + +### Find In ContainerImageInventory + + +Find in ContainerImageInventory to search for a specific value in the ContainerImageInventory table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +ContainerImageInventory +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/containerinventory.md b/articles/azure-monitor/reference/queries/containerinventory.md new file mode 100644 index 0000000000..2f061b9ab7 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerinventory.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for ContainerInventory +description: Example queries for ContainerInventory log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerInventory table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Container Lifecycle Information + + +List all of a container's lifecycle information. + +```query +// Container Lifecycle Information +// List all of a container's lifecycle information. +ContainerInventory +| project Computer, Name, Image, ImageTag, ContainerState, CreatedTime, StartedTime, FinishedTime +| top 200 by FinishedTime desc +``` + diff --git a/articles/azure-monitor/reference/queries/containerlog.md b/articles/azure-monitor/reference/queries/containerlog.md new file mode 100644 index 0000000000..08013c626b --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerlog.md @@ -0,0 +1,84 @@ +--- +title: Example log table queries for ContainerLog +description: Example queries for ContainerLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find a value in Container Logs Table + + +** This query requires a parameter to run. Container Logs table is used Log lines collected from stdout and stderr streams for containers. This query will find rows in the ContainerLogs table where LogEntry has specified String. + +```query +//This qeury requires a parameter to work. +//The ContainerLog table holds Log lines collected from stdout and stderr streams for containers. +//Note: the query runs by default for the last 24 hours. Use the time pikcer to adjust time span for query +let FindString = "";//Please update term you would like to find in LogEntry here +ContainerLog +| where LogEntry has FindString +|take 100 +``` + + + +### Billable Log Data by log-type + + +See container logs billable data for the last 7d ,segregated by log-type. + +```query +// Set the requested time, anytime greater than 15d can take longer +let billableTimeView = 7d; +//Join ContainerLog on KubePodInventory for LogEntry source +ContainerLog +| join(KubePodInventory | where TimeGenerated > startofday(ago(billableTimeView)))on ContainerID +| where TimeGenerated > startofday(ago(billableTimeView)) +| summarize Total=sum(_BilledSize)/ 1000 by bin(TimeGenerated, 1d), LogEntrySource +``` + + + +### List container logs per namespace + + +View container logs from all the namespaces in the cluster. + +```query +ContainerLog +|where TimeGenerated > startofday(ago(1h)) +|join( +KubePodInventory +| where TimeGenerated > startofday(ago(1h)) +| distinct Computer, ContainerID, Namespace +)//KubePodInventory Contains namespace information +on Computer, ContainerID +| project TimeGenerated, ContainerID, Namespace , LogEntrySource , LogEntry +``` + + + +### Find In ContainerLog + + +Find in ContainerLog to search for a specific value in the ContainerLog table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +ContainerLog +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/containerlogv2.md b/articles/azure-monitor/reference/queries/containerlogv2.md new file mode 100644 index 0000000000..0bb69b3964 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerlogv2.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for ContainerLogV2 +description: Example queries for ContainerLogV2 log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerLogV2 table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find In ContainerLogV2 + + +Find in ContainerLogV2 to search for a specific value in the ContainerLogV2 table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +ContainerLogV2 +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/containernodeinventory.md b/articles/azure-monitor/reference/queries/containernodeinventory.md new file mode 100644 index 0000000000..fce6bbd5f2 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containernodeinventory.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for ContainerNodeInventory +description: Example queries for ContainerNodeInventory log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerNodeInventory table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find In ContainerNodeInventory + + +Find in ContainerNodeInventory to search for a specific value in the ContainerNodeInventory table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +ContainerNodeInventory +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/containerregistryloginevents.md b/articles/azure-monitor/reference/queries/containerregistryloginevents.md new file mode 100644 index 0000000000..c06d2e8be3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerregistryloginevents.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for ContainerRegistryLoginEvents +description: Example queries for ContainerRegistryLoginEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerRegistryLoginEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show login events reported over the last hour + + +A list of login event logs, sorted by time (earliest logs shown first). + +```query +ContainerRegistryLoginEvents +| where TimeGenerated > ago(1h) +| sort by TimeGenerated asc +``` + diff --git a/articles/azure-monitor/reference/queries/containerregistryrepositoryevents.md b/articles/azure-monitor/reference/queries/containerregistryrepositoryevents.md new file mode 100644 index 0000000000..ce0d105311 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerregistryrepositoryevents.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for ContainerRegistryRepositoryEvents +description: Example queries for ContainerRegistryRepositoryEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerRegistryRepositoryEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show registry events reported over the last hour + + +A list of registry event logs, sorted by time (earliest logs shown first). + +```query +ContainerRegistryRepositoryEvents +| where TimeGenerated > ago(1h) +| sort by TimeGenerated asc +``` + diff --git a/articles/azure-monitor/reference/queries/containerservicelog.md b/articles/azure-monitor/reference/queries/containerservicelog.md new file mode 100644 index 0000000000..75e39204e7 --- /dev/null +++ b/articles/azure-monitor/reference/queries/containerservicelog.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for ContainerServiceLog +description: Example queries for ContainerServiceLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ContainerServiceLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find In ContainerServiceLog + + +Find in ContainerServiceLog to search for a specific value in the ContainerServiceLog table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +ContainerServiceLog +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/coreazurebackup.md b/articles/azure-monitor/reference/queries/coreazurebackup.md new file mode 100644 index 0000000000..4487dcbd0f --- /dev/null +++ b/articles/azure-monitor/reference/queries/coreazurebackup.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for CoreAzureBackup +description: Example queries for CoreAzureBackup log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the CoreAzureBackup table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Backup Items by Vault and Backup item type + + +View the different types of items being backed up. + +```query +CoreAzureBackup +//get all backup items +| where OperationName == "BackupItem" +//remove duplicate records if any +| summarize arg_max(TimeGenerated, *) by BackupItemUniqueId, ResourceId +// summarize backup items by type +| summarize NumberOfItems=count(BackupItemUniqueId) by BackupItemType +``` + diff --git a/articles/azure-monitor/reference/queries/databricksworkspacelogs.md b/articles/azure-monitor/reference/queries/databricksworkspacelogs.md new file mode 100644 index 0000000000..5dda1d73d8 --- /dev/null +++ b/articles/azure-monitor/reference/queries/databricksworkspacelogs.md @@ -0,0 +1,68 @@ +--- +title: Example log table queries for DatabricksWorkspaceLogs +description: Example queries for DatabricksWorkspaceLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DatabricksWorkspaceLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### List all Databricks Diagnostic Settings categories + + +Databricks Diagnostic Settings categories used to go to separate tables. This query lists all categories that are now in the DatabricksWorkspaceLogs table and those that are still in their own tables. + +```query +union isfuzzy=true +DatabricksAccounts, +DatabricksCapsule8Dataplane, +DatabricksClamAVScan, +DatabricksClusterLibraries, +DatabricksClusters, +DatabricksDatabricksSQL, +DatabricksDBFS, +DatabricksDeltaPipelines, +DatabricksFeatureStore, +DatabricksFiles, +DatabricksGenie, +DatabricksGitCredentials, +DatabricksGlobalInitScripts, +DatabricksIAMRole, +DatabricksInstancePools, +DatabricksJobs, +DatabricksMLflowAcledArtifact, +DatabricksMLflowExperiment, +DatabricksModelRegistry, +DatabricksNotebook, +DatabricksPartnerHub, +DatabricksRemoteHistoryService, +DatabricksRepos, +DatabricksSecrets, +DatabricksServerlessRealTimeInference, +DatabricksSQL, +DatabricksSQLPermissions, +DatabricksSSH, +DatabricksUnityCatalog, +DatabricksWebTerminal, +DatabricksWorkspace, +DatabricksBrickStoreHttpGateway, +DatabricksDashboards, +DatabricksCloudStorageMetadata, +DatabricksPredictiveOptimization, +DatabricksDataMonitoring, +DatabricksIngestion, +DatabricksMarketplaceConsumer, +DatabricksLineageTracking, +DatabricksFilesystem +| distinct Category, Type +``` + diff --git a/articles/azure-monitor/reference/queries/datatransferoperations.md b/articles/azure-monitor/reference/queries/datatransferoperations.md new file mode 100644 index 0000000000..e7bc068107 --- /dev/null +++ b/articles/azure-monitor/reference/queries/datatransferoperations.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for DataTransferOperations +description: Example queries for DataTransferOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DataTransferOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Discovered object + + +Find discovered objects, or if transfer started. + +```query +DataTransferOperations +| where Status == "SenderProcessing" +| limit 100 +``` + + + +### Terminal object state + + +Find objects that have been completed. Can be used to find if transfer completed successfully or in error state. + +```query +DataTransferOperations +| where Status == "Rejected" + or Status == "Delivered" + or Status == "Failed" +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/dataverseactivity.md b/articles/azure-monitor/reference/queries/dataverseactivity.md new file mode 100644 index 0000000000..e57a574dc2 --- /dev/null +++ b/articles/azure-monitor/reference/queries/dataverseactivity.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DataverseActivity +description: Example queries for DataverseActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DataverseActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Dataverse events filtered by operation type + + +Display events filtered by Create record operations and summarized by associated table name. + +```query +DataverseActivity +| where Message == "Create" +| summarize count() by EntityName +``` + diff --git a/articles/azure-monitor/reference/queries/dcrlogerrors.md b/articles/azure-monitor/reference/queries/dcrlogerrors.md new file mode 100644 index 0000000000..e5265f2abe --- /dev/null +++ b/articles/azure-monitor/reference/queries/dcrlogerrors.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for DCRLogErrors +description: Example queries for DCRLogErrors log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DCRLogErrors table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Ingestion and Transformation errors from data collection rules + + +Retrieves logs indicating ingestion and transformation failures during logs ingestion using data collection rules. + +```query +// This query helps list the most recent 10 logs for failures during log ingestion/transformation. +DCRLogErrors +//| where OperationName == "Ingestion" // Uncomment this line to see Ingestion errors +//| where OperationName =="Transformation" // Uncomment this line to see Transformation errors +| sort by TimeGenerated desc +| limit 10 + +``` + diff --git a/articles/azure-monitor/reference/queries/devcenterdiagnosticlogs.md b/articles/azure-monitor/reference/queries/devcenterdiagnosticlogs.md new file mode 100644 index 0000000000..ecb89bfb98 --- /dev/null +++ b/articles/azure-monitor/reference/queries/devcenterdiagnosticlogs.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for DevCenterDiagnosticLogs +description: Example queries for DevCenterDiagnosticLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DevCenterDiagnosticLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed actions query + + +Summarizes the number and type of operations that have failed. + +```query +DevCenterDiagnosticLogs +| where toint(ResponseCode) >= 400 +| extend _date = bin(TimeGenerated, 1d) +| summarize failureCount = count() by OperationName, _date +| sort by _date desc +``` + diff --git a/articles/azure-monitor/reference/queries/devcenterresourceoperationlogs.md b/articles/azure-monitor/reference/queries/devcenterresourceoperationlogs.md new file mode 100644 index 0000000000..7f60a5b007 --- /dev/null +++ b/articles/azure-monitor/reference/queries/devcenterresourceoperationlogs.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for DevCenterResourceOperationLogs +description: Example queries for DevCenterResourceOperationLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DevCenterResourceOperationLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Hibernate Unsupported Check + + +Returns the number of occurences of each type of inegibility check for hibernate on dev boxes. + +```query +DevCenterResourceLifecycleLogs +| where OperationName == "HibernateSupportStatusCheck" +| extend Date = bin(TimeGenerated, 6h) +| summarize unsupportedCount = count() by Message, Date +| sort by Date desc +``` + diff --git a/articles/azure-monitor/reference/queries/devicecalendar.md b/articles/azure-monitor/reference/queries/devicecalendar.md new file mode 100644 index 0000000000..7ca875f3ae --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicecalendar.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceCalendar +description: Example queries for DeviceCalendar log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceCalendar table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Exchange Error + + +SurfaceHub Exchange error. + +```query +DeviceCalendar +| where EventName == "activesynchealth" and SyncStatus != "Healthy" +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/devicecleanup.md b/articles/azure-monitor/reference/queries/devicecleanup.md new file mode 100644 index 0000000000..3758b21665 --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicecleanup.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceCleanup +description: Example queries for DeviceCleanup log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceCleanup table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Cleanup Failure + + +SurfaceHub cleanup failure. + +```query +DeviceCleanup +| where State == "Fatal" +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/devicehardwarehealth.md b/articles/azure-monitor/reference/queries/devicehardwarehealth.md new file mode 100644 index 0000000000..99747e583b --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicehardwarehealth.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for DeviceHardwareHealth +description: Example queries for DeviceHardwareHealth log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceHardwareHealth table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Hardware Minor + + +SurfaceHub hardware minor. + +```query +DeviceHardwareHealth +|where EventName != "CameraInUnexpectedState" and EventName != "WiredIngestInUnexpectedState" and EventName != "WiredTouchInUnexpectedState" and EventName != "WifiDirectInUnexpectedState" and EventName != "MicInUnexpectedState" and EventName != "WiredTouchInUnexpectedState" and EventName != "SpeakersInUnexpectedState" and EventName != "WirelessCardInUnexpectedState" +| sort by TimeGenerated des +``` + + + +### Hardware Alert + + +SurfaceHubHardwareAlert. + +```query +DeviceHardwareHealth +|where EventName == "CameraInUnexpectedState" or EventName == "WiredIngestInUnexpectedState" or EventName == "WiredTouchInUnexpectedState" or EventName == "WifiDirectInUnexpectedState" or EventName == "MicInUnexpectedState" or EventName == "WiredTouchInUnexpectedState" or EventName == "SpeakersInUnexpectedState" or EventName == "WirelessCardInUnexpectedState" +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/devicehealth.md b/articles/azure-monitor/reference/queries/devicehealth.md new file mode 100644 index 0000000000..2b458908ed --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicehealth.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceHealth +description: Example queries for DeviceHealth log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceHealth table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Software Alert + + +SurfaceHub software error. + +```query +DeviceHealth +| where EventName == "CriticalProcessStatus" and State == "Unhealthy" +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/deviceskypeheartbeat.md b/articles/azure-monitor/reference/queries/deviceskypeheartbeat.md new file mode 100644 index 0000000000..7c69b9a39a --- /dev/null +++ b/articles/azure-monitor/reference/queries/deviceskypeheartbeat.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceSkypeHeartbeat +description: Example queries for DeviceSkypeHeartbeat log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceSkypeHeartbeat table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Skype Error + + +SurfaceHub Skype error. + +```query +DeviceSkypeHeartbeat +| where State == "Unhealthy" +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/devicetvmsecureconfigurationassessment.md b/articles/azure-monitor/reference/queries/devicetvmsecureconfigurationassessment.md new file mode 100644 index 0000000000..0e9b3b1473 --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicetvmsecureconfigurationassessment.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceTvmSecureConfigurationAssessment +description: Example queries for DeviceTvmSecureConfigurationAssessment log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceTvmSecureConfigurationAssessment table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Devices with antivirus configurations issue + + +List devices with antivirus configurations issues. + +```query +DeviceTvmSecureConfigurationAssessment +| where ConfigurationSubcategory == 'Antivirus' and IsApplicable == 1 and IsCompliant == 0 +| take 10 +``` + diff --git a/articles/azure-monitor/reference/queries/devicetvmsoftwareinventory.md b/articles/azure-monitor/reference/queries/devicetvmsoftwareinventory.md new file mode 100644 index 0000000000..745ef58a66 --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicetvmsoftwareinventory.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceTvmSoftwareInventory +description: Example queries for DeviceTvmSoftwareInventory log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceTvmSoftwareInventory table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Unsupported software titles + + +List software titles which are not supported anymore. + +```query +DeviceTvmSoftwareInventory +| where EndOfSupportStatus == 'EOS Software' +| summarize dcount(DeviceId) by SoftwareName +``` + diff --git a/articles/azure-monitor/reference/queries/devicetvmsoftwarevulnerabilities.md b/articles/azure-monitor/reference/queries/devicetvmsoftwarevulnerabilities.md new file mode 100644 index 0000000000..808555c0c9 --- /dev/null +++ b/articles/azure-monitor/reference/queries/devicetvmsoftwarevulnerabilities.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DeviceTvmSoftwareVulnerabilities +description: Example queries for DeviceTvmSoftwareVulnerabilities log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DeviceTvmSoftwareVulnerabilities table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Devices affected by a specific vulnerability + + +List devices affected by a specific vulnerability. + +```query +DeviceTvmSoftwareVulnerabilities +| where CveId == 'CVE-2020-0791' +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/dnsevents.md b/articles/azure-monitor/reference/queries/dnsevents.md new file mode 100644 index 0000000000..0765efdadb --- /dev/null +++ b/articles/azure-monitor/reference/queries/dnsevents.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for DnsEvents +description: Example queries for DnsEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DnsEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Clients Resolving Malicious Domains + + +Distinct clients resolving malicious domains. + +```query +DnsEvents +| where SubType == 'LookupQuery' and isnotempty(MaliciousIP) +| summarize count() by ClientIP +``` + diff --git a/articles/azure-monitor/reference/queries/dnsquerylogs.md b/articles/azure-monitor/reference/queries/dnsquerylogs.md new file mode 100644 index 0000000000..a20cfc73be --- /dev/null +++ b/articles/azure-monitor/reference/queries/dnsquerylogs.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for DNSQueryLogs +description: Example queries for DNSQueryLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the DNSQueryLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### DNS queries by virtual network and return code + + +Summarize count of DNS queries by virtual network and return code. + +```query +DNSQueryLogs +| summarize count() by VirtualNetworkId, ResponseCode +``` + diff --git a/articles/azure-monitor/reference/queries/egnfailedhttpdataplaneoperations.md b/articles/azure-monitor/reference/queries/egnfailedhttpdataplaneoperations.md new file mode 100644 index 0000000000..95dd76ab89 --- /dev/null +++ b/articles/azure-monitor/reference/queries/egnfailedhttpdataplaneoperations.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for EGNFailedHttpDataPlaneOperations +description: Example queries for EGNFailedHttpDataPlaneOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EGNFailedHttpDataPlaneOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### TLS 1.3 Lower query + + +Clients using TLS of version lower than 1.3. + +```query +EGNSuccessfulHttpDataPlaneOperations +| where TLSVersion != "1.3" +| summarize count() by CallerIpAddress +``` + diff --git a/articles/azure-monitor/reference/queries/egnfailedmqttconnections.md b/articles/azure-monitor/reference/queries/egnfailedmqttconnections.md new file mode 100644 index 0000000000..38481ba707 --- /dev/null +++ b/articles/azure-monitor/reference/queries/egnfailedmqttconnections.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for EGNFailedMqttConnections +description: Example queries for EGNFailedMqttConnections log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EGNFailedMqttConnections table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Authentication error query + + +Authentication errors report by session name. + +```query +EGNFailedMqttConnections +| where ResultSignature == "AuthenticationError" +| summarize count() by SessionName +``` + diff --git a/articles/azure-monitor/reference/queries/egnmqttdisconnections.md b/articles/azure-monitor/reference/queries/egnmqttdisconnections.md new file mode 100644 index 0000000000..98a137a878 --- /dev/null +++ b/articles/azure-monitor/reference/queries/egnmqttdisconnections.md @@ -0,0 +1,40 @@ +--- +title: Example log table queries for EGNMqttDisconnections +description: Example queries for EGNMqttDisconnections log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EGNMqttDisconnections table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Disconnections reason query + + +Disconnections report by reasons. + +```query +EGNMqttDisconnections +| summarize count() by ResultSignature +``` + + + +### Session disconnections query + + +Disconnections report by session names. + +```query +EGNMqttDisconnections +| summarize count() by SessionName +``` + diff --git a/articles/azure-monitor/reference/queries/egnsuccessfulhttpdataplaneoperations.md b/articles/azure-monitor/reference/queries/egnsuccessfulhttpdataplaneoperations.md new file mode 100644 index 0000000000..6fe93c690b --- /dev/null +++ b/articles/azure-monitor/reference/queries/egnsuccessfulhttpdataplaneoperations.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for EGNSuccessfulHttpDataPlaneOperations +description: Example queries for EGNSuccessfulHttpDataPlaneOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EGNSuccessfulHttpDataPlaneOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### TLS 1.3 Lower query + + +Clients using TLS of version lower than 1.3. + +```query +EGNSuccessfulHttpDataPlaneOperations +| where TLSVersion != "1.3" +| summarize count() by CallerIpAddress +``` + diff --git a/articles/azure-monitor/reference/queries/egnsuccessfulmqttconnections.md b/articles/azure-monitor/reference/queries/egnsuccessfulmqttconnections.md new file mode 100644 index 0000000000..8a2cd6e4e4 --- /dev/null +++ b/articles/azure-monitor/reference/queries/egnsuccessfulmqttconnections.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for EGNSuccessfulMqttConnections +description: Example queries for EGNSuccessfulMqttConnections log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EGNSuccessfulMqttConnections table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Session connections query + + +Connections report by session names. + +```query +EGNSuccessfulMqttConnections +| summarize count() by SessionName +``` + diff --git a/articles/azure-monitor/reference/queries/emailattachmentinfo.md b/articles/azure-monitor/reference/queries/emailattachmentinfo.md new file mode 100644 index 0000000000..a2b7c0b30b --- /dev/null +++ b/articles/azure-monitor/reference/queries/emailattachmentinfo.md @@ -0,0 +1,50 @@ +--- +title: Example log table queries for EmailAttachmentInfo +description: Example queries for EmailAttachmentInfo log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EmailAttachmentInfo table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Files from malicious sender + + +Finds the first appearance of files sent by a malicious sender in your organization at selected time frame. To see earlier appearances please increase selected time range. + +```query +let MaliciousSender = ""; +EmailAttachmentInfo +| where SenderFromAddress =~ MaliciousSender +| project SHA256 = tolower(SHA256) +| join ( +DeviceFileEvents +) on SHA256 +| summarize FirstAppearance = min(Timestamp) by DeviceName, SHA256, FileName +| take 100 +``` + + + +### Emails to external domains with attachments + + +Emails sent to an external domain that include attachments. + +```query +EmailEvents +| where EmailDirection == "Outbound" and AttachmentCount > 0 +| join EmailAttachmentInfo on NetworkMessageId +| project Timestamp, Subject, SenderFromAddress, RecipientEmailAddress, NetworkMessageId, FileName, AttachmentCount +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/emailevents.md b/articles/azure-monitor/reference/queries/emailevents.md new file mode 100644 index 0000000000..2faf72c820 --- /dev/null +++ b/articles/azure-monitor/reference/queries/emailevents.md @@ -0,0 +1,43 @@ +--- +title: Example log table queries for EmailEvents +description: Example queries for EmailEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EmailEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Phishing emails from the top 10 sender domains + + +Get the number of phishing emails from the top ten sender domains. + +```query +EmailEvents +| where ThreatTypes has "Phish" +| summarize Count = count() by SenderFromDomain +| top 10 by Count +``` + + + +### Emails with malware + + +Get the number of phishing emails from the top ten sender domains. + +```query +EmailEvents +| where ThreatTypes has "Malware" +| limit 500 +``` + diff --git a/articles/azure-monitor/reference/queries/emailpostdeliveryevents.md b/articles/azure-monitor/reference/queries/emailpostdeliveryevents.md new file mode 100644 index 0000000000..6d3639c62b --- /dev/null +++ b/articles/azure-monitor/reference/queries/emailpostdeliveryevents.md @@ -0,0 +1,59 @@ +--- +title: Example log table queries for EmailPostDeliveryEvents +description: Example queries for EmailPostDeliveryEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EmailPostDeliveryEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Post-delivery administrator actions + + +Display post-delivery actions made by Administrator. + +```query +EmailPostDeliveryEvents +| where ActionTrigger == 'AdminAction' +| take 100 +``` + + + +### Unremediated post-delivery phishing email detections + + +Display post-delivery phishing email detections which was not remediated. + +```query +EmailPostDeliveryEvents +| where ActionType == 'Phish ZAP' and ActionResult == 'Error' +| join EmailEvents on NetworkMessageId, RecipientEmailAddress +| take 100 +``` + + + +### Full email processing details + + +Emails that include predefined post-delivery actions or automatic rules, by sender and subject. + +```query +let mySender = ""; +let subject = ""; +EmailEvents +| where SenderFromAddress == mySender and Subject == subject +| join EmailPostDeliveryEvents on NetworkMessageId, RecipientEmailAddress +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/emailurlinfo.md b/articles/azure-monitor/reference/queries/emailurlinfo.md new file mode 100644 index 0000000000..8122f3437c --- /dev/null +++ b/articles/azure-monitor/reference/queries/emailurlinfo.md @@ -0,0 +1,32 @@ +--- +title: Example log table queries for EmailUrlInfo +description: Example queries for EmailUrlInfo log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the EmailUrlInfo table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### URLs in an email + + +URLs in a particular message, by NetworkMessageId identifier. + +```query +let myEmailId = ""; +EmailEvents +| where NetworkMessageId == myEmailId +| join EmailUrlInfo on NetworkMessageId +| project Timestamp, Subject, SenderFromAddress, RecipientEmailAddress, NetworkMessageId, Url, UrlCount +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/event.md b/articles/azure-monitor/reference/queries/event.md new file mode 100644 index 0000000000..a91430a7bd --- /dev/null +++ b/articles/azure-monitor/reference/queries/event.md @@ -0,0 +1,439 @@ +--- +title: Example log table queries for Event +description: Example queries for Event log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Event table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Memory usage percentage + + +For your cluster view avg node memory usage percentage. + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +//Unit for MemoryUsage is in percentage(%),TotalMemory, and UsedMemory are in bytes +//Please use Nodename to set alert for each node +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3000" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend servers_information = parse_json(RenderedDescription).m_servers +| mv-expand servers_information +| extend Nodename = tostring(servers_information.m_name) +| extend TotalMemory = todecimal(servers_information.m_totalPhysicalMemoryInBytes) +| extend UsedMemory = iff(TotalMemory == 0.0, todecimal(0.0), todecimal(servers_information.m_usedPhysicalMemoryInBytes)) +| extend MemoryUsage = iff(TotalMemory == 0.0, todecimal(0.0), todecimal(round(UsedMemory / TotalMemory * 100, 0))) + +``` + + + +### Avg node CPU usage percentage + + +For your cluster view avg node CPU usage percentage. + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +//Unit for UsedCpuPercentage is in percentage(%) +//Please use Nodename to set alert for each node +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3000" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend servers_information = parse_json(RenderedDescription).m_servers +| mv-expand servers_information +| extend Nodename = tostring(servers_information.m_name) +| extend UsedCpuPercentage = toint(servers_information.m_totalProcessorsUsedPercentage) + +``` + + + +### Virtual machines failed + + +For your cluster, view failed virtual machines in a cluster. + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3003" +| extend ClusterName = tostring(parse_xml(EventData).DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(parse_xml(EventData).DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend description = parse_json(RenderedDescription) +| extend VmsFailed = toint(description.m_totalVmsFailed) + +``` + + + +### Total virtual machines in a cluster. + + +For your cluster, view total, running, stopped and failed virtual machines in a cluster + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3003" +| extend ClusterName = tostring(parse_xml(EventData).DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(parse_xml(EventData).DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend description = parse_json(RenderedDescription) +| extend VmsStopped = toint(description.m_totalVmsStopped) +``` + + + +### Available volume capacity in a cluster. + + +View available capacity (in Bytes) for a volume in a cluster + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3002" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend volumes_information = parse_json(RenderedDescription).VolumeList +| mv-expand volumes_information +| extend Volumes = tostring(volumes_information.m_Label) +| extend TotalCap = todecimal(volumes_information.m_Size) +| extend AvailableCap = TotalCap - todecimal(volumes_information.m_SizeUsed) +``` + + + +### Volume latency + + +This query shows the latency for your volumes. + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3002" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend volumes_information = parse_json(RenderedDescription).VolumeList +| mv-expand volumes_information +| extend VolumeName = tostring(volumes_information.m_Label) +| extend Latency = todouble(volumes_information.m_AverageLatency) +| extend Latency = iff(Latency < 0, 0.0, Latency) +``` + + + +### Volume IOPS + + +This query shows the input output operations per second for your volumes in a cluster. + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID to view IOPS of volumes in a cluster +//Unit for IOPS will be IOPS/s +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3002" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend volumes_information = parse_json(RenderedDescription).VolumeList +| mv-expand volumes_information +| extend VolumesName = tostring(volumes_information.m_Label) +| extend Iops = todouble(volumes_information.m_TotalIops) +| extend Iops = iff(Iops < 0, 0.0, Iops) +``` + + + +### Volume throughput + + +This query shows the throughput for your volumes in a cluster. + +```query +//Select your log analytics workspace and replace enter cluster ID with your cluster arm ID +//Unit for throughput is B/s +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3002" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +| where ClusterArmId =~ 'enter cluster ID' +| summarize arg_max(TimeGenerated, RenderedDescription) +| extend volumes_information = parse_json(RenderedDescription).VolumeList +| mv-expand volumes_information +| extend VolumeName = tostring(volumes_information.m_Label) +| extend Throughput = todouble(volumes_information.m_TotalThroughput) +| extend Throughput = iff(Throughput < 0, 0.0, Throughput) + +``` + + + +### Cluster node down + + +Get an alert if a node is down within a cluster. + +```query +//Select your log analytics workspace and replace clusterarmId1 with your cluster arm ID +//Please split dimensions by clusterarmID and dimension name as faulting resource ID to set up alerts for each node within a cluster. Please check include all future values to get alerts for future dimension names. +Event +| where EventLog =~ "Microsoft-Windows-Health/Operational" +| extend description = parse_json(RenderedDescription) +| extend CorrelationId = tostring(description.CorrelationId) +| join kind=leftsemi (Event + | where EventLog =~ "Microsoft-Windows-Health/Operational" + | extend description = parse_json(RenderedDescription) + | extend ClusterArmId = tostring(description.ArmId) + //| where ClusterArmId in~ ('clusterarmId1', 'clusterarmId2', 'clusterarmId3') + | where tostring(description.IsLastMessage) =~ 'true' + | extend CorrelationId = tostring(description.CorrelationId) + | summarize arg_max(TimeGenerated, *) by ClusterArmId + | project CorrelationId) + on CorrelationId +| extend ClusterArmId = tostring(description.ArmId) +| where tostring(description.Fault.RootObjectType) == 'Microsoft.Health.EntityType.Cluster' +| extend Fault = description.Fault +| extend ShortDescription = split(tostring(Fault.Type), '.')[-1] +| extend Faulttype= Fault.Type +| where Faulttype == "Microsoft.Health.FaultType.Server.Down" +| extend Severity = toint(Fault.Severity) +| extend FaultingResourceType = split(tostring(Fault.ObjectType), '.')[-1] +| extend FaultingResourceId = tostring(Fault.ObjectId) +| extend ReportedTime = datetime_add('Microsecond', tolong(Fault.Timestamp) / 10, make_datetime(1601, 1, 1)) +| extend Detail = pack( + "Severity", iff(Severity == 0, "Healthy", iff(Severity == 1, "Warning", iff(Severity == 2, "Critical", "Unknown"))), + "Faulting Resource ID", FaultingResourceId, + "Faulting Resource Type", FaultingResourceType, + "Faulttype", Faulttype, + "Reported Time", ReportedTime, + "Short Description", ShortDescription, + "Description", tostring(Fault.Description), + "clusterARMId", tostring(ClusterArmId), + "Remediation", tostring(Fault.Remediation)) +| sort by ReportedTime asc +| limit 100 +``` + + + +### Memory usage percentage + + +For your cluster view avg node memory usage percentage. + +```query +//Select your log analytics workspace and replace clusterarmId1 with your cluster arm ID +//Unit for MemoryUsage is in percentage(%),TotalMemory, and UsedMemory are in bytes +Event +| where EventLog =~ "Microsoft-Windows-SDDC-Management/Operational" and EventID == "3000" +| extend ClusterData = parse_xml(EventData) +| extend ClusterName = tostring(ClusterData.DataItem.UserData.EventData["ClusterName"]) +| extend ClusterArmId = tostring(ClusterData.DataItem.UserData.EventData["ArmId"]) +//| where ClusterArmId in~ ('clusterarmId1', 'clusterarmId2', 'clusterarmId3') +| summarize arg_max(TimeGenerated, *) by ClusterArmId +| extend servers_information = parse_json(RenderedDescription).m_servers +| mv-expand servers_information +| extend Nodename = tostring(servers_information.m_name) +| extend TotalMemory = todecimal(servers_information.m_totalPhysicalMemoryInBytes) +| extend UsedMemory = iff(TotalMemory == 0.0, todecimal(0.0), todecimal(servers_information.m_usedPhysicalMemoryInBytes)) +| extend MemoryUsage = iff(TotalMemory == 0.0, todecimal(0.0), todecimal(round(UsedMemory / TotalMemory * 100, 0))) +| extend MemoryUsageint = toint(MemoryUsage) +| where Nodename != "" +| limit 100 +``` + + + +### Ingestion latency (end-to-end) timechart - Event table + + +Chart the latency of ingestion to the Event table in the last 1 day. + +```query +Event +| where TimeGenerated > ago(1d) +| project TimeGenerated, IngestionDurationSeconds = (ingestion_time()-TimeGenerated)/1s +| render timechart title = "Ingestion latency: Event table" +``` + + + +### Show the trend of a selected event + + +Chart how many times an event was reported along the last day. + +```query +// To create an alert for this query, click '+ New alert rule' +Event +| where EventID == 44 // this ID indicates Windows Update started downloading an update +| summarize count() by bin(TimeGenerated, 1h), Computer, _ResourceId // bin is used to set the time grain to 1 hour +| render barchart +``` + + + +### Error event on computer missing security co critical update + + +Error events for machines that are missing critical or security required updates. + +```query +// To create an alert for this query, click '+ New alert rule' +Event +| where EventLevelName == "error" + | join kind=inner (Update |where (Classification == "Security Updates" or Classification == "Critical Updates") and UpdateState == "Needed" and Optional == "false" | distinct Computer) on Computer + | sort by TimeGenerated desc +``` + + + +### All Events in the past hour + + +All Events in the past hour. + +```query +Event +| where TimeGenerated > ago(1h) +| sort by TimeGenerated desc +``` + + + +### Events started + + +Events started by event ID. + +```query +Event +| where RenderedDescription contains "started" +| summarize count() by EventID +``` + + + +### Events by event source + + +Events by event source. + +```query +Event +| summarize count() by Source +``` + + + +### Events by event ID + + +Top 10 events by event ID. + +```query +Event +| summarize count() by EventID +| top 10 by count_ +``` + + + +### Warning events + + +Warning events sortd by time. + +```query +Event +| where EventLevelName == "warning" +| sort by TimeGenerated desc +``` + + + +### Count of warning events + + +Count of warning events by event ID. + +```query +Event +| where EventLevelName == "warning" +| summarize count() by EventID +``` + + + +### Events in OM between 2000 to 3000 + + +Operation manger events with IDs in range of 2000 to 3000. + +```query +Event +| where EventLog == "Operations Manager" and (EventID >= 2000 and EventID <= 3000) +| sort by TimeGenerated desc +``` + + + +### Windows Fireawall policy settings + + +Windows Fireawall policy settings changed. + +```query +Event +| where EventLog == "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" and EventID == 2008 +| sort by TimeGenerated desc +``` + + + +### Windows Fireawall policy settings changed by machines + + +Windows Fireawall policy settings changed by machines. + +```query +Event +| where EventLog == "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" and EventID == 2008 +| summarize count() by Computer +| limit 10000 +``` + diff --git a/articles/azure-monitor/reference/queries/failedingestion.md b/articles/azure-monitor/reference/queries/failedingestion.md new file mode 100644 index 0000000000..a91a817b23 --- /dev/null +++ b/articles/azure-monitor/reference/queries/failedingestion.md @@ -0,0 +1,54 @@ +--- +title: Example log table queries for FailedIngestion +description: Example queries for FailedIngestion log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the FailedIngestion table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed ingestions by errors + + +How many ingestion failures accrued (by ErrorCode). + +```query +FailedIngestion +| summarize count() by ErrorCode +``` + + + +### Failed ingestions timechart + + +How many ingestion failures accrued (timechart). + +```query +FailedIngestion +| summarize count() by bin(TimeGenerated, 5m) +| render timechart +``` + + + +### Failed Ingestions + + +How many ingestion failures accrued (by cluster, database, table, ErrorCode, status). + +```query +FailedIngestion +| parse _ResourceId with * "providers/microsoft.kusto/clusters/" cluster_name // Get the cluster name from the ResourceId string +| summarize count() by bin(TimeGenerated, 1h), cluster_name, Database, Table, ErrorCode, FailureStatus +``` + diff --git a/articles/azure-monitor/reference/queries/functionapplogs.md b/articles/azure-monitor/reference/queries/functionapplogs.md new file mode 100644 index 0000000000..641779b8d3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/functionapplogs.md @@ -0,0 +1,106 @@ +--- +title: Example log table queries for FunctionAppLogs +description: Example queries for FunctionAppLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the FunctionAppLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show application logs from Function Apps + + +A list of application logs, sorted by time (latest logs shown first). + +```query +FunctionAppLogs +| project TimeGenerated, HostInstanceId, Message, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Show logs with warnings or exceptions + + +A list of logs which contain warnings or exceptions (latest logs shown first). + +```query +FunctionAppLogs +| where Level == "Warning" or Level == "Error" +| project TimeGenerated, HostInstanceId, Level, Message, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Error and exception count + + +Show a column chart of the number of the logs containing warnings or errors in the last hour, per application. + +```query +FunctionAppLogs +| where TimeGenerated > ago(1h) +| where Level == "Warning" or Level == "Error" +| summarize count_per_app = count() by _ResourceId +| sort by count_per_app desc +| render columnchart +``` + + + +### Function activity over time + + +Line chart showing trend of Function requests volume, per Function over time. + +```query +FunctionAppLogs +//| where _ResourceId == "MyResourceId" // Uncomment and enter a resource ID to get results for a specific resource +| where Category startswith "Function." and Message startswith "Executed " +| summarize count() by bin(TimeGenerated, 1h), FunctionName // Aggregate by hour +| render timechart +``` + + + +### Function results + + +Individual Function invocation results in the last hour (latest logs shown first). + +```query +FunctionAppLogs +| where TimeGenerated > ago(1h) +| where Category startswith "Function." and Message startswith "Executed " +| parse Message with "Executed '" Name "' (" Result ", Id=" Id ", Duration=" Duration:long "ms)" +| project TimeGenerated, FunctionName, Result, FunctionInvocationId, Duration, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Function Error rate + + +Summarizing functions success and errors per hour. + +```query +FunctionAppLogs +| where Category startswith "Function." and Message startswith "Executed " +| parse Message with "Executed '" Name "' (" Result ", Id=" Id ", Duration=" Duration:long "ms)" +// | where Name == "MyFunction" // Use this to restrict to a specific function +| summarize count() by bin(TimeGenerated, 1h), Name, Result, _ResourceId +| order by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/gcpauditlogs.md b/articles/azure-monitor/reference/queries/gcpauditlogs.md new file mode 100644 index 0000000000..dccfd59b04 --- /dev/null +++ b/articles/azure-monitor/reference/queries/gcpauditlogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for GCPAuditLogs +description: Example queries for GCPAuditLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the GCPAuditLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### PubSub subscription logs with severity info + + +List of pubSub subscription logs with severity info. + +```query +GCPAuditLogs +| where GCPResourceType == 'pubsub_subscription' +| where severity == 'INFO' +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/heartbeat.md b/articles/azure-monitor/reference/queries/heartbeat.md new file mode 100644 index 0000000000..4e4ac78367 --- /dev/null +++ b/articles/azure-monitor/reference/queries/heartbeat.md @@ -0,0 +1,242 @@ +--- +title: Example log table queries for Heartbeat +description: Example queries for Heartbeat log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Heartbeat table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count heartbeats + + +Count all computers heartbeats from the last hour. + +```query +// Count computers heartbeats in the last hour. +// Normally, agents on VMs generate Heartbeat event every minute. +Heartbeat +| where TimeGenerated > ago(1h) +| summarize count() by Computer +``` + + + +### Last heartbeat of each computer + + +Show the last heartbeat sent by each computer. + +```query +// Last heartbeat of each computer +// Show the last heartbeat sent by each computer. +Heartbeat +| summarize arg_max(TimeGenerated, *) by Computer +``` + + + +### Ingestion latency (end-to-end) spikes - Heartbeat table + + +Check for latency spikes in the ingestion of Heartbeats in the last 24 hours. + +```query +// Ingestion latency (end-to-end) spikes - Heartbeat table +// Check for latency spikes in the ingestion of Heartbeats in the last 24 hour. +// This query calculates ingestion duration every 10 minutes, and looks for spikes +let StartTime = ago(24h); +let EndTime = now(); +let MinRSquare = 0.9; // Tune the sensitivity of the detection sensor. Higher numbers make the detector more sensitive +Heartbeat +| where TimeGenerated between (StartTime .. EndTime) +// calculate ingestion duration in seconds +| extend IngestionDurationSeconds = (ingestion_time()-TimeGenerated)/1s +// Create a time series +| make-series RatioSeries=avg(IngestionDurationSeconds) default=0 on TimeGenerated in range(StartTime , EndTime,10m) +// Apply a 2-line regression to the time series +| extend (RSquare2, SplitIdx, Variance2, RVariance2, LineFit2) = series_fit_2lines(RatioSeries) +// Find out if our 2-line is trending up or down +|extend (Slope, Interception, RSquare, Variance, RVariance, LineFit) = series_fit_line(LineFit2) +// Check whether the line fit reaches the threshold, and if the spike represents an increase (rather than a decrease) +| project PatternMatch = iff(RSquare2 > MinRSquare and Slope>0, "Spike detected", "No spike") + +``` + + + +### Agent latency spikes - Heartbeat table + + +Check for agent latency spikes in the ingestion of Heartbeats in the last 24 hours. + +```query +// Agent latency spikes - Heartbeat table +// Check for agent latency spikes in the ingestion of Heartbeats in the last 24 hour. +// This query calculates ingestion duration every 10 minutes, and looks for spikes +let StartTime = ago(24h); +let EndTime = now(); +let MinRSquare = 0.9; // Tune the sensitivity of the detection sensor. Higher numbers make the detector more sensitive +Heartbeat +| where TimeGenerated between (StartTime .. EndTime) +// calculate ingestion duration in seconds +| extend AgentLatencySeconds = (_TimeReceived-TimeGenerated)/1s +// Create a time series +| make-series RatioSeries=avg(AgentLatencySeconds) default=0 on TimeGenerated in range(StartTime , EndTime,10m) +// Apply a 2-line regression to the time series +| extend (RSquare2, SplitIdx, Variance2, RVariance2, LineFit2) = series_fit_2lines(RatioSeries) +// Find out if our 2-line is trending up or down +|extend (Slope, Interception, RSquare, Variance, RVariance, LineFit) = series_fit_line(LineFit2) +// Check whether the line fit reaches the threshold, and if the spike represents an increase (rather than a decrease) +| project PatternMatch = iff(RSquare2 > MinRSquare and Slope>0, "Spike detected", "No spike") +``` + + + +### Recently stopped heartbeats - Heartbeat table + + +Lists resources that stopped sending heartbeats in past 15 minutes. + +```query +// Resources, which stopped sending heartbeats in last 15 minutes +Heartbeat +| summarize LastReported=now()-max(TimeGenerated) by ResourceGroup, Resource, ResourceType +// Assuming that heartbeats are sent at least every minute we are looking at 1-15 minute interval +| where LastReported between(1m..15m) +``` + + + +### Computers availability today + + +Chart the number of computers sending logs, each hour. + +```query +Heartbeat +| summarize dcount(ComputerIP) by bin(TimeGenerated, 1h) +| render timechart +``` + + + +### Unavailable computers + + +List all known computers that didn't send a heartbeat in the last 5 hours. + +```query +Heartbeat +| summarize LastHeartbeat=max(TimeGenerated) by Computer +| where LastHeartbeat < ago(5h) +``` + + + +### Availability rate + + +Calculate the availability rate of each connected computer. + +```query +Heartbeat +// bin_at is used to set the time grain to 1 hour, starting exactly 24 hours ago +| summarize heartbeatPerHour = count() by bin_at(TimeGenerated, 1h, ago(24h)), Computer +| extend availablePerHour = iff(heartbeatPerHour > 0, true, false) +| summarize totalAvailableHours = countif(availablePerHour == true) by Computer +| extend availabilityRate = totalAvailableHours*100.0/24 +``` + + + +### Not reporting VMs + + +VMs that have not reported a heartbeat in the last 5 minutes. + +```query +// To create an alert for this query, click '+ New alert rule' +Heartbeat +| where TimeGenerated > ago(24h) +| summarize LastCall = max(TimeGenerated) by Computer, _ResourceId +| where LastCall < ago(5m) + +``` + + + +### Computers list + + +List of computers with Azure Update Management deployed. + +```query +Heartbeat +| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer) +| summarize arg_max(TimeGenerated, Solutions, Computer, ResourceId, ComputerEnvironment, VMUUID) by SourceComputerId +| where Solutions has "updates" +| extend vmuuId=VMUUID, azureResourceId=ResourceId, osType=1, environment=iff(ComputerEnvironment=~"Azure", 1, 2), scopedToUpdatesSolution=true, lastUpdateAgentSeenTime="" +| join kind=leftouter +( + Update + | where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat + | where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer) + | summarize arg_max(TimeGenerated, Solutions) by SourceComputerId + | where Solutions has "updates" + | distinct SourceComputerId)) + | summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Product, Computer, ComputerEnvironment) by SourceComputerId, Product, ProductArch + | summarize Computer=any(Computer), ComputerEnvironment=any(ComputerEnvironment), missingCriticalUpdatesCount=countif(Classification has "Critical" and UpdateState=~"Needed"), missingSecurityUpdatesCount=countif(Classification has "Security" and UpdateState=~"Needed"), missingOtherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security" and UpdateState=~"Needed"), lastAssessedTime=max(TimeGenerated), lastUpdateAgentSeenTime="" by SourceComputerId + | extend compliance=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0, 2, 1) + | extend ComplianceOrder=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0 or missingOtherUpdatesCount > 0, 1, 3) +) +on SourceComputerId +| project id=SourceComputerId, displayName=Computer, sourceComputerId=SourceComputerId, scopedToUpdatesSolution=true, missingCriticalUpdatesCount=coalesce(missingCriticalUpdatesCount, -1), missingSecurityUpdatesCount=coalesce(missingSecurityUpdatesCount, -1), missingOtherUpdatesCount=coalesce(missingOtherUpdatesCount, -1), compliance=coalesce(compliance, 4), lastAssessedTime, lastUpdateAgentSeenTime, osType=1, environment=iff(ComputerEnvironment=~"Azure", 1, 2), ComplianceOrder=coalesce(ComplianceOrder, 2) +| union(Heartbeat +| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer) +| summarize arg_max(TimeGenerated, Solutions, Computer, ResourceId, ComputerEnvironment, VMUUID) by SourceComputerId +| where Solutions has "updates" +| extend vmuuId=VMUUID, azureResourceId=ResourceId, osType=2, environment=iff(ComputerEnvironment=~"Azure", 1, 2), scopedToUpdatesSolution=true, lastUpdateAgentSeenTime="" +| join kind=leftouter +( + Update + | where TimeGenerated>ago(14h) and OSType!="Linux" and SourceComputerId in ((Heartbeat + | where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer) + | summarize arg_max(TimeGenerated, Solutions) by SourceComputerId + | where Solutions has "updates" + | distinct SourceComputerId)) + | summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, Optional, Approved, Computer, ComputerEnvironment) by Computer, SourceComputerId, UpdateID + | summarize Computer=any(Computer), ComputerEnvironment=any(ComputerEnvironment), missingCriticalUpdatesCount=countif(Classification has "Critical" and UpdateState=~"Needed" and Approved!=false), missingSecurityUpdatesCount=countif(Classification has "Security" and UpdateState=~"Needed" and Approved!=false), missingOtherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security" and UpdateState=~"Needed" and Optional==false and Approved!=false), lastAssessedTime=max(TimeGenerated), lastUpdateAgentSeenTime="" by SourceComputerId + | extend compliance=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0, 2, 1) + | extend ComplianceOrder=iff(missingCriticalUpdatesCount > 0 or missingSecurityUpdatesCount > 0 or missingOtherUpdatesCount > 0, 1, 3) +) +on SourceComputerId +| project id=SourceComputerId, displayName=Computer, sourceComputerId=SourceComputerId, scopedToUpdatesSolution=true, missingCriticalUpdatesCount=coalesce(missingCriticalUpdatesCount, -1), missingSecurityUpdatesCount=coalesce(missingSecurityUpdatesCount, -1), missingOtherUpdatesCount=coalesce(missingOtherUpdatesCount, -1), compliance=coalesce(compliance, 4), lastAssessedTime, lastUpdateAgentSeenTime, osType=2, environment=iff(ComputerEnvironment=~"Azure", 1, 2), ComplianceOrder=coalesce(ComplianceOrder, 2)) +| order by ComplianceOrder asc, missingCriticalUpdatesCount desc, missingSecurityUpdatesCount desc, missingOtherUpdatesCount desc, displayName asc +| project-away ComplianceOrder +``` + + + +### Find In Heartbeat + + +Find in Heartbeat to search for a specific value in the Heartbeat table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +Heartbeat +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/identitydirectoryevents.md b/articles/azure-monitor/reference/queries/identitydirectoryevents.md new file mode 100644 index 0000000000..3f5fc8c51b --- /dev/null +++ b/articles/azure-monitor/reference/queries/identitydirectoryevents.md @@ -0,0 +1,54 @@ +--- +title: Example log table queries for IdentityDirectoryEvents +description: Example queries for IdentityDirectoryEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the IdentityDirectoryEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Group Membership changed + + +Group Membership changed. + +```query +let group = ''; +IdentityDirectoryEvents +| where ActionType == 'Group Membership changed' +| extend AddedToGroup = AdditionalFields['TO.GROUP'] +| extend RemovedFromGroup = AdditionalFields['FROM.GROUP'] +| extend TargetAccount = AdditionalFields['TARGET_OBJECT.USER'] +| where AddedToGroup == group or RemovedFromGroup == group +| project-reorder Timestamp, ActionType, AddedToGroup, RemovedFromGroup, TargetAccount +| limit 100 +``` + + + +### Password change event + + +Find the latest password change event for a specific account. + +```query +//Find the latest password change event for a specific account +let userAccount = ''; +let deviceAccount = 'insert your device account'; +IdentityDirectoryEvents +| where ActionType == 'Account Password changed' +| where TargetAccountDisplayName == userAccount +//If you are looking for last password change of a device account comment the above row and remove comment from the below row +//| where TargetDeviceName == deviceAccount +| summarize LastPasswordChangeTime = max(Timestamp) by TargetAccountDisplayName // or change to TargetDeviceName for devcie account +``` + diff --git a/articles/azure-monitor/reference/queries/identitylogonevents.md b/articles/azure-monitor/reference/queries/identitylogonevents.md new file mode 100644 index 0000000000..d8ff5440a3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/identitylogonevents.md @@ -0,0 +1,40 @@ +--- +title: Example log table queries for IdentityLogonEvents +description: Example queries for IdentityLogonEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the IdentityLogonEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### LDAP authentication processes with cleartext passwords + + +Find processes that performed LDAP authentication with cleartext passwords. + +```query +// Find processes that performed LDAP authentication with cleartext passwords +IdentityLogonEvents +| where Protocol == "LDAP" //and isnotempty(AccountName) +| project LogonTime = Timestamp, DeviceName, Application, ActionType, LogonType //,AccountName +| join kind=inner ( +DeviceNetworkEvents +| where ActionType == "ConnectionSuccess" +| extend DeviceName = toupper(trim(@"\..*$",DeviceName)) +| where RemotePort == "389" +| project NetworkConnectionTime = Timestamp, DeviceName, AccountName = InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessCommandLine +) on DeviceName +| where LogonTime - NetworkConnectionTime between (-2m .. 2m) +| project Application, LogonType, ActionType, LogonTime, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine //, AccountName +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/identityqueryevents.md b/articles/azure-monitor/reference/queries/identityqueryevents.md new file mode 100644 index 0000000000..6f19328ec3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/identityqueryevents.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for IdentityQueryEvents +description: Example queries for IdentityQueryEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the IdentityQueryEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### SAMR queries to Active Directory + + +Find processes that sent SAMR queries to Active Directory. + +```query +// Find processes that sent SAMR queries to Active Directory +IdentityQueryEvents +| where ActionType == "SAMR query" +// and isnotempty(AccountName) +| project QueryTime = Timestamp, DeviceName, AccountName, Query, QueryTarget +| join kind=inner ( +DeviceProcessEvents +| extend DeviceName = toupper(trim(@"\..*$",DeviceName)) +//| where InitiatingProcessCommandLine contains "net.exe" +| project ProcessCreationTime = Timestamp, DeviceName, AccountName, + InitiatingProcessFileName , InitiatingProcessCommandLine + ) on DeviceName//, AccountName +| where ProcessCreationTime - QueryTime between (-2m .. 2m) +| project QueryTime, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, Query, QueryTarget //,AccountName + | limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/insightsmetrics.md b/articles/azure-monitor/reference/queries/insightsmetrics.md new file mode 100644 index 0000000000..194ba239a3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/insightsmetrics.md @@ -0,0 +1,253 @@ +--- +title: Example log table queries for InsightsMetrics +description: Example queries for InsightsMetrics log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the InsightsMetrics table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### IoT Edge: Device offline or not sending messages upstream at expected rate + + +Identify IoT Edge devices seen in the last 2 days that are not sending D2C messages to IoT Hub at an expected rate during a 30 minute period. + +```query +// To create an alert for this query, click '+ New alert rule' +let targetReceiver = "upstream"; +InsightsMetrics +| where Origin == "iot.azm.ms" and Namespace == "metricsmodule" +| where Name == "edgehub_messages_sent_total" +| extend dimensions=parse_json(Tags) +| extend device = tostring(dimensions.edge_device) +| extend target = trim_start(@"[^/]+/", extractjson("$.to", +tostring(dimensions), typeof(string))) +| where target contains targetReceiver +| extend source = strcat(device, "::", trim_start(@"[^/]+/", +tostring(dimensions.from))) +| extend messages = toint(Val) +| extend timeUtc = TimeGenerated +| extend sourceTarget = strcat(source, "::", target) +| project timeUtc, source, sourceTarget, messages, device, _ResourceId +| order by device, sourceTarget, timeUtc +| serialize +| extend nextCount = next(messages, 1) +| extend nextSourceTarget= next(sourceTarget, 1) +| extend diff = iff((messages - nextCount) >= 0, messages - nextCount, 0) +| where sourceTarget == nextSourceTarget and diff >= 0 +| project TimeGenerated = timeUtc, source, sourceTarget, messages, diff, +device, _ResourceId +| make-series sum(diff) default=0 on TimeGenerated from ago(2d) to now() +step 30m by device, _ResourceId +| mv-expand sum_diff, TimeGenerated +| project TimeGenerated=todatetime(TimeGenerated), device, +AggregatedValue=toint(sum_diff), _ResourceId +``` + + + +### IoT Edge: Edge Hub queue size over threshold + + +Number of times a device's Edge Hub queue size (sum) was over the configured threshold during the evaluation period. + +```query +// To create an alert for this query, click '+ New alert' +let qlenThreshold = 100; +InsightsMetrics +| where Origin == "iot.azm.ms" and Namespace == "metricsmodule" +| where Name == "edgehub_queue_length" +| extend dimensions=parse_json(Tags) +| extend device = tostring(dimensions.edge_device) +| extend ep = tostring(dimensions.endpoint) +| extend qlen = toint(Val) +| project device, qlen, ep, TimeGenerated, _ResourceId +| summarize sum(qlen) by TimeGenerated, device, _ResourceId +| where sum_qlen >= qlenThreshold +| project-away sum_qlen +``` + + + +### Maximum node disk + + +Max node disk usage averaged over 30 mins intervals. + +```query +// To create an alert for this query, click '+ New alert rule' +//InsightMetrics contains all the custom metrics for Container Insights solution +InsightsMetrics // Replace Name with your custom metric +| where Name == "used_percent" and Namespace == "container.azm.ms/disk" +| summarize val= max(Val) by bin(TimeGenerated, 15m), _ResourceId +| render timechart +``` + + + +### Prometheus disk read per second per node + + +View Prometheus disk read metrics from the default kubernetes namespace as timechart. + +```query +// To create an alert for this query, click '+ New alert rule' +// Update TimeGenerated field for custom time range +InsightsMetrics +| where Namespace == 'container.azm.ms/diskio' +| where TimeGenerated > ago(1h) +| where Name == 'reads' +| extend Tags = todynamic(Tags) +| extend HostName = tostring(Tags.hostName), Device = Tags.name +| extend NodeDisk = strcat(Device, "/", HostName) +| order by NodeDisk asc, TimeGenerated asc +| serialize //calculating the PreVal, PrevTimeGenerated to render the chart. +| extend PrevVal = iif(prev(NodeDisk) != NodeDisk, 0.0, prev(Val)), PrevTimeGenerated = iif(prev(NodeDisk) != NodeDisk, datetime(null), prev(TimeGenerated)) +| where isnotnull(PrevTimeGenerated) and PrevTimeGenerated != TimeGenerated +//Calculating the rate for disk using PreVal +| extend Rate = iif(PrevVal > Val, Val / (datetime_diff('Second', TimeGenerated, PrevTimeGenerated) * 1), iif(PrevVal == Val, 0.0, (Val - PrevVal) / (datetime_diff('Second', TimeGenerated, PrevTimeGenerated) * 1))) +| where isnotnull(Rate) +| project TimeGenerated, NodeDisk, Rate, _ResourceId +| render timechart +``` + + + +### Find In InsightsMetrics + + +Find in InsightsMetrics to search for a specific value in the InsightsMetrics table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +InsightsMetrics +| where * contains tostring(SearchValue) +| take 1000 +``` + + + +### What data is being collected? + + +List the collected performance counters and object types. + +```query +InsightsMetrics +| where Origin == "vm.azm.ms" +| summarize by Namespace, Name +``` + + + +### Virtual Machine available memory + + +Virtual Machine available memory. + +```query +InsightsMetrics +| where TimeGenerated > ago(1h) +| where Origin == "vm.azm.ms" +| where Namespace == "Memory" +| where Name == "AvailableMB" +| summarize avg(Val) by bin(TimeGenerated, 5m), Computer +| render timechart +``` + + + +### Chart CPU usage trends by computer + + +Calculate CPU usage patterns over the last hour, chart by percentiles. + +```query +InsightsMetrics +| where TimeGenerated > ago(1h) +| where Origin == "vm.azm.ms" +| where Namespace == "Processor" +| where Name == "UtilizationPercentage" +| summarize avg(Val) by bin(TimeGenerated, 5m), Computer //split up by computer +| render timechart +``` + + + +### Virtual Machine free disk space + + +Show the latest report of free disk space, per instance. + +```query +InsightsMetrics +| where TimeGenerated > ago(1h) +| where Origin == "vm.azm.ms" +| where Namespace == "LogicalDisk" +| where Name == "FreeSpaceMB" +| extend t=parse_json(Tags) +| summarize arg_max(TimeGenerated, *) by tostring(t["vm.azm.ms/mountId"]), Computer // arg_max over TimeGenerated returns the latest record +| project Computer, TimeGenerated, t["vm.azm.ms/mountId"], Val +``` + + + +### Track VM Availability using Heartbeat + + +Display the VM's reported availability during the last hour. + +```query +InsightsMetrics +| where TimeGenerated > ago(1h) +| where Origin == "vm.azm.ms" +| where Namespace == "Computer" +| where Name == "Heartbeat" +| summarize heartbeat_count = count() by bin(TimeGenerated, 5m), Computer +| extend alive=iff(heartbeat_count > 2, 1.0, 0.0) //computer considered "down" if it has 2 or fewer heartbeats in 5 min interval +| project TimeGenerated, alive, Computer +| render timechart with (ymin = 0, ymax = 1) +``` + + + +### Top 10 Virtual Machines by CPU utilization + + +Top 10 Virtual Machines by CPU utilization. + +```query +InsightsMetrics +| where TimeGenerated > ago(1h) +| where Origin == "vm.azm.ms" +| where Namespace == "Processor" and Name == "UtilizationPercentage" +| summarize P90 = percentile(Val, 90) by Computer +| top 10 by P90 +``` + + + +### Bottom 10 Free disk space % + + +Bottom 10 Free disk space % by computer. + +```query +InsightsMetrics +| where TimeGenerated > ago(24h) +| where Origin == "vm.azm.ms" +| where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage" +| summarize P90 = percentile(Val, 90) by Computer +| top 10 by P90 asc +``` + diff --git a/articles/azure-monitor/reference/queries/kubeevents.md b/articles/azure-monitor/reference/queries/kubeevents.md new file mode 100644 index 0000000000..640470c341 --- /dev/null +++ b/articles/azure-monitor/reference/queries/kubeevents.md @@ -0,0 +1,45 @@ +--- +title: Example log table queries for KubeEvents +description: Example queries for KubeEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the KubeEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Kubernetes events + + +Lists all the Kubernetes events. + +```query +KubeEvents +| where TimeGenerated > ago(7d) +| where not(isempty(Namespace)) +| top 200 by TimeGenerated desc +``` + + + +### Find In KubeEvents + + +Find in KubeEvents to search for a specific value in the KubeEvents table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +KubeEvents +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/kubemonagentevents.md b/articles/azure-monitor/reference/queries/kubemonagentevents.md new file mode 100644 index 0000000000..55aed91f29 --- /dev/null +++ b/articles/azure-monitor/reference/queries/kubemonagentevents.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for KubeMonAgentEvents +description: Example queries for KubeMonAgentEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the KubeMonAgentEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find In KubeMonAgentEvents + + +Find in KubeMonAgentEvents to search for a specific value in the KubeMonAgentEvents table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +KubeMonAgentEvents +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/kubenodeinventory.md b/articles/azure-monitor/reference/queries/kubenodeinventory.md new file mode 100644 index 0000000000..e2c2528a67 --- /dev/null +++ b/articles/azure-monitor/reference/queries/kubenodeinventory.md @@ -0,0 +1,146 @@ +--- +title: Example log table queries for KubeNodeInventory +description: Example queries for KubeNodeInventory log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the KubeNodeInventory table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Avg node CPU usage percentage per minute + + +For your cluster view avg node CPU usage percentage per minute over the last hour. + +```query +// To create an alert for this query, click '+ New alert rule' +//Modify the startDateTime & endDateTime to customize the timerange +let endDateTime = now(); +let startDateTime = ago(1h); +let trendBinSize = 1m; +let capacityCounterName = 'cpuCapacityNanoCores'; +let usageCounterName = 'cpuUsageNanoCores'; +KubeNodeInventory +| where TimeGenerated < endDateTime +| where TimeGenerated >= startDateTime +// cluster filter would go here if multiple clusters are reporting to the same Log Analytics workspace +| distinct ClusterName, Computer, _ResourceId +| join hint.strategy=shuffle ( + Perf + | where TimeGenerated < endDateTime + | where TimeGenerated >= startDateTime + | where ObjectName == 'K8SNode' + | where CounterName == capacityCounterName + | summarize LimitValue = max(CounterValue) by Computer, CounterName, bin(TimeGenerated, trendBinSize) + | project Computer, CapacityStartTime = TimeGenerated, CapacityEndTime = TimeGenerated + trendBinSize, LimitValue +) on Computer +| join kind=inner hint.strategy=shuffle ( + Perf + | where TimeGenerated < endDateTime + trendBinSize + | where TimeGenerated >= startDateTime - trendBinSize + | where ObjectName == 'K8SNode' + | where CounterName == usageCounterName + | project Computer, UsageValue = CounterValue, TimeGenerated +) on Computer +| where TimeGenerated >= CapacityStartTime and TimeGenerated < CapacityEndTime +| project ClusterName, Computer, TimeGenerated, UsagePercent = UsageValue * 100.0 / LimitValue, _ResourceId +| summarize AggregatedValue = avg(UsagePercent) by bin(TimeGenerated, trendBinSize), ClusterName, _ResourceId +``` + + + +### Avg node memory usage percentage per minute + + +For your cluster view avg node memory usage percentage per minute over the last hour. + +```query +// To create an alert for this query, click '+ New alert rule' +let endDateTime = now(); +let startDateTime = ago(1h); +let trendBinSize = 1m; +let capacityCounterName = 'memoryCapacityBytes'; +let usageCounterName = 'memoryRssBytes'; +KubeNodeInventory +| where TimeGenerated < endDateTime +| where TimeGenerated >= startDateTime +// cluster filter would go here if multiple clusters are reporting to the same Log Analytics workspace +| distinct ClusterName, Computer, _ResourceId +| join hint.strategy=shuffle ( + Perf + | where TimeGenerated < endDateTime + | where TimeGenerated >= startDateTime + | where ObjectName == 'K8SNode' + | where CounterName == capacityCounterName + | summarize LimitValue = max(CounterValue) by Computer, CounterName, bin(TimeGenerated, trendBinSize) + | project Computer, CapacityStartTime = TimeGenerated, CapacityEndTime = TimeGenerated + trendBinSize, LimitValue +) on Computer +| join kind=inner hint.strategy=shuffle ( + Perf + | where TimeGenerated < endDateTime + trendBinSize + | where TimeGenerated >= startDateTime - trendBinSize + | where ObjectName == 'K8SNode' + | where CounterName == usageCounterName + | project Computer, UsageValue = CounterValue, TimeGenerated +) on Computer +| where TimeGenerated >= CapacityStartTime and TimeGenerated < CapacityEndTime +| project ClusterName, Computer, TimeGenerated, UsagePercent = UsageValue * 100.0 / LimitValue, _ResourceId +| summarize AggregatedValue = avg(UsagePercent) by bin(TimeGenerated, trendBinSize), ClusterName, _ResourceId +``` + + + +### Readiness status per node + + +For all your cluster view count of all the nodes by readiness. + +```query +// To create an alert for this query, click '+ New alert rule' +//Customize startDateTime, endDateTime to select custom time range +let endDateTime = now(); +let startDateTime = ago(1h); +let trendBinSize = 1m; +KubeNodeInventory +| where TimeGenerated < endDateTime +| where TimeGenerated >= startDateTime +| distinct ClusterName, Computer, _ResourceId,TimeGenerated +| summarize ClusterSnapshotCount = count() by bin(TimeGenerated, trendBinSize), ClusterName, Computer, _ResourceId +| join hint.strategy=broadcast kind=inner ( + KubeNodeInventory //this calculating ready node count. + | where TimeGenerated < endDateTime + | where TimeGenerated >= startDateTime + | summarize TotalCount = count(), ReadyCount = sumif(1, Status contains ('Ready')) + by ClusterName, Computer, bin(TimeGenerated, trendBinSize), _ResourceId //calculating NotReadyCount + | extend NotReadyCount = TotalCount - ReadyCount +) on ClusterName, Computer, _ResourceId, TimeGenerated + //projecting all the fields +| project TimeGenerated, ClusterName, Computer, ReadyCount = todouble(ReadyCount) / ClusterSnapshotCount, + NotReadyCount = todouble(NotReadyCount) / ClusterSnapshotCount, _ResourceId +| order by ClusterName asc, Computer asc, TimeGenerated desc, _ResourceId +``` + + + +### Find In KubeNodeInventory + + +Find in KubeNodeInventory to search for a specific value in the KubeNodeInventory table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +KubeNodeInventory +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/kubepodinventory.md b/articles/azure-monitor/reference/queries/kubepodinventory.md new file mode 100644 index 0000000000..30c542f7c4 --- /dev/null +++ b/articles/azure-monitor/reference/queries/kubepodinventory.md @@ -0,0 +1,65 @@ +--- +title: Example log table queries for KubePodInventory +description: Example queries for KubePodInventory log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the KubePodInventory table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Pods in crash loop + + +Determines whether Pods/Containers has Crash-Loop phase. + +```query +//Determines whether Pods/Containers has Crash-Loop phase +KubePodInventory +| where ContainerStatus == 'waiting' +| where ContainerStatusReason == 'CrashLoopBackOff' or ContainerStatusReason == 'Error' +| extend ContainerLastStatus=todynamic(ContainerLastStatus) +| summarize RestartCount = arg_max(ContainerRestartCount, Computer, Namespace, ContainerLastStatus.reason) by Name +``` + + + +### Pods in pending state + + +Check Pods that cannot be started and their pending time. + +```query +//Check Pods that cannot be started and its pending time +KubePodInventory +| where PodStatus == 'Pending' +| project PodCreationTimeStamp, Namespace, PodStartTime, PodStatus, Name, ContainerStatus +| summarize Start = any(PodCreationTimeStamp), arg_max(PodStartTime, Namespace) by Name +| extend PodStartTime = iff(isnull(PodStartTime), now(), PodStartTime) +| extend PendingTime = PodStartTime - Start +| project Name, Namespace ,PendingTime +``` + + + +### Find In KubePodInventory + + +Find in KubePodInventory to search for a specific value in the KubePodInventory table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +KubePodInventory +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/kubeservices.md b/articles/azure-monitor/reference/queries/kubeservices.md new file mode 100644 index 0000000000..1b7966ba37 --- /dev/null +++ b/articles/azure-monitor/reference/queries/kubeservices.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for KubeServices +description: Example queries for KubeServices log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the KubeServices table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find In KubeServices + + +Find in KubeServices to search for a specific value in the KubeServices table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +KubeServices +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/laquerylogs.md b/articles/azure-monitor/reference/queries/laquerylogs.md new file mode 100644 index 0000000000..b6a1bb7177 --- /dev/null +++ b/articles/azure-monitor/reference/queries/laquerylogs.md @@ -0,0 +1,99 @@ +--- +title: Example log table queries for LAQueryLogs +description: Example queries for LAQueryLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the LAQueryLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most Requested ResourceIds + + +Most queried resources over the last 24 hours. + +```query +LAQueryLogs +| extend reqContext = parse_json(RequestContext) +| extend datasources = array_concat(reqContext["resources"], reqContext["workspaces"], reqContext["applications"]) +| mv-expand datasources +| summarize reqCount = count() by tostring(datasources) +| order by reqCount desc +``` + + + +### Unauthorized Users + + +Get a list of unauthorized users with their request count in last 24 hours. + +```query +LAQueryLogs +| where ResponseCode == "403" +| summarize reqCount = count() by AADObjectId +| order by reqCount desc +``` + + + +### Throttled Users + + +Get a list of throttled users with their request count in last 24 hours. + +```query +LAQueryLogs +| where ResponseCode == "429" +| summarize reqCount = count() by AADObjectId +| order by reqCount desc +``` + + + +### Request Count by ResponseCode + + +Request count by response code within 1 min buckets in last 1 hour. + +```query +LAQueryLogs +| where TimeGenerated > ago(1h) +| summarize count() by tostring(ResponseCode), bin(TimeGenerated, 1m) +| render columnchart with (kind=stacked) +``` + + + +### Top 10 resource intensive queries + + +Get top 10 resource intesive queries (based on CPU consumption) in last 24 hours. + +```query +LAQueryLogs +| top 10 by StatsCPUTimeMs desc nulls last +``` + + + +### Top 10 longest time range queries + + +Get top 10 queries that scanned the longest time range in last 24 hours. + +```query +LAQueryLogs +| extend DataProcessedTimeRange = format_timespan(StatsDataProcessedEnd - StatsDataProcessedStart, 'dd.hh:mm:ss:FF') +| top 10 by DataProcessedTimeRange desc nulls last +``` + diff --git a/articles/azure-monitor/reference/queries/lasummarylogs.md b/articles/azure-monitor/reference/queries/lasummarylogs.md new file mode 100644 index 0000000000..73fed88f5b --- /dev/null +++ b/articles/azure-monitor/reference/queries/lasummarylogs.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for LASummaryLogs +description: Example queries for LASummaryLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the LASummaryLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Bin Rules Query Duration + + +Get a list of bin rules with their query duration. + +```query +LASummaryLogs +| summarize QueryDurationInSeconds = sum(QueryDurationMs)/1000 by RuleName, BinStartTime +| sort by QueryDurationInSeconds desc +``` + diff --git a/articles/azure-monitor/reference/queries/logicappworkflowruntime.md b/articles/azure-monitor/reference/queries/logicappworkflowruntime.md new file mode 100644 index 0000000000..87219602ae --- /dev/null +++ b/articles/azure-monitor/reference/queries/logicappworkflowruntime.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for LogicAppWorkflowRuntime +description: Example queries for LogicAppWorkflowRuntime log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the LogicAppWorkflowRuntime table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count of failed workflow operations from Logic App Workflow Runtime + + +Count of failed workflow operations from Logic App Workflow Runtime in selected time range for each workflow. + +```query +LogicAppWorkflowRuntime +| where Status == "Failed" +| summarize count() by WorkflowName +``` + diff --git a/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md b/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md new file mode 100644 index 0000000000..55fe0668ef --- /dev/null +++ b/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md @@ -0,0 +1,54 @@ +--- +title: Example log table queries for MDCDetectionDNSEvents +description: Example queries for MDCDetectionDNSEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MDCDetectionDNSEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### All DNS events where the domain queried was 'www.google.com' ordered by time + + +Get all DNS events where the domain queried was 'www.google.com' ordered by time. + +```query +MDCDetectionDNSEvents +| where Domain == "www.google.com" +| order by TimeGenerated +| limit 100 +``` + + + +### All recent Gating validation events + + +Get all Gating validation events published in the last 24 hours. + +```query +source +| project + AzureResourceId, + Region, + Action, + RuleProperties, + AdmissionControlVersions, + EvaluatedResourceKind, + EvaluatedResourceName, + EvaluatedResourceParentKind, + EvaluatedResourceParentName, + EvaluatedResourceDetails, + Namespace, + TimeGenerated +``` + diff --git a/articles/azure-monitor/reference/queries/mdcdetectionfimevents.md b/articles/azure-monitor/reference/queries/mdcdetectionfimevents.md new file mode 100644 index 0000000000..64448f9a89 --- /dev/null +++ b/articles/azure-monitor/reference/queries/mdcdetectionfimevents.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for MDCDetectionFimEvents +description: Example queries for MDCDetectionFimEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MDCDetectionFimEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### All FIM events for directories + + +Get all FIM events against directories of the host. + +```query +MDCDetectionFimEvents +| where IsDir == "True" +| order by TimeGenerated +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/microsoftdatasharereceivedsnapshotlog.md b/articles/azure-monitor/reference/queries/microsoftdatasharereceivedsnapshotlog.md new file mode 100644 index 0000000000..709a62dfe0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/microsoftdatasharereceivedsnapshotlog.md @@ -0,0 +1,75 @@ +--- +title: Example log table queries for MicrosoftDataShareReceivedSnapshotLog +description: Example queries for MicrosoftDataShareReceivedSnapshotLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MicrosoftDataShareReceivedSnapshotLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### List received snapshots by duration + + +A list of the snapshots sorted by duration time, over the last 7 days. + +```query +MicrosoftDataShareReceivedSnapshotLog +| where TimeGenerated > ago(7d) +| where StartTime != "" and EndTime != "" +| project StartTime , EndTime , DurationSeconds =(todatetime(EndTime)-todatetime(StartTime))/1s, ResourceName = split(_ResourceId,"/accounts/",1)// use split to get a part of the _ResourceId +| sort by DurationSeconds desc nulls last +``` + + + +### Count failed received snapshots + + +Count of failed snapshots over the last 7 days. + +```query +MicrosoftDataShareReceivedSnapshotLog +| where TimeGenerated > ago(7d) +| where Status == "Failed" +| summarize count() by _ResourceId +``` + + + +### Frequent errors in received snapshots + + +Top 10 most frequent errors over the last 7 days. + +```query +MicrosoftDataShareReceivedSnapshotLog +| where TimeGenerated > ago(7d) +| where Status == "Failed" +| summarize count() by _ResourceId, DataSetType // Counting failed logs per datasettype +| top 10 by count_ desc nulls last +``` + + + +### Chart of daily received snapshots + + +A time chart of the daily snapshots count, over the past week. + +```query +// Failed, In Progress and Succeeded Received Snapshots +MicrosoftDataShareReceivedSnapshotLog +| where TimeGenerated > ago(7d) +| summarize count() by bin(TimeGenerated, 1d), Status , _ResourceId // Aggregating by day //Click "Table" to see resource's name. +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/microsoftdatasharesentsnapshotlog.md b/articles/azure-monitor/reference/queries/microsoftdatasharesentsnapshotlog.md new file mode 100644 index 0000000000..1ef5bd601a --- /dev/null +++ b/articles/azure-monitor/reference/queries/microsoftdatasharesentsnapshotlog.md @@ -0,0 +1,76 @@ +--- +title: Example log table queries for MicrosoftDataShareSentSnapshotLog +description: Example queries for MicrosoftDataShareSentSnapshotLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MicrosoftDataShareSentSnapshotLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### List sent snapshots by duration + + +A list of the snapshots sorted by duration time over the last 7 days. + +```query +MicrosoftDataShareSentSnapshotLog +| where TimeGenerated > ago(7d) +| where StartTime != "" and EndTime != "" +| project StartTime , EndTime , DurationSeconds =(todatetime(EndTime)-todatetime(StartTime))/1s , ResourceName = split(_ResourceId,"/accounts/",1) +| sort by DurationSeconds desc nulls last + +``` + + + +### Count failed sent snapshots + + +Total count of failed snapshots over the last 7 days. + +```query +MicrosoftDataShareSentSnapshotLog +| where TimeGenerated > ago(7d) +| where Status == "Failed" +| summarize count() by _ResourceId +``` + + + +### Frequent errors in sent snapshots + + +List top 10 errors over the last 7 days. + +```query +MicrosoftDataShareSentSnapshotLog +| where TimeGenerated > ago(7d) +| where Status == "Failed" +| summarize count() by _ResourceId, DataSetType// Counting failed logs per datasettype +| top 10 by count_ desc nulls last +``` + + + +### Chart of daily sent snapshots + + +A time chart of recent snapshots count, succeeded VS failed. + +```query +//Succeeded VS Failed +MicrosoftDataShareSentSnapshotLog +| where TimeGenerated > ago(30d) +| summarize count() by bin(TimeGenerated, 1d), Status, _ResourceId // Aggregating by day //Click "Table" to see resource's name. +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/microsoftgraphactivitylogs.md b/articles/azure-monitor/reference/queries/microsoftgraphactivitylogs.md new file mode 100644 index 0000000000..98b477e3bd --- /dev/null +++ b/articles/azure-monitor/reference/queries/microsoftgraphactivitylogs.md @@ -0,0 +1,47 @@ +--- +title: Example log table queries for MicrosoftGraphActivityLogs +description: Example queries for MicrosoftGraphActivityLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MicrosoftGraphActivityLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Frequent users endpoint callers + + +Gets list of apps and service principals calling users endpoint. + +```query +MicrosoftGraphActivityLogs +| where RequestUri has "users" +| summarize NumRequests=count() by AppId, ServicePrincipalId, UserId +| sort by NumRequests desc +| limit 100 +``` + + + +### Failed groups endpoint requests + + +Gets a list of failed requests to group entities, by apps and service principals. + +```query +MicrosoftGraphActivityLogs +| where ResponseStatusCode == 403 +| where RequestUri has "groups" +| summarize UniqueRequests=dcount(RequestId) by AppId, ServicePrincipalId, UserId +| sort by UniqueRequests desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/microsoftpurviewinformationprotection.md b/articles/azure-monitor/reference/queries/microsoftpurviewinformationprotection.md new file mode 100644 index 0000000000..1d1bcea726 --- /dev/null +++ b/articles/azure-monitor/reference/queries/microsoftpurviewinformationprotection.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for MicrosoftPurviewInformationProtection +description: Example queries for MicrosoftPurviewInformationProtection log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MicrosoftPurviewInformationProtection table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Microsoft Purview Information Protection events + + +Microsoft Purview Information Protection events summarized by label event type and workload. + +```query +MicrosoftPurviewInformationProtection +| summarize Value=count() by LabelEventType, Workload +| order by Value +``` + diff --git a/articles/azure-monitor/reference/queries/mnfdeviceupdates.md b/articles/azure-monitor/reference/queries/mnfdeviceupdates.md new file mode 100644 index 0000000000..ef5b2b00a3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/mnfdeviceupdates.md @@ -0,0 +1,96 @@ +--- +title: Example log table queries for MNFDeviceUpdates +description: Example queries for MNFDeviceUpdates log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MNFDeviceUpdates table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find all entries where value is active + + +Components state updates events are projected from devices. This query will list out all logs where value is active. + +```query +MNFDeviceUpdates +| where EventCategory == "ComponentStateUpdates" +| where Properties has "ACTIVE" +| project EventName, EventCategory, DeviceId, TimeGenerated, Properties +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Find all entries where value is up + + +Interface status updates are projected from devices. This query will list out all logs where value is up. + +```query +MNFDeviceUpdates +| where EventCategory == "InterfaceStateUpdates" +| where Properties !has "DOWN" +| project EventName, EventCategory, DeviceId, TimeGenerated, Properties +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Find all events of the type VxlanVlanToVniVlan + + +Interface vxlan updates events are projected from devices. This query will list out all the logs where events is of the type VxlanVlanToVniVlan. + +```query +MNFDeviceUpdates +| where EventCategory == "InterfaceVxlanUpdates" +| where Properties has "VxlanVlanToVniVlan" +| project EventName, EventCategory, DeviceId, TimeGenerated, Properties +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Find all entries where afisafiname is not of the type L2VPN_EVPN + + +Network instance neighbor updates that happened between routers during a BGP communication are listed with types of afisafiname. This is the query to filter the logs where afisafiname is not of the type L2VPN_EVPN. + +```query +MNFDeviceUpdates +| where EventCategory == "NetworkInstanceBgpNeighborUpdates" +| where Properties !has "L2VPN_EVPN" +| project EventName, EventCategory, DeviceId, TimeGenerated, Properties +| sort by TimeGenerated desc +| limit 100 +``` + + + +### Find all entries where network instance name is of the type workload-mgmt + + +Network instance updates events from device will be reported here with different instance name. This query filters all network instances of the type workload-mgmt. + +```query +MNFDeviceUpdates +| where EventCategory == "NetworkInstanceUpdates" +| where Properties has "WORKLOAD-MGMT" +| project EventName, EventCategory, DeviceId, TimeGenerated, Properties +| sort by TimeGenerated desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/mnfsystemsessionhistoryupdates.md b/articles/azure-monitor/reference/queries/mnfsystemsessionhistoryupdates.md new file mode 100644 index 0000000000..3dede8c02d --- /dev/null +++ b/articles/azure-monitor/reference/queries/mnfsystemsessionhistoryupdates.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for MNFSystemSessionHistoryUpdates +description: Example queries for MNFSystemSessionHistoryUpdates log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MNFSystemSessionHistoryUpdates table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find all entries where session update user is admin + + +System session history update events are projected from devices. This query will list out all logs where session update user is admin. + +```query +MNFSystemSessionHistoryUpdates +| where EventCategory == "SystemSessionHistoryUpdates" +| project EventName, EventCategory, DeviceId, DeviceName, FabricId, TimeGenerated, DiffTimeStamp, GnmiTimeStamp, SessionUpdateSessionId, SessionUpdateUser, SessionDiffs +| sort by TimeGenerated desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/mnfsystemstatemessageupdates.md b/articles/azure-monitor/reference/queries/mnfsystemstatemessageupdates.md new file mode 100644 index 0000000000..981f8c1759 --- /dev/null +++ b/articles/azure-monitor/reference/queries/mnfsystemstatemessageupdates.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for MNFSystemStateMessageUpdates +description: Example queries for MNFSystemStateMessageUpdates log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the MNFSystemStateMessageUpdates table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find all errors from Syslog + + +Syslog from device will be reported with message severity codes. This query filters all error messages from the Syslog. + +```query +MNFSystemStateMessageUpdates +| where Properties has "error" +| project EventName, EventCategory, DeviceId, TimeGenerated, Properties +| sort by TimeGenerated desc +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/networksessions.md b/articles/azure-monitor/reference/queries/networksessions.md new file mode 100644 index 0000000000..24f7e4e075 --- /dev/null +++ b/articles/azure-monitor/reference/queries/networksessions.md @@ -0,0 +1,69 @@ +--- +title: Example log table queries for NetworkSessions +description: Example queries for NetworkSessions log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the NetworkSessions table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get traffic to non standard ports + + +This query identifies source IP addresses sending connection requests over multiple ports. This could be an indication of adversary attempts to list available services. References: MITRE Network Service Scanning (T1046) + +```query +// This query identifies source IP addresses sending connection requests over multiple ports. +// This could be an indication of adversary attempts to list available services. +// References: MITRE Network Service Scanning (T1046) +let threshold=5; +// Used to filter commonly used ports in your org +let commonPorts=dynamic([443, 53, 389, 80, 0, 880, 8888, 8080]); +NetworkSessions + | where isnotempty(DstPortNumber) and not(ipv4_is_private(DstIpAddr) ) + // filter out IANA ephemeral or negotiated ports as per https://en.wikipedia.org/wiki/Ephemeral_port + | where DstPortNumber !between (toint(49512) .. toint(65535)) + and DstPortNumber !in (commonPorts) + | where EventResult == "Failure" + | summarize PortCount=dcount(DstPortNumber) by SrcIpAddr, bin(TimeGenerated, 2m) + | where PortCount > threshold +``` + + + +### High volume traffic to uncommon domains + + +This query identifies domains receiving uncommon amount of data volume. This could be an indication of adversary attempts to steal and exfiltrate data. + +```query +// This query identifies domains receiving uncommon about of data volume. +// This could be an indication of adversary attempts to steal and exfiltrate data. +let isInternal = (url_hostname:string){url_hostname endswith ".local" or url_hostname endswith ".lan" or url_hostname endswith ".home"}; + // used to exclude internal traffic +let top1M = (externaldata (Position:int, Domain:string) [@"http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip"] with (format="csv", zipPattern="*.csv")); + // fetch the alexa top 1M domains +let top2ndLevelDomain=top1M + | extend Domain = tolower(extract("([^.]*).{0,7}$", 1, Domain)) + | distinct Domain; +let rareDomainTraffic = NetworkSessions + | where isnotempty(UrlHostname) and not(isInternal(UrlHostname)) + | extend SndLevelDomain=tolower(extract("([^.]*).{0,7}$", 1, UrlHostname)) + | where SndLevelDomain !in (top2ndLevelDomain) + | summarize BytesSent=sum(SrcBytes) by SndLevelDomain, UrlHostname; +rareDomainTraffic | summarize TotalBytes=sum(BytesSent) by SndLevelDomain +| join kind=innerunique + rareDomainTraffic + on SndLevelDomain +| sort by TotalBytes desc +``` + diff --git a/articles/azure-monitor/reference/queries/ngxoperationlogs.md b/articles/azure-monitor/reference/queries/ngxoperationlogs.md new file mode 100644 index 0000000000..b13788ae79 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ngxoperationlogs.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for NGXOperationLogs +description: Example queries for NGXOperationLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the NGXOperationLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show NGINXaaS access logs + + +A list of access logs sorted by time. + +```query +NGXOperationLogs +| where FilePath == "/var/log/nginx/access.log" +| sort by TimeGenerated asc +| take 100 +``` + + + +### Show NGINXaaS error logs + + +A list of error logs sorted by time. + +```query +NGXOperationLogs +| where FilePath == "/var/log/nginx/error.log" +| sort by TimeGenerated asc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/ngxsecuritylogs.md b/articles/azure-monitor/reference/queries/ngxsecuritylogs.md new file mode 100644 index 0000000000..a99e846099 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ngxsecuritylogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for NGXSecurityLogs +description: Example queries for NGXSecurityLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the NGXSecurityLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show NGINXaaS security logs + + +A list of security logs sorted by time. + +```query +NGXSecurityLogs +| where FilePath == "/var/log/nginx/security.log" +| sort by TimeGenerated asc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/nwconnectionmonitorpathresult.md b/articles/azure-monitor/reference/queries/nwconnectionmonitorpathresult.md new file mode 100644 index 0000000000..aeeadbb39e --- /dev/null +++ b/articles/azure-monitor/reference/queries/nwconnectionmonitorpathresult.md @@ -0,0 +1,41 @@ +--- +title: Example log table queries for NWConnectionMonitorPathResult +description: Example queries for NWConnectionMonitorPathResult log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the NWConnectionMonitorPathResult table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Path diagnostics + + +Gets path or all hops along with identified issues between given source and destination of a resource. + +```query +// For specific results, insert values in the let statements and uncomment the where filters within the query +// let connectionMonitorResourceId = ""; +// let sourceName = ""; +// let destinationName = ""; +// let testGroupName = ""; +// let testConfigurationName = ""; +NWConnectionMonitorPathResult +| where TimeGenerated > ago(24h) +// | where ConnectionMonitorResourceId has connectionMonitorResourceId +// | where SourceName has sourceName +// | where DestinationName has destinationName +// | where TestGroupName has testGroupName +// | where TestConfigurationName has testConfigurationName +| project TimeGenerated, ConnectionMonitorResourceId, PathTestResult, SourceName, SourceAddress, DestinationName, DestinationAddress, Hops +| order by TimeGenerated desc; +``` + diff --git a/articles/azure-monitor/reference/queries/nwconnectionmonitortestresult.md b/articles/azure-monitor/reference/queries/nwconnectionmonitortestresult.md new file mode 100644 index 0000000000..2d17896015 --- /dev/null +++ b/articles/azure-monitor/reference/queries/nwconnectionmonitortestresult.md @@ -0,0 +1,56 @@ +--- +title: Example log table queries for NWConnectionMonitorTestResult +description: Example queries for NWConnectionMonitorTestResult log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the NWConnectionMonitorTestResult table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed tests + + +Gets failed distinct source, destination, test group and test configuration for each resource. + +```query +NWConnectionMonitorTestResult +| where TimeGenerated > ago(24h) +| where TestResult == "Fail" +| distinct _ResourceId, SourceName, DestinationName, TestGroupName, TestConfigurationName +``` + + + +### Tests performance + + +Gets loss percentage and average latency between given source and destination of a resource. + +```query +// For specific results, insert values in the let statements and uncomment the where filters within the query +// let connectionMonitorResourceId = ""; +// let sourceName = ""; +// let destinationName = ""; +// let testGroupName = ""; +// let testConfigurationName = ""; +NWConnectionMonitorTestResult +| where TimeGenerated > ago(24h) +// | where ConnectionMonitorResourceId has connectionMonitorResourceId +// | where SourceName has sourceName +// | where DestinationName has destinationName +// | where TestGroupName has testGroupName +// | where TestConfigurationName has testConfigurationName +| extend LossPercent = ChecksFailed * 100 / ChecksTotal +| project TimeGenerated, ConnectionMonitorResourceId, TestResult, AvgRoundTripTimeMs, LossPercent, SourceName, SourceAddress, DestinationName, DestinationAddress +| order by TimeGenerated desc; +``` + diff --git a/articles/azure-monitor/reference/queries/oepairflowtask.md b/articles/azure-monitor/reference/queries/oepairflowtask.md new file mode 100644 index 0000000000..e504958989 --- /dev/null +++ b/articles/azure-monitor/reference/queries/oepairflowtask.md @@ -0,0 +1,81 @@ +--- +title: Example log table queries for OEPAirFlowTask +description: Example queries for OEPAirFlowTask log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the OEPAirFlowTask table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### DAG type vs DAG runs summary statitics + + +Number of DAG runs of each type of DAG type in the given time range + +```query +OEPAirFlowTask +| extend ResourceName = tostring(split(_ResourceId , '/')[-1]) +// | where ResourceName == "" // to filter on resourceName replace <...> and uncomment line +| distinct DagName, CorrelationId // correlationId is same as runId - we have created a duplicate for consistency in search across logs of all services +| sort by DagName asc + +``` + + + +### Correlation IDs of all DAG runs + + +Correlation IDs of all the DAG runs that have occurred in the time range (for all DAG types) + +```query +OEPAirFlowTask +| extend ResourceName = tostring(split(_ResourceId , '/')[-1]) +// | where ResourceName == "" // to filter on resourceName replace <...> and uncomment line +| distinct DagName, CorrelationId // correlationId is same as runId - we have created a duplicate for consistency in search across logs of all services +| summarize count() by DagName + +``` + + + +### Logs of a DAG run + + +Retrieves logs for a particular AirFlow DAG run given the correlationId and time range. + +```query +OEPAirFlowTask +| extend ResourceName = tostring(split(_ResourceId , '/')[-1]) +// | where ResourceName == "" // to filter on resourceName replace <...> and uncomment line +// | where CorrelationId == "" // to filter on correlationID replace <...> with correlationId (same as runId) - we have created a duplicate for to maintain consistency of column name across all services +| project TimeGenerated, DagName, LogLevel, DagTaskName, CodePath, Content + +``` + + + +### Error logs of a DAG run + + +Retrieves error logs for a particular AirFlow DAG run given the correlationId and time range. + +```query +OEPAirFlowTask +| extend ResourceName = tostring(split(_ResourceId , '/')[-1]) +// | where ResourceName == "" // to filter on resourceName replace <...> and uncomment line +// | where CorrelationId == "" // to filter on correlationID replace <...> with correlationId (same as runId) - we have created a duplicate for to maintain consistency of column name across all services +| where LogLevel == "ERROR" +| project TimeGenerated, DagName, LogLevel, DagTaskName, CodePath, Content + +``` + diff --git a/articles/azure-monitor/reference/queries/officeactivity.md b/articles/azure-monitor/reference/queries/officeactivity.md new file mode 100644 index 0000000000..85d8385832 --- /dev/null +++ b/articles/azure-monitor/reference/queries/officeactivity.md @@ -0,0 +1,100 @@ +--- +title: Example log table queries for OfficeActivity +description: Example queries for OfficeActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the OfficeActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### All Office Activity + + +All the events provided by Office Activity. + +```query +OfficeActivity +| project TimeGenerated, UserId, Operation, OfficeWorkload, RecordType, _ResourceId +| sort by TimeGenerated desc nulls last +``` + + + +### Users accessing files + + +Users sorted by number of OneDrive and SharePoint files they accessed. + +```query +OfficeActivity +| where OfficeWorkload in ("OneDrive", "SharePoint") and Operation in ("FileDownloaded", "FileAccessed") +| summarize AccessedFilesCount = dcount(OfficeObjectId) by UserId, _ResourceId +| sort by AccessedFilesCount desc nulls last +``` + + + +### File upload operation + + +Lists users sorted by number of files they uploaded to OneDrive and SharePoint. + +```query +OfficeActivity +| where OfficeWorkload in ("OneDrive", "SharePoint") and Operation in ("FileUploaded") +| summarize AccessedFilesCount = dcount(OfficeObjectId) by UserId, _ResourceId +| sort by AccessedFilesCount desc nulls last +``` + + + +### Office activity for user + + +The query presents user's activity over Office. + +```query +// Replace the UPN in the query with the UPN of the user of interest +let v_Users_UPN= "osotnoc@contoso.com"; +OfficeActivity +| where UserId==v_Users_UPN +| project TimeGenerated, OfficeWorkload, Operation, ResultStatus, OfficeObjectId, _ResourceId +``` + + + +### Creation of Forward rule + + +Lists creation of email forward rules. + +```query +OfficeActivity +| where OfficeWorkload == "Exchange" +| where Operation in~ ("New-TransportRule", "Set-TransportRule") +| extend RuleName = case(Operation =~ "Set-TransportRule", tostring(OfficeObjectId), Operation =~ "New-TransportRule", tostring(parse_json(Parameters)[1].Value), "Unknown") +| project TimeGenerated, ClientIP, UserId, Operation, RuleName, _ResourceId +``` + + + +### Suspicious file name + + +Operations on files with name that might indicate obfuscation of an executable. + +```query +OfficeActivity +| where RecordType =~ "SharePointFileOperation" and isnotempty(SourceFileName) +| where OfficeObjectId has ".exe." and OfficeObjectId matches regex @"\.exe\.\w{0,4}$" +``` + diff --git a/articles/azure-monitor/reference/queries/olpsupplychainentityoperations.md b/articles/azure-monitor/reference/queries/olpsupplychainentityoperations.md new file mode 100644 index 0000000000..a677cb3c9c --- /dev/null +++ b/articles/azure-monitor/reference/queries/olpsupplychainentityoperations.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for OLPSupplyChainEntityOperations +description: Example queries for OLPSupplyChainEntityOperations log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the OLPSupplyChainEntityOperations table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Count of successful warehouse delete requests + + +Evaluates the count of successful warehouse delete requests. + +```query +SupplyChainEntityOperationLogs +| where RequestMethod == "DELETE" and OperationName == "Microsoft.OpenLogisticsPlatform/workspace/warehouses/delete" and HttpStatusCode == 200 +| summarize Count = count() by RequestId +``` + diff --git a/articles/azure-monitor/reference/queries/perf.md b/articles/azure-monitor/reference/queries/perf.md new file mode 100644 index 0000000000..7db91f3a82 --- /dev/null +++ b/articles/azure-monitor/reference/queries/perf.md @@ -0,0 +1,281 @@ +--- +title: Example log table queries for Perf +description: Example queries for Perf log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Perf table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Non-RDMA activity + + +View Non-RDMA activity of a node within a cluster. + +```query +//Select your log analytics workspace and replace enter nodename with the name of the node within a cluster on which you want to set the alert for Non-RDMA activity +Perf +| where ObjectName == "Network Interface" +| extend Nodename= tostring(split(Computer, ".")[0]) +| where Nodename =~'enter nodename' +| summarize NetworkUsage = sum(CounterValue), Nodename = any(Nodename) by TimeGenerated +| summarize arg_max(TimeGenerated, Nodename, NetworkUsage) +``` + + + +### RDMA activity + + +View RDMA activity of a node within a cluster. + +```query +//Select log analytics workspace and replace enter nodename with the name of the node within a cluster on which you want to set the alert for RDMA activity +Perf +| where ObjectName == "RDMA Activity" +| extend Nodename= tostring(split(Computer, ".")[0]) +| where Nodename =~'enter nodename' +| summarize RdmaUsage = sum(CounterValue), Nodename = any(Nodename) by TimeGenerated +| summarize arg_max(TimeGenerated, Nodename, RdmaUsage) +``` + + + +### What data is being collected? + + +List the collected performance counters and object types (Process, Memory, Processor). + +```query +Perf +| summarize by ObjectName, CounterName +``` + + + +### Memory and CPU usage + + +Chart all computers' used memory and CPU, over the last hour. + +```query +Perf +| where TimeGenerated > ago(1h) +| where (CounterName == "% Processor Time" and InstanceName == "_Total") or CounterName == "% Used Memory" +| project TimeGenerated, CounterName, CounterValue +| summarize avg(CounterValue) by CounterName, bin(TimeGenerated, 1m) +| render timechart +``` + + + +### CPU usage trends over the last day + + +Calculate CPU usage patterns across all computers, chart by percentiles. + +```query +Perf +| where ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total" +| summarize percentiles(CounterValue, 50, 90, 99) by bin(TimeGenerated, 1h) +| render timechart +``` + + + +### Top 10 computers with the highest disk space + + +Show the top 10 computers with the highest available disk space. + +```query +Perf +| where CounterName == "Free Megabytes" and InstanceName == "_Total" +| summarize arg_max(TimeGenerated, *) by Computer +| top 10 by CounterValue +``` + + + +### What data is being collected? + + +List the collected performance counters and object types (Process, Memory, Processor…) + +```query +Perf +| summarize by ObjectName, CounterName +``` + + + +### Virtual Machine available memory + + +Chart the VM's available memory over time. + +```query +// To create an alert for this query, click '+ New alert rule' +Perf +| where ObjectName == "Memory" and +(CounterName == "Available MBytes Memory" or // the name used in Linux records +CounterName == "Available MBytes") // the name used in Windows records +| summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes +| render timechart +``` + + + +### Chart CPU usage trends + + +Calculate CPU usage patterns over the last day, chart by percentiles. + +```query +// To create an alert for this query, click '+ New alert rule' +Perf +| where CounterName == "% Processor Time" +| where ObjectName == "Processor" +| summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes +| render timechart +// Perf table stores performance counters for Windows and Linux computers +// Counters are specified using ObjectName (performance object), InstanceName and CounterName +// % Processor Time captures CPU activity, ObjectNames can be Processor, Process and Process Information +``` + + + +### Virtual Machine free disk space + + +Show the latest report of free disk space, per instance. + +```query +// To create an alert for this query, click '+ New alert rule' +Perf +| where ObjectName == "LogicalDisk" or // the object name used in Windows records +ObjectName == "Logical Disk" // the object name used in Linux records +| where CounterName == "Free Megabytes" +| summarize arg_max(TimeGenerated, *) by InstanceName // arg_max over TimeGenerated returns the latest record +| project TimeGenerated, InstanceName, CounterValue, Computer, _ResourceId +``` + + + +### Top 10 Virtual Machines by CPU utilization + + +Find top 10 VM by CPU utilization in the last 7 days. + +```query +Perf +| where TimeGenerated > ago(7d) +| where CounterName == "% Processor Time" and InstanceName == "_Total" +| project TimeGenerated, Computer, ObjectName, CounterName, InstanceName, round(CounterValue, 2) +| summarize arg_max(TimeGenerated, *) by Computer +| top 10 by CounterValue +``` + + + +### Bottom 10 Free disk space % + + +Bottom 10 Free disk space % by computer, for the last 7 days. + +```query +Perf +| where TimeGenerated > ago(7d) +| where (ObjectName == "Logical Disk" or ObjectName == "LogicalDisk") and CounterName contains "%" and InstanceName != "_Total" and InstanceName != "HarddiskVolume1" +| project TimeGenerated, Computer, ObjectName, CounterName, InstanceName, CounterValue +| summarize arg_max(TimeGenerated, *) by Computer +| top 10 by CounterValue desc +``` + + + +### Container CPU + + +View all the container CPU usage averaged over 30mins. + +```query +// To create an alert for this query, click '+ New alert rule' +//Select the Line chart display option: can we calculate percentage? +Perf +| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores" +| summarize AvgCPUUsageNanoCores = avg(CounterValue) by bin(TimeGenerated, 30m), InstanceName, _ResourceId +``` + + + +### Container memory + + +View container CPU averaged over 30 mins intervals. + +```query +// To create an alert for this query, click '+ New alert rule' +//Select the Line chart display option: can we calculate percentage? +let threshold = 75000000; // choose a threshold +Perf +| where ObjectName == "K8SContainer" and CounterName == "memoryRssBytes" +| summarize AvgUsedRssMemoryBytes = avg(CounterValue) by bin(TimeGenerated, 30m), InstanceName, _ResourceId +| where AvgUsedRssMemoryBytes > threshold +| render timechart +``` + + + +### Instances Avg CPU usage growth from last week + + +Show Avg CPU growth by instance in the last week by descending order. + +```query +// To create an alert for this query, click '+ New alert rule' +//Show which instances grew CPU usage from last week to current +Perf +| where TimeGenerated > ago(7d) //This week Average CPU Usage Nano Cores +| where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores" +| summarize ThisWeekAvgCPU = avg(CounterValue) by InstanceName, _ResourceId +| join kind= leftouter ( + //Previous week Average CPU Usage Nano Cores + Perf + | where TimeGenerated > ago(14d) and TimeGenerated <= ago(7d) + | where ObjectName == "K8SContainer" and CounterName == "cpuUsageNanoCores" + | summarize PrevWeekAvgCPU = avg(CounterValue) by InstanceName, _ResourceId +) on InstanceName, _ResourceId +| extend InstanceNameParts = split(InstanceName, "/") //array of the parts of the instance name +| extend ShortInstanceName = InstanceNameParts[(array_length(InstanceNameParts)-1)] //extract the last part of the instance name +| extend ThisWeekAvgCPU = round(ThisWeekAvgCPU,0) +| extend PrevWeekAvgCPU = round(iff(isempty(PrevWeekAvgCPU),0.0,PrevWeekAvgCPU),0) //When doing join with kind=leftouter, missing matches has empty value. To calculate growth, it should be converted to zero. In this case, empty value means that instance did not exist in the previous week +| extend AvgCPUGrowth = round(ThisWeekAvgCPU - PrevWeekAvgCPU , 0) //Calculate growth +| project-away InstanceName1,InstanceNameParts //Remove redundant fields +| order by AvgCPUGrowth desc +``` + + + +### Find In Perf + + +Find in Perf to search for a specific value in the Perf table./nNote that this query requires updating the \ parameter to produce results + +```query +// This query requires a parameter to run. Enter value in SearchValue to find in table. +let SearchValue = "";//Please update term you would like to find in the table. +Perf +| where * contains tostring(SearchValue) +| take 1000 +``` + diff --git a/articles/azure-monitor/reference/queries/powerappsactivity.md b/articles/azure-monitor/reference/queries/powerappsactivity.md new file mode 100644 index 0000000000..7a076c76d0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/powerappsactivity.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for PowerAppsActivity +description: Example queries for PowerAppsActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PowerAppsActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Power Apps events filtered activity type + + +Display events from more than one day ago, filtered by app launch activity events and summarized by user ID, app and environment. + +```query +PowerAppsActivity +| where EventOriginalType == "LaunchPowerApp" +| extend Environment = tostring(AdditionalData.environmentName) +| summarize count() by ActorName, TargetAppName, Environment +``` + diff --git a/articles/azure-monitor/reference/queries/powerautomateactivity.md b/articles/azure-monitor/reference/queries/powerautomateactivity.md new file mode 100644 index 0000000000..23d9748cba --- /dev/null +++ b/articles/azure-monitor/reference/queries/powerautomateactivity.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for PowerAutomateActivity +description: Example queries for PowerAutomateActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PowerAutomateActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Power Automate events filtered by activity type + + +Display events from more than one day ago, filtered CreateFlow activity type and summarized by user ID and flow details. + +```query +PowerAutomateActivity +| where EventOriginalType == "CreateFlow" +| summarize count() by ActorName, FlowDetailsUrl +``` + diff --git a/articles/azure-monitor/reference/queries/powerbiactivity.md b/articles/azure-monitor/reference/queries/powerbiactivity.md new file mode 100644 index 0000000000..1f3f526e3e --- /dev/null +++ b/articles/azure-monitor/reference/queries/powerbiactivity.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for PowerBIActivity +description: Example queries for PowerBIActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PowerBIActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### PowerBI events filtered by organization ID + + +Display events from more than one day ago, filtered by organization ID and summarized by user ID and result status. + +```query +PowerBIActivity +| where OrganizationId != "" +| summarize count() by UserId, ResultStatus +``` + diff --git a/articles/azure-monitor/reference/queries/powerplatformadminactivity.md b/articles/azure-monitor/reference/queries/powerplatformadminactivity.md new file mode 100644 index 0000000000..abc1be6c1f --- /dev/null +++ b/articles/azure-monitor/reference/queries/powerplatformadminactivity.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for PowerPlatformAdminActivity +description: Example queries for PowerPlatformAdminActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PowerPlatformAdminActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Power Platform administration events + + +Display events summarized by operation type and the user who initiated the operation. + +```query +PowerPlatformAdministratorActivity +| summarize count() by EventOriginalType, ActorName +``` + diff --git a/articles/azure-monitor/reference/queries/powerplatformconnectoractivity.md b/articles/azure-monitor/reference/queries/powerplatformconnectoractivity.md new file mode 100644 index 0000000000..6bdd658080 --- /dev/null +++ b/articles/azure-monitor/reference/queries/powerplatformconnectoractivity.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for PowerPlatformConnectorActivity +description: Example queries for PowerPlatformConnectorActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PowerPlatformConnectorActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Power Platform Connector events filtered by by activity type + + +Display events from more than one day ago, filtered by PutConnection activity type and summarized by user ID and environment. + +```query +PowerPlatformConnectorActivity +| where EventOriginalType == "PutConnection" +| summarize by EventOriginalType, ActorName, Environment = tostring(AdditionalInfo.environmentName) +``` + diff --git a/articles/azure-monitor/reference/queries/powerplatformdlpactivity.md b/articles/azure-monitor/reference/queries/powerplatformdlpactivity.md new file mode 100644 index 0000000000..07edda4591 --- /dev/null +++ b/articles/azure-monitor/reference/queries/powerplatformdlpactivity.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for PowerPlatformDlpActivity +description: Example queries for PowerPlatformDlpActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PowerPlatformDlpActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Power Platform DLP events filtered by by activity type + + +Display events from more than one day ago, filtered by CreateDlpPolicy activity type and summarized by user ID, policy name and policy type. + +```query +PowerPlatformDlpActivity +| where EventOriginalType == "CreateDlpPolicy" +| extend PolicyType = tostring(AdditionalInfo.policyType) +| summarize count() by EventOriginalType, ActorName, PolicyName, PolicyType +``` + diff --git a/articles/azure-monitor/reference/queries/projectactivity.md b/articles/azure-monitor/reference/queries/projectactivity.md new file mode 100644 index 0000000000..6e8a6cd373 --- /dev/null +++ b/articles/azure-monitor/reference/queries/projectactivity.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for ProjectActivity +description: Example queries for ProjectActivity log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ProjectActivity table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### MS Project events filtered by organization ID + + +Display events from more than one day ago, filtered by organization ID and summarized by user ID and result status. + +```query +ProjectActivity +| where OrganizationId != "5b5a146c-eba8-46af-96f8-e31b50d15a3f" +| summarize count() by UserId, ResultStatus + +``` + diff --git a/articles/azure-monitor/reference/queries/protectionstatus.md b/articles/azure-monitor/reference/queries/protectionstatus.md new file mode 100644 index 0000000000..bc50bbe8e9 --- /dev/null +++ b/articles/azure-monitor/reference/queries/protectionstatus.md @@ -0,0 +1,58 @@ +--- +title: Example log table queries for ProtectionStatus +description: Example queries for ProtectionStatus log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ProtectionStatus table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Signatures out of date + + +Devices with Signatures out of date. + +```query +// To create an alert for this query, click '+ New alert rule' +ProtectionStatus +| summarize Rank = max(ProtectionStatusRank) by Computer, _ResourceId +| where Rank == "250" +``` + + + +### Protection Status updates + + +Protection Status updates per day. + +```query +// To create an alert for this query, click '+ New alert rule' +ProtectionStatus +| summarize AggregatedValue = count(ScanDate) by bin(TimeGenerated, 1d), Computer, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Malware detection + + +Malware detected grouped by threat. + +```query +// To create an alert for this query, click '+ New alert rule' +ProtectionStatus +| where ThreatStatus != "No threats detected" +| summarize AggregatedValue = count() by Threat, Computer, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/purviewsecuritylogs.md b/articles/azure-monitor/reference/queries/purviewsecuritylogs.md new file mode 100644 index 0000000000..c4e0f8379d --- /dev/null +++ b/articles/azure-monitor/reference/queries/purviewsecuritylogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for PurviewSecurityLogs +description: Example queries for PurviewSecurityLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the PurviewSecurityLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Audit collection delete events + + +Display audit logs for collection delete events. + +```query +PurviewSecurityLogs +| where EntityType == 'Collections' +| where OperationName == 'Delete' +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/redconnectionevents.md b/articles/azure-monitor/reference/queries/redconnectionevents.md new file mode 100644 index 0000000000..fad50b8e63 --- /dev/null +++ b/articles/azure-monitor/reference/queries/redconnectionevents.md @@ -0,0 +1,118 @@ +--- +title: Example log table queries for REDConnectionEvents +description: Example queries for REDConnectionEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the REDConnectionEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Unique authenticated Redis client IP addresses + + +Unique Redis client IP addresses that have successfully authenticated to the cache. + +```query +REDConnectionEvents +// https://docs.redis.com/latest/rs/security/audit-events/#status-result-codes +// EventStatus : +// 0 AUTHENTICATION_FAILED - Invalid username and/or password. +// 1 AUTHENTICATION_FAILED_TOO_LONG - Username or password are too long. +// 2 AUTHENTICATION_NOT_REQUIRED - Client tried to authenticate, but authentication isn’t necessary. +// 3 AUTHENTICATION_DIRECTORY_PENDING - Attempting to receive authentication info from the directory in async mode. +// 4 AUTHENTICATION_DIRECTORY_ERROR - Authentication attempt failed because there was a directory connection error. +// 5 AUTHENTICATION_SYNCER_IN_PROGRESS - Syncer SASL handshake. Return SASL response and wait for the next request. +// 6 AUTHENTICATION_SYNCER_FAILED - Syncer SASL handshake. Returned SASL response and closed the connection. +// 7 AUTHENTICATION_SYNCER_OK - Syncer authenticated. Returned SASL response. +// 8 AUTHENTICATION_OK - Client successfully authenticated. +| where EventType == "auth" and EventStatus == 2 or EventStatus == 8 or EventStatus == 7 +| summarize count() by ClientIp +``` + + + +### Redis client authentication requests per hour + + +Redis client authentication requests per hour within the specified IP address range. Includes both successful and unsuccessful requests. + +```query +REDConnectionEvents +| extend EventTime = unixtime_seconds_todatetime(EventEpochTime) +// For particular datetime filtering, add '| where EventTime between (StartTime .. EndTime)' +// For particular IP range filtering, add '| where ipv4_is_in_range(ClientIp, IpRange)' +// IP range can be defined like this 'let IpRange = "10.1.1.0/24";' at the top of query. +| where EventType == "auth" +| summarize AuthencationRequestsCount = count() by TimeRange = bin(EventTime, 1h) + +``` + + + +### Redis client connections per hour + + +Redis client connections per hour within the specified IP address range. + +```query +REDConnectionEvents +// For particular datetime filtering, add '| where EventTime between (StartTime .. EndTime)' +// For particular IP range filtering, add '| where ipv4_is_in_range(ClientIp, IpRange)' +// IP range can be defined like this 'let IpRange = "10.1.1.0/24";' at the top of query. +| extend EventTime = unixtime_seconds_todatetime(EventEpochTime) +| where EventType == "new_conn" +| summarize ConnectionCount = count() by TimeRange = bin(EventTime, 1h) + +``` + + + +### Redis client disconnections per hour + + +Redis client disconnections per hour within the specified IP address range. + +```query +REDConnectionEvents +// For particular datetime filtering, add '| where EventTime between (StartTime .. EndTime)' +// For particular IP range filtering, add '| where ipv4_is_in_range(ClientIp, IpRange)' +// IP range can be defined like this 'let IpRange = "10.1.1.0/24";' at the top of query. +| extend EventTime = unixtime_seconds_todatetime(EventEpochTime) +| where EventType == "close_conn" +| summarize DisconnectionCount = count() by TimeRange = bin(EventTime, 1h) + +``` + + + +### Unsuccessful authentication attempts on Redis cache + + +Authentication attempts on Redis cache which were unsuccessful. + +```query +REDConnectionEvents +// https://docs.redis.com/latest/rs/security/audit-events/#status-result-codes +// EventStatus : +// 0 AUTHENTICATION_FAILED - Invalid username and/or password. +// 1 AUTHENTICATION_FAILED_TOO_LONG - Username or password are too long. +// 2 AUTHENTICATION_NOT_REQUIRED - Client tried to authenticate, but authentication isn’t necessary. +// 3 AUTHENTICATION_DIRECTORY_PENDING - Attempting to receive authentication info from the directory in async mode. +// 4 AUTHENTICATION_DIRECTORY_ERROR - Authentication attempt failed because there was a directory connection error. +// 5 AUTHENTICATION_SYNCER_IN_PROGRESS - Syncer SASL handshake. Return SASL response and wait for the next request. +// 6 AUTHENTICATION_SYNCER_FAILED - Syncer SASL handshake. Returned SASL response and closed the connection. +// 7 AUTHENTICATION_SYNCER_OK - Syncer authenticated. Returned SASL response. +// 8 AUTHENTICATION_OK - Client successfully authenticated. +| where EventType == "auth" and EventStatus != 2 and EventStatus != 8 and EventStatus != 7 +| project ClientIp, EventStatus, ConnectionId +``` + diff --git a/articles/azure-monitor/reference/queries/resourcemanagementpublicaccesslogs.md b/articles/azure-monitor/reference/queries/resourcemanagementpublicaccesslogs.md new file mode 100644 index 0000000000..5777764d98 --- /dev/null +++ b/articles/azure-monitor/reference/queries/resourcemanagementpublicaccesslogs.md @@ -0,0 +1,89 @@ +--- +title: Example log table queries for ResourceManagementPublicAccessLogs +description: Example queries for ResourceManagementPublicAccessLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the ResourceManagementPublicAccessLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Group number of requests based on the IP address + + +Get the number of request accessing the resource from an IP address. + +```query +//List the IP addresses and number of calls +ResourceManagementPublicAccessLogs +| where Category == "PublicAccessLogs" +| summarize count() by CallerIpAddress +``` + + + +### Number of opertions triggered + + +Count the number of request made. + +```query +// Count the number of operations. +ResourceManagementPublicAccessLogs +| where Category == "PublicAccessLogs" +| summarize count() by CorrelationId +``` + + + +### Calls based on the target URI + + +Chart the number of calls based on the target URI. + +```query +// Chart the number of calls based on the target URI. +ResourceManagementPublicAccessLogs +| where Category == "PublicAccessLogs" +| summarize count() by Uri, bin(TimeGenerated, 1m) +| render columnchart with (kind=stacked) +``` + + + +### Calls based on operation name + + +Count the number of request made based on operation name. + +```query +// List the operations and their number of calls from the public network +ResourceManagementPublicAccessLogs +| where Category == "PublicAccessLogs" +| summarize count() by OperationName +| order by count_ +``` + + + +### Calls based on user + + +Count the number of request made based on object identifiers. + +```query +// List the object identifiers and number of calls from each over the public network +ResourceManagementPublicAccessLogs +| where Category == "PublicAccessLogs" +| summarize count() by ObjectIdentifier +| order by count_ +``` + diff --git a/articles/azure-monitor/reference/queries/securityattackpathdata.md b/articles/azure-monitor/reference/queries/securityattackpathdata.md new file mode 100644 index 0000000000..8c9b73a17c --- /dev/null +++ b/articles/azure-monitor/reference/queries/securityattackpathdata.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for SecurityAttackPathData +description: Example queries for SecurityAttackPathData log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SecurityAttackPathData table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### All attack paths by specific risk level + + +Get all attack paths with a specific risk level such as: Critical, High, Medium, and Low. + +```query +SecurityAttackPathData +| where RiskLevel == "Medium" +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/securityevent.md b/articles/azure-monitor/reference/queries/securityevent.md new file mode 100644 index 0000000000..c8d7e1e186 --- /dev/null +++ b/articles/azure-monitor/reference/queries/securityevent.md @@ -0,0 +1,426 @@ +--- +title: Example log table queries for SecurityEvent +description: Example queries for SecurityEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SecurityEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Security Events most common event IDs + + +This query displays a descending list of the amount of events ingested per EventId for Security-Auditing. + +```query +SecurityEvent +| where EventSourceName == "Microsoft-Windows-Security-Auditing" +| summarize EventCount = count() by EventID +| sort by EventCount desc + +``` + + + +### Members added to security groups + + +Who was added to security-enabled group over the last day? + +```query +// To create an alert for this query, click '+ New alert rule' +SecurityEvent +| where EventID in (4728, 4732, 4756) // these event IDs indicate a member was added to a security-enabled group +| summarize count() by SubjectAccount, Computer, _ResourceId +// This query requires the Security solution +``` + + + +### Uses of clear text password + + +List all accounts that logged on using a clear-text password over the last day. + +```query +// To create an alert for this query, click '+ New alert rule' +SecurityEvent +| where EventID == 4624 // event ID 4624: "an account was successfully logged on", +| where LogonType == 8 // logon type 8: "NetworkCleartext" +| summarize count() by TargetAccount, Computer, _ResourceId // count the reported security events for each account +// This query requires the Security solution +``` + + + +### Windows failed logins + + +Find reports of Windows accounts that failed to login. + +```query +// To create an alert for this query, click '+ New alert rule' +SecurityEvent +| where EventID == 4625 +| summarize count() by TargetAccount, Computer, _ResourceId // count the reported security events for each account +// This query requires the Security solution +``` + + + +### All Security Activities + + +Security activities sorted by time (newest first). + +```query +SecurityEvent +| project TimeGenerated, Account, Activity, Computer +| sort by TimeGenerated desc +``` + + + +### Security Activities on the Device + + +Security activities on a specific device sorted by time (newest first). + +```query +SecurityEvent +//| where Computer == "COMPUTER01.contoso.com" // Replace with a specific computer name +| project TimeGenerated, Account, Activity, Computer +| sort by TimeGenerated desc +``` + + + +### Security Activities for Admin + + +Security activities on a specific device for administrator sorted by time (newest first). + +```query +SecurityEvent +//| where Computer == "COMPUTER01.contoso.com" // Replace with a specific computer name +| where TargetUserName == "Administrator" +| project TimeGenerated, Account, Activity, Computer +| sort by TimeGenerated desc +``` + + + +### Logon Activity by Device + + +Counts logon activities per device. + +```query +SecurityEvent +| where EventID == 4624 +| summarize LogonCount = count() by Computer +``` + + + +### Devices With More Than 10 Logons + + +Counts logon activities per devices with more than 10 logons. + +```query +SecurityEvent +| where EventID == 4624 +| summarize LogonCount = count() by Computer +| where LogonCount > 10 +``` + + + +### Accounts Terminated Antimalware + + +Accounts which terminated Microsoft Antimalware. + +```query +SecurityEvent +| where EventID == 4689 +| where Process has "MsMpEng.exe" or ParentProcessName has "MsMpEng.exe" +| summarize TerminationCount = count() by Account +``` + + + +### Devices with Antimalware Terminated + + +Devices which terminated Microsoft Antimalware. + +```query +SecurityEvent +| where EventID == 4689 +| where Process has "MsMpEng.exe" or ParentProcessName has "MsMpEng.exe" +| summarize TerminationCount = count() by Computer +``` + + + +### Devices Where Hash Was Executed + + +Devices where hash.exe was executed more than 5 times. + +```query +SecurityEvent +| where EventID == 4688 +| where Process has "hash.exe" or ParentProcessName has "hash.exe" +| summarize ExecutionCount = count() by Computer +| where ExecutionCount > 5 +``` + + + +### Process Names Executed + + +Lists number of executions per process. + +```query +SecurityEvent +| where EventID == 4688 +| summarize ExecutionCount = count() by NewProcessName +``` + + + +### Devices With Security Log Cleared + + +Devices with securtiy log cleared. + +```query +SecurityEvent +| where EventID == 1102 +| summarize LogClearedCount = count() by Computer +``` + + + +### Logon Activity by Account + + +Logon activity by account. + +```query +SecurityEvent +| where EventID == 4624 +| summarize LogonCount = count() by Account +``` + + + +### Accounts With Less Than 5 Times Logons + + +Logon activity for accounts with less than 5 logons. + +```query +SecurityEvent +| where EventID == 4624 +| summarize LogonCount = count() by Account +| where LogonCount < 5 +``` + + + +### Remoted Logged Accounts on Devices + + +Remoted logged accounts on a specific device. + +```query +SecurityEvent +| where EventID == 4624 and (LogonTypeName == "3 - Network" or LogonTypeName == "10 - RemoteInteractive") +//| where Computer == "Computer01.contoso.com" // Replace with a specific computer name +| summarize RemoteLogonCount = count() by Account +``` + + + +### Computers With Guest Account Logons + + +Computers with logons from guest accounts. + +```query +SecurityEvent +| where EventID == 4624 and TargetUserName == 'Guest' and LogonType in (10, 3) +| summarize count() by Computer +``` + + + +### Members Added to Security Enabled Groups + + +Members added to the security enabled groups. + +```query +SecurityEvent +| where EventID in (4728, 4732, 4756) +| summarize count() by SubjectAccount +``` + + + +### Domain Security Policy Changes + + +Counts events of domain policy changed. + +```query +SecurityEvent +| where EventID == 4739 +| summarize count() by DomainPolicyChanged +``` + + + +### System Audit Policy Changes + + +System audit policy changed events by computer. + +```query +SecurityEvent +| where EventID == 4719 +| summarize count() by Computer +``` + + + +### Suspicious Executables + + +Lists suspicious executables. + +```query +SecurityEvent +| where EventID == 8002 and Fqbn == '-' +| summarize ExecutionCountHash=count() by FileHash +| where ExecutionCountHash <= 5 +``` + + + +### Logons With Clear Text Password + + +Logons with clear text password by target account. + +```query +SecurityEvent +| where EventID == 4624 and LogonType == 8 +| summarize count() by TargetAccount +``` + + + +### Computers With Cleaned Event Logs + + +Computers with cleaned event logs. + +```query +SecurityEvent +| where EventID in (1102, 517) and EventSourceName == 'Microsoft-Windows-Eventlog' +| summarize count() by Computer +``` + + + +### Accounts Failed to Logon + + +Counts failed logons by target account. + +```query +SecurityEvent +| where EventID == 4625 +| summarize count() by TargetAccount +``` + + + +### Locked Accounts + + +Counts locked acounts by target account. + +```query +SecurityEvent +| where EventID == 4740 +| summarize count() by TargetAccount +``` + + + +### Change or Reset Passwords Attempts + + +Counts change/reset paswords attempts per target account. + +```query +SecurityEvent +| where EventID in (4723, 4724) +| summarize count() by TargetAccount +``` + + + +### Groups Created or Modified + + +Groups created or modified per target account. + +```query +SecurityEvent +| where EventID in (4727, 4731, 4735, 4737, 4754, 4755) +| summarize count() by TargetAccount +``` + + + +### Remote Procedure Call Attempts + + +Counts remote procedure call attempts per computer. + +```query +SecurityEvent +| where EventID == 5712 +| summarize count() by Computer +``` + + + +### User Accounts Changed + + +Counts user account changes per target account. + +```query +SecurityEvent +| where EventID in (4720, 4722) +| summarize by TargetAccount +``` + diff --git a/articles/azure-monitor/reference/queries/sentinelaudit.md b/articles/azure-monitor/reference/queries/sentinelaudit.md new file mode 100644 index 0000000000..669f785993 --- /dev/null +++ b/articles/azure-monitor/reference/queries/sentinelaudit.md @@ -0,0 +1,33 @@ +--- +title: Example log table queries for SentinelAudit +description: Example queries for SentinelAudit log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SentinelAudit table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failures updating Office365-Sharepoint related Sentinel resources + + +Display audit logs of failed attempts to update Office365-Sharepoint related Sentinel resources, with an optional filter by caller name and workspace id. + +```query +SentinelAudit +//| where WorkspaceId == "" // to filter on a specific WorspaceId, uncomment this line +| extend CallerName = tostring(ExtendedProperties.CallerName) +// | where CallerName startswith "" // to to filter on a specific user, uncomment this line +| where Status == "Failure" +| where SentinelResourceName has "Office365-Sharepoint" +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/signalrservicediagnosticlogs.md b/articles/azure-monitor/reference/queries/signalrservicediagnosticlogs.md new file mode 100644 index 0000000000..a2c6c9c120 --- /dev/null +++ b/articles/azure-monitor/reference/queries/signalrservicediagnosticlogs.md @@ -0,0 +1,163 @@ +--- +title: Example log table queries for SignalRServiceDiagnosticLogs +description: Example queries for SignalRServiceDiagnosticLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SignalRServiceDiagnosticLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Client connection IDs + + +Summary of the connection IDs which are client connections. + +```query +SignalRServiceDiagnosticLogs +| where ConnectionType == "Client" +| summarize count() by ConnectionId, _ResourceId +``` + + + +### Connection close reasons + + +Summary of close reasons for disconnected connections. + +```query +SignalRServiceDiagnosticLogs +| where OperationName == "ConnectionAborted" or OperationName == "ConnectionEnded" or OperationName == "EndConnectionFailed" +| summarize count() by ConnectionId, Message, _ResourceId +``` + + + +### IP addresses + + +Summary of Ips that connected to the service, which is useful to figure out whether same issue has pattern in IP address. + +```query +SignalRServiceDiagnosticLogs +| where isnotnull(CallerIpAddress) and isnotempty(CallerIpAddress) +| summarize count() by CallerIpAddress, _ResourceId +``` + + + +### Logs relating to specific connection ID + + +A list of logs which contains specific connection ID. + +```query +SignalRServiceDiagnosticLogs +// Enter ConnectionId value to filter by specific connection ID. +| where ConnectionId == "" +| sort by TimeGenerated asc +| take 100 +``` + + + +### Logs relating to specific message tracing ID + + +A list of logs which contains the specific message tracing ID. + +```query +SignalRServiceDiagnosticLogs +| where OperationName == "ConnectionAborted" or OperationName == "ConnectionEnded" or OperationName == "EndConnectionFailed" +| summarize count() by ConnectionId, Message, _ResourceId +``` + + + +### Logs relating to specific user ID + + +A list of logs which contains the specific user ID. + +```query +SignalRServiceDiagnosticLogs +// Enter UserId value to filter by specific user ID. +| where UserId == "" +| sort by TimeGenerated asc +| take 100 +``` + + + +### Logs with warning or exceptions + + +A list of logs which contains warnings or exceptions (latest logs shown first). + +```query +SignalRServiceDiagnosticLogs +| where Level == "Warning" or Level == "Error" +| sort by TimeGenerated desc, Collection asc +| take 100 +``` + + + +### Server connection IDs + + +Summary of the connection IDs which are server connections. + +```query +SignalRServiceDiagnosticLogs +| where ConnectionType == "Server" +| summarize count() by ConnectionId, _ResourceId +``` + + + +### Time chart of operation names + + +Chart of operations in time, for getting the trend of the connectivity and messaging events. + +```query +SignalRServiceDiagnosticLogs +| summarize count() by OperationName, bin(TimeGenerated, 1min) +| render timechart +``` + + + +### Transport types + + +Summary of transport types for connections. Usually Websockets should be the majority by default. + +```query +SignalRServiceDiagnosticLogs +| where isnotnull(TransportType) and isnotempty(TransportType) +| summarize count() by TransportType, _ResourceId +``` + + + +### User IDs + + +Summary of the user IDs. + +```query +SignalRServiceDiagnosticLogs +| summarize count() by UserId, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/signinlogs.md b/articles/azure-monitor/reference/queries/signinlogs.md new file mode 100644 index 0000000000..a0bdc98c3f --- /dev/null +++ b/articles/azure-monitor/reference/queries/signinlogs.md @@ -0,0 +1,150 @@ +--- +title: Example log table queries for SigninLogs +description: Example queries for SigninLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SigninLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### All SiginLogs events + + +All Azure signin events. + +```query +SigninLogs +| project UserDisplayName, Identity,UserPrincipalName, AppDisplayName, AppId, ResourceDisplayName +``` + + + +### Resources accessed by user + + +Lists the resources accessed for a specific user. + +```query +// Set v_Users_UPN with the UPN of the user of interest +let v_Users_UPN = "osotnoc@contoso.com"; +SigninLogs +| where UserPrincipalName == v_Users_UPN +| summarize Count=count() by ResourceDisplayName, AppDisplayName +``` + + + +### User count per Resource + + +Distinct count if users by resource. + +```query +SigninLogs +| project UserDisplayName, Identity,UserPrincipalName, AppDisplayName, AppId, ResourceDisplayName +| summarize UserCount=dcount(UserPrincipalName) by ResourceDisplayName +``` + + + +### User count per Application + + +Distinct count of users by application. + +```query +SigninLogs +| project UserDisplayName, Identity,UserPrincipalName, AppDisplayName, AppId, ResourceDisplayName +| summarize UserCount=dcount(UserPrincipalName) by AppDisplayName +``` + + + +### Failed Signin reasons + + +The query list the main reasons for sign in failures. + +```query +SigninLogs +| where ResultType != 0 +| summarize Count=count() by ResultDescription, ResultType +| sort by Count desc nulls last +``` + + + +### Failed MFA challenge + + +Highlights sign in failures caused by failed MFA challenge. + +```query +SigninLogs +| where ResultType == 50074 +| project UserDisplayName, Identity,UserPrincipalName, ResultDescription, AppDisplayName, AppId, ResourceDisplayName +| summarize FailureCount=count(), FailedResources=dcount(ResourceDisplayName), ResultDescription=any(ResultDescription) by UserDisplayName +``` + + + +### Failed App tried silent signin + + +Failed silent app signin attempts. + +```query +SigninLogs +| where ResultType == 50058 +| project UserDisplayName, Identity,UserPrincipalName, ResultDescription, AppDisplayName, AppId, ResourceDisplayName +| summarize FailureCount=count(), FailedResources=dcount(ResourceDisplayName), ResultDescription=any(ResultDescription) by UserDisplayName +``` + + + +### Failed login Count + + +Resources with most failed log in attempts. + +```query +SigninLogs +| where ResultType !=0 +| summarize FailedLoginCount=count() by ResourceDisplayName +| sort by FailedLoginCount desc nulls last +``` + + + +### Signin Locations + + +Failed and successful sig ins by source location. + +```query +SigninLogs +| summarize Successful=countif(ResultType==0), Failed=countif(ResultType!=0) by Location +``` + + + +### Logins To Resource + + +Lists API sign ins. + +```query +SigninLogs +| where ResourceDisplayName == "Windows Azure Service Management API" +| project TimeGenerated, UserDisplayName, Identity,UserPrincipalName, AppDisplayName, Success=iff(ResultType==0, "Success", "Fail") +``` + diff --git a/articles/azure-monitor/reference/queries/sqlassessmentrecommendation.md b/articles/azure-monitor/reference/queries/sqlassessmentrecommendation.md new file mode 100644 index 0000000000..8fe8a9f62b --- /dev/null +++ b/articles/azure-monitor/reference/queries/sqlassessmentrecommendation.md @@ -0,0 +1,106 @@ +--- +title: Example log table queries for SQLAssessmentRecommendation +description: Example queries for SQLAssessmentRecommendation log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SQLAssessmentRecommendation table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### SQL Recommendations by Focus Area + + +Count all SQL reccomendations by focus area. + +```query +SQLAssessmentRecommendation +| summarize AggregatedValue = count() by FocusArea +``` + + + +### SQL Recommendations by Computer + + +Count SQL recommendations with failed result by computer. + +```query +SQLAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by Computer +``` + + + +### SQL Recommendations by Instance + + +Count SQL recommendations with failed result by instance. + +```query +SQLAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by SqlInstanceName +``` + + + +### SQL Recommendations by Database + + +Count SQL recommendations with failed result by database. + +```query +SQLAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by DatabaseName +``` + + + +### SQL Recommendations by AffectedObjectType + + +Count SQL recommendations with failed result by affected object type. + +```query +SQLAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by AffectedObjectType +``` + + + +### How many times did each unique SQL Recommendation trigger? + + +Count SQL recommendations with failed result by recommendation. + +```query +SQLAssessmentRecommendation +| where RecommendationResult == "Failed" +| summarize AggregatedValue = count() by Recommendation +``` + + + +### High priority SQL Assessment recommendations + + +Latest high priority security recommendation with result failed by recommendation Id. + +```query +SQLAssessmentRecommendation +| where FocusArea == 'Security and Compliance' and RecommendationResult == 'Failed' and RecommendationScore>=35 +| summarize arg_max(TimeGenerated, *) by RecommendationId +``` + diff --git a/articles/azure-monitor/reference/queries/storagebloblogs.md b/articles/azure-monitor/reference/queries/storagebloblogs.md new file mode 100644 index 0000000000..9c3e0a3928 --- /dev/null +++ b/articles/azure-monitor/reference/queries/storagebloblogs.md @@ -0,0 +1,101 @@ +--- +title: Example log table queries for StorageBlobLogs +description: Example queries for StorageBlobLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the StorageBlobLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Most common errors + + +List 10 most common errors over the last 3 days. + +```query +StorageBlobLogs +| where TimeGenerated > ago(3d) and StatusText !contains "Success" +| summarize count() by StatusText +| top 10 by count_ desc +``` + + + +### Operations causing most errors + + +List top 10 operations causing the most errors over the last 3 days. + +```query +StorageBlobLogs +| where TimeGenerated > ago(3d) and StatusText !contains "Success" +| summarize count() by OperationName +| top 10 by count_ desc +``` + + + +### Operations with the highest latency + + +List top 10 operations with the longest end to end latency over the last 3 days. + +```query +StorageBlobLogs +| where TimeGenerated > ago(3d) +| top 10 by DurationMs desc +| project TimeGenerated, OperationName, DurationMs, ServerLatencyMs, ClientLatencyMs = DurationMs - ServerLatencyMs +``` + + + +### Operations causing server side throttling + + +List all operations causing server side throttling errors over the last 3 days. + +```query +// To create an alert for this query, click '+ New alert rule' +StorageBlobLogs +| where TimeGenerated > ago(3d) and StatusText contains "ServerBusy" +| project TimeGenerated, OperationName, StatusCode, StatusText, _ResourceId +``` + + + +### Show anonymous requests + + +List all requests with anonymous access over the last 3 days. + +```query +// To create an alert for this query, click '+ New alert rule' +StorageBlobLogs +| where TimeGenerated > ago(3d) and AuthenticationType == "Anonymous" +| project TimeGenerated, OperationName, AuthenticationType, Uri, _ResourceId +``` + + + +### Frequent operations chart + + +A pie chart of operations used over the last 3 days. + +```query +StorageBlobLogs +| where TimeGenerated > ago(3d) +| summarize count() by OperationName +| sort by count_ desc +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/storagecacheoperationevents.md b/articles/azure-monitor/reference/queries/storagecacheoperationevents.md new file mode 100644 index 0000000000..1283351d56 --- /dev/null +++ b/articles/azure-monitor/reference/queries/storagecacheoperationevents.md @@ -0,0 +1,61 @@ +--- +title: Example log table queries for StorageCacheOperationEvents +description: Example queries for StorageCacheOperationEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the StorageCacheOperationEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed operation + + +Retrieves a list of operation that returned a failed response code. + +```query +StorageCacheOperationEvents +| where ResponseCode < 200 or ResponseCode >= 300 +| sort by TimeGenerated desc +| take 100 +``` + + + +### Failed priming job + + +Retrieves a list of failed priming jobs. + +```query +StorageCacheOperationEvents +| where OperationName contains "Priming" +| where ResultType == "Failed" +| project TimeGenerated, OperationName, PrimingJobName, ResultDescription, _ResourceId, CorrelationId, Location +| sort by TimeGenerated desc +| take 100 +``` + + + +### Completed long-running asynchronous operations + + +Retrieves a list of long-running operations that have completed. + +```query +StorageCacheOperationEvents +| where ResponseCode == 201 or ResponseCode == 202 +| where ResultType == "Succeeded" +| sort by TimeGenerated desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/storagecacheupgradeevents.md b/articles/azure-monitor/reference/queries/storagecacheupgradeevents.md new file mode 100644 index 0000000000..dc657a3e69 --- /dev/null +++ b/articles/azure-monitor/reference/queries/storagecacheupgradeevents.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for StorageCacheUpgradeEvents +description: Example queries for StorageCacheUpgradeEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the StorageCacheUpgradeEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Upgrade events + + +Retrieves a list of upgrade events. + +```query +StorageCacheUpgradeEvents +| where Description contains "upgraded" +| sort by TimeGenerated desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/storagecachewarningevents.md b/articles/azure-monitor/reference/queries/storagecachewarningevents.md new file mode 100644 index 0000000000..355960cef3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/storagecachewarningevents.md @@ -0,0 +1,36 @@ +--- +title: Example log table queries for StorageCacheWarningEvents +description: Example queries for StorageCacheWarningEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the StorageCacheWarningEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Active warning events + + +Retrieves a list of warning events that have not cleared. + +```query +StorageCacheWarningEvents +| where State == "Active" +| project TimeGenerated, CorrelationId, Description, _ResourceId, State +| join kind=leftanti (StorageCacheWarningEvents + | where State == "Cleared" + | project TimeGenerated, CorrelationId, Description, _ResourceId, State) + on CorrelationId +| project TimeGenerated, CorrelationId, Description, _ResourceId, State +| take 100 + +``` + diff --git a/articles/azure-monitor/reference/queries/storagemalwarescanningresults.md b/articles/azure-monitor/reference/queries/storagemalwarescanningresults.md new file mode 100644 index 0000000000..b6522357b3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/storagemalwarescanningresults.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for StorageMalwareScanningResults +description: Example queries for StorageMalwareScanningResults log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the StorageMalwareScanningResults table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Malicious blobs per storage account + + +Blobs with malicious scan results group by storage account name. + +```query +StorageMalwareScanningResults +| where ScanResultType == "Malicious" +| summarize BlobUris = make_list(BlobUri), count() by StorageAccountName +``` + + + +### Unsuccessful Scans + + +Unsuccessful scans grouped by verdict and error information with related blob uris list, containing failed scans and encrypted blobs. + +```query +StorageMalwareScanningResults +| where ScanResultType in ("Error", "Not Scanned") +| summarize count(), BlobUris = make_list(BlobUri) by ScanResultType, ScanResultDetails +``` + diff --git a/articles/azure-monitor/reference/queries/succeededingestion.md b/articles/azure-monitor/reference/queries/succeededingestion.md new file mode 100644 index 0000000000..ad42204f10 --- /dev/null +++ b/articles/azure-monitor/reference/queries/succeededingestion.md @@ -0,0 +1,42 @@ +--- +title: Example log table queries for SucceededIngestion +description: Example queries for SucceededIngestion log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SucceededIngestion table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Succeeded ingestions + + +How many succeeded ingestions accrued (per database, table). + +```query +SucceededIngestion +| parse _ResourceId with * "providers/microsoft.kusto/clusters/" cluster_name // Get the cluster name from the ResourceId string +| summarize count() by bin(TimeGenerated, 1h), cluster_name, Database, Table +``` + + + +### Succeeded ingestions timechart + + +How many succeeded ingestions accrued (timechart). + +```query +SucceededIngestion +| summarize count() by bin(TimeGenerated, 1h) +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/synapselinkevent.md b/articles/azure-monitor/reference/queries/synapselinkevent.md new file mode 100644 index 0000000000..2d973a704f --- /dev/null +++ b/articles/azure-monitor/reference/queries/synapselinkevent.md @@ -0,0 +1,29 @@ +--- +title: Example log table queries for SynapseLinkEvent +description: Example queries for SynapseLinkEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the SynapseLinkEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Synapse Link table fail events + + +Display sample failed Synapse Link table events. + +```query +SynapseLinkEvent +| where OperationName == "TableFail" +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/syslog.md b/articles/azure-monitor/reference/queries/syslog.md new file mode 100644 index 0000000000..e83f2a2dd3 --- /dev/null +++ b/articles/azure-monitor/reference/queries/syslog.md @@ -0,0 +1,156 @@ +--- +title: Example log table queries for Syslog +description: Example queries for Syslog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Syslog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Find Linux kernel events + + +Find events reported by Linux kernel process, regarding killed processes. + +```query +// To create an alert for this query, click '+ New alert rule' +Syslog +| where ProcessName == "kernel" and SyslogMessage contains "Killed process" +``` + + + +### All Syslog + + +Last 100 Syslog. + +```query +Syslog +| top 100 by TimeGenerated desc +``` + + + +### All Syslog with errors + + +Last 100 Syslog with erros. + +```query +Syslog +| where SeverityLevel == "err" or SeverityLevel == "error" +| top 100 by TimeGenerated desc +``` + + + +### All Syslog by facility + + +All Syslog by facility. + +```query +Syslog +| summarize count() by Facility +``` + + + +### All Syslog by process name + + +All Syslog by process name. + +```query +Syslog +| summarize count() by ProcessName +``` + + + +### Users Added to Linux Group by Computer + + +Lists computers with users added to Linux group. + +```query +Syslog +| where Facility == 'authpriv' and SyslogMessage has 'to group' and (SyslogMessage has 'add' or SyslogMessage has 'added') +| summarize by Computer +``` + + + +### New Linux Group Created by Computer + + +Lists computers with new Linux group created. + +```query +Syslog +| where Facility == 'authpriv' and SyslogMessage has 'new group' +| summarize count() by Computer +``` + + + +### Failed Linux User Password Change + + +Lists computers wih failed Linux user password change. + +```query +Syslog +| where Facility == 'authpriv' and ((SyslogMessage has 'passwd:chauthtok' and SyslogMessage has 'authentication failure') or SyslogMessage has 'password change failed') +| summarize count() by Computer +``` + + + +### Computers With Failed Ssh Logons + + +Lists computers with failed ssh logons. + +```query +Syslog +| where (Facility == 'authpriv' and SyslogMessage has 'sshd:auth' and SyslogMessage has 'authentication failure') or (Facility == 'auth' and ((SyslogMessage has 'Failed' and SyslogMessage has 'invalid user' and SyslogMessage has 'ssh2') or SyslogMessage has 'error: PAM: Authentication failure')) +| summarize count() by Computer +``` + + + +### Computers With Failed Su Logons + + +Lists computers with failed su logons. + +```query +Syslog +| where (Facility == 'authpriv' and SyslogMessage has 'su:auth' and SyslogMessage has 'authentication failure') or (Facility == 'auth' and SyslogMessage has 'FAILED SU') +| summarize count() by Computer +``` + + + +### Computers With Failed Sudo Logons + + +Lists computers with failed sudo logons. + +```query +Syslog +| where (Facility == 'authpriv' and SyslogMessage has 'sudo:auth' and (SyslogMessage has 'authentication failure' or SyslogMessage has 'conversation failed')) or ((Facility == 'auth' or Facility == 'authpriv') and SyslogMessage has 'user NOT in sudoers') +| summarize count() by Computer +``` + diff --git a/articles/azure-monitor/reference/queries/tsiingress.md b/articles/azure-monitor/reference/queries/tsiingress.md new file mode 100644 index 0000000000..31713ee0a7 --- /dev/null +++ b/articles/azure-monitor/reference/queries/tsiingress.md @@ -0,0 +1,59 @@ +--- +title: Example log table queries for TSIIngress +description: Example queries for TSIIngress log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the TSIIngress table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Show event source connection errors + + +Retrieves the most recent 100 logs pertaining to event source connection failures and summarizes them to display the time when the log was generated (TimeGenerated), a high level description (ResultDescription), a message continaing details on what went wrong and how to fix it (Message), and your event source's current configuration (EventSourceProperties). + +```query +//Retrieves the most recent 100 logs pertaining to event source connection failures and summarizes them to display the time when the log was generated (TimeGenerated), a high level description (ResultDescription), a message continaing details on what went wrong and how to fix it (Message), and your event source's current configuration (EventSourceProperties). +TSIIngress +| where OperationName == 'Microsoft.TimeSeriesInsights/environments/eventsources/ingress/connect' +| project TimeGenerated, ResultDescription, Message, tostring(EventSourceProperties) +| top 100 by TimeGenerated desc +``` + + + +### 10 latest Ingress logs + + +Shows the most recent ten error logs in the Ingress category. This is helpful when getting familiar with the TSIIngress schema. + +```query +//Retrieves the most recent ten error logs in the Ingress category. This is helpful when getting familiar with the TSIIngress schema. +TSIIngress +| top 10 by TimeGenerated +``` + + + +### Show deserialization errors + + +Retrieves the most recent 100 error logs from failures to deserialize telemetry message(s) and summarizes them to display the time when the log was generated (TimeGenerated), a high level description (ResultDescription), and a message with the deserialization error (Message). + +```query +//Retrieves the most recent 100 error logs from failures to deserialize telemetry message(s) and summarizes them to display the time when the log was generated (TimeGenerated), a high level description (ResultDescription), and a message with the deserialization error (Message). +TSIIngress +| where OperationName == 'Microsoft.TimeSeriesInsights/environments/eventsources/ingress/deserialize' +| project TimeGenerated, ResultDescription, Message, tostring(EventSourceProperties) +| top 100 by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/ucdoaggregatedstatus.md b/articles/azure-monitor/reference/queries/ucdoaggregatedstatus.md new file mode 100644 index 0000000000..3bf47af1fb --- /dev/null +++ b/articles/azure-monitor/reference/queries/ucdoaggregatedstatus.md @@ -0,0 +1,37 @@ +--- +title: Example log table queries for UCDOAggregatedStatus +description: Example queries for UCDOAggregatedStatus log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the UCDOAggregatedStatus table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Content distribution in Gigabytes + + +Get the content distribution in Gigabytes for all the devices. + +```query +UCDOAggregatedStatus +|extend +LanGB = todouble(BytesFromPeers)/pow(1024,3), +GroupGB = todouble(BytesFromGroupPeers)/pow(1024,3), +NonPeerGB = todouble(BytesFromCDN)/pow(1024,3) +|project +Content = ContentType, +LanGB, +GroupGB, +NonPeerGB, +DeviceCount +``` + diff --git a/articles/azure-monitor/reference/queries/ucdostatus.md b/articles/azure-monitor/reference/queries/ucdostatus.md new file mode 100644 index 0000000000..333c1428c5 --- /dev/null +++ b/articles/azure-monitor/reference/queries/ucdostatus.md @@ -0,0 +1,28 @@ +--- +title: Example log table queries for UCDOStatus +description: Example queries for UCDOStatus log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the UCDOStatus table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Device configuration + + +Get the count of device by download mode in DO status. + +```query +UCDOStatus| +summarize count() by DownloadMode +``` + diff --git a/articles/azure-monitor/reference/queries/update.md b/articles/azure-monitor/reference/queries/update.md new file mode 100644 index 0000000000..c2babac787 --- /dev/null +++ b/articles/azure-monitor/reference/queries/update.md @@ -0,0 +1,214 @@ +--- +title: Example log table queries for Update +description: Example queries for Update log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Update table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Missing security or critical updates + + +Count how many security or other critical updates are missing. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +| where Classification in ("Security Updates", "Critical Updates") +| where UpdateState == 'Needed' and Optional == false and Approved == true +| summarize count() by Classification, Computer, _ResourceId +// This query requires the Security or Update solutions +``` + + + +### Updates available for Windows machines + + +List the Windows update KBIDs available by their classification and for each Computer. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +| where TimeGenerated>ago(14h) +| where UpdateState =~ "Needed" and OSType != "Linux" +| summarize by Computer, Classification, Product, KBID, ResourceId +``` + + + +### Updates available for Linux machines + + +List the Linux package version updates available by their classification and for each Computer. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +| where TimeGenerated>ago(14h) +| where UpdateState =~ "Needed" and OSType == "Linux" +| summarize by Computer, Classification, Product, ProductVersion, ResourceId +``` + + + +### Missing updates summary + + +Get a summary of missing updates by category. + +```query +Update +| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat +| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer) +| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId +| where Solutions has "updates" +| distinct SourceComputerId)) +| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification) by Computer, SourceComputerId, Product, ProductArch +| where UpdateState=~"Needed" +| summarize by Product, ProductArch, Classification +| union (Update +| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat +| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer) +| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId +| where Solutions has "updates" +| distinct SourceComputerId)) +| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Approved) by Computer, SourceComputerId, UpdateID +| where UpdateState=~"Needed" and Approved!=false +| summarize by UpdateID, Classification ) +| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security") +``` + + + +### Missing updates list + + +Get a list of all updates that are missing. + +```query +Update +| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat +| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer) +| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId +| where Solutions has "updates" +| distinct SourceComputerId)) +| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, BulletinUrl, BulletinID) by SourceComputerId, Product, ProductArch +| where UpdateState=~"Needed" +| project-away UpdateState, TimeGenerated +| summarize computersCount=dcount(SourceComputerId, 2), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(Product, "_", ProductArch), displayName=Product, productArch=ProductArch, classification=Classification, InformationId=BulletinID, InformationUrl=tostring(split(BulletinUrl, ";", 0)[0]), osType=1 +| union(Update +| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat +| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer) +| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId +| where Solutions has "updates" +| distinct SourceComputerId)) +| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, KBID, PublishedDate, Approved) by Computer, SourceComputerId, UpdateID +| where UpdateState=~"Needed" and Approved!=false +| project-away UpdateState, Approved, TimeGenerated +| summarize computersCount=dcount(SourceComputerId, 2), displayName=any(Title), publishedDate=min(PublishedDate), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(UpdateID, "_", KBID), classification=Classification, InformationId=strcat("KB", KBID), InformationUrl=iff(isnotempty(KBID), strcat("https://support.microsoft.com/kb/", KBID), ""), osType=2) +| sort by ClassificationWeight desc, computersCount desc, displayName asc +| extend informationLink=(iff(isnotempty(InformationId) and isnotempty(InformationUrl), toobject(strcat('{ "uri": "', InformationUrl, '", "text": "', InformationId, '", "target": "blank" }')), toobject(''))) +| project-away ClassificationWeight, InformationId, InformationUrl +``` + + + +### Computer with missing updates + + +All computers with missing updates. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" +| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Missing required updates for server + + +Missing updates for a specific computer "ComputerName" (replace with your own computer name). + +```query +// To create an alert for this query, click '+ New alert rule' +let ComputerName = "Enter your computer name here"; +Update +|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and Computer == ComputerName +| project TimeGenerated, Computer, Title, KBID, Product, MSRCSeverity, PublishedDate, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Missing critical security updates + + +All computers that are missing critical updates or security updates. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and (Classification == "Security Updates" or Classification == "Critical Updates") +| sort by TimeGenerated desc +``` + + + +### Missing security or critical where update is manual + + +Critical or security updates needed by machines where updates are manually applied. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" + |where (Classification == "Security Updates" or Classification == "Critical Updates") +| join kind=inner (UpdateSummary |where WindowsUpdateSetting == "Manual" |distinct Computer) on Computer +| distinct KBID, Computer, _ResourceId +``` + + + +### Missing update rollups + + +All computers with missing update rollups. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +| where OSType != "Linux" and Optional == "false" and Classification == "Update Rollups" and UpdateState == "Needed" +| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId +| sort by TimeGenerated desc +``` + + + +### Distinct missing updates cross computers + + +Distinct missing updates across all computers. + +```query +// To create an alert for this query, click '+ New alert rule' +Update +| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" +| distinct Title, Computer, _ResourceId +``` + diff --git a/articles/azure-monitor/reference/queries/updaterunprogress.md b/articles/azure-monitor/reference/queries/updaterunprogress.md new file mode 100644 index 0000000000..0312f4269a --- /dev/null +++ b/articles/azure-monitor/reference/queries/updaterunprogress.md @@ -0,0 +1,40 @@ +--- +title: Example log table queries for UpdateRunProgress +description: Example queries for UpdateRunProgress log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the UpdateRunProgress table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Patch installation failure for your machines + + +List for each machine the installation status of the updates where the installation was not successful. + +```query +// To create an alert for this query, click '+ New alert rule' +UpdateRunProgress +| where TimeGenerated>ago(1d) +| where InstallationStatus == "NotStarted" +| summarize by Title, InstallationStatus, SourceComputerId, UpdateId, Computer, ResourceId +| join kind= inner ( + UpdateRunProgress + | where TimeGenerated>ago(1d) + | where InstallationStatus != "NotStarted" + | summarize by Title, InstallationStatus, SourceComputerId, UpdateId, Computer +) on UpdateId +| where InstallationStatus1 != "Succeed" +| summarize by Title, InstallationStatus, Computer, ResourceId + +``` + diff --git a/articles/azure-monitor/reference/queries/updatesummary.md b/articles/azure-monitor/reference/queries/updatesummary.md new file mode 100644 index 0000000000..3ff80563f0 --- /dev/null +++ b/articles/azure-monitor/reference/queries/updatesummary.md @@ -0,0 +1,70 @@ +--- +title: Example log table queries for UpdateSummary +description: Example queries for UpdateSummary log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the UpdateSummary table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Summary of updates available across machines + + +Count of updates available under various categories for each machine. + +```query +// To create an alert for this query, click '+ New alert rule' +UpdateSummary +| where TimeGenerated>ago(14h) +| summarize by Computer, CriticalUpdatesMissing, SecurityUpdatesMissing, OtherUpdatesMissing, TotalUpdatesMissing, ResourceId +``` + + + +### Missing update specific product + + +WSUS computer membership. + +```query +// To create an alert for this query, click '+ New alert rule' +UpdateSummary +| summarize AggregatedValue = count() by WSUSServer, Computer, _ResourceId +``` + + + +### Automatic update configuration + + +Automatic update configuration. + +```query +// To create an alert for this query, click '+ New alert rule' +UpdateSummary +| summarize AggregatedValue = count() by WindowsUpdateSetting, Computer, _ResourceId +``` + + + +### Automatic update configuration is disabled + + +Computers with automatic update disabled. + +```query +// To create an alert for this query, click '+ New alert rule' +UpdateSummary +| where WindowsUpdateSetting == "Manual" +| sort by TimeGenerated desc +``` + diff --git a/articles/azure-monitor/reference/queries/urlclickevents.md b/articles/azure-monitor/reference/queries/urlclickevents.md new file mode 100644 index 0000000000..3541772a56 --- /dev/null +++ b/articles/azure-monitor/reference/queries/urlclickevents.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for UrlClickEvents +description: Example queries for UrlClickEvents log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the UrlClickEvents table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Links where a user was allowed to proceed + + +Malicious links where user was allowed to proceed through. + +```query +UrlClickEvents +| where ActionType == "ClickAllowed" or IsClickedThrough !="0" +| where ThreatTypes has "Phish" +| summarize by ReportId, IsClickedThrough, AccountUpn, NetworkMessageId, ThreatTypes, Timestamp +``` + diff --git a/articles/azure-monitor/reference/queries/usage.md b/articles/azure-monitor/reference/queries/usage.md new file mode 100644 index 0000000000..a263b958ce --- /dev/null +++ b/articles/azure-monitor/reference/queries/usage.md @@ -0,0 +1,88 @@ +--- +title: Example log table queries for Usage +description: Example queries for Usage log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Usage table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Usage by data types + + +Chart the amount of logs reported for each data type, today. + +```query +Usage +| summarize count_per_type=count() by DataType +| sort by count_per_type desc +| render piechart +``` + + + +### Billable performance data + + +Calculate the volume of billable data (in GB) for Perf data, over the last day. + +```query +Usage +| where TimeGenerated > ago(1d) +| where IsBillable == true +| where DataType == "Perf" +| summarize TotalVolumeGB = sum(Quantity) / 1024 +``` + + + +### Volume of solutions' data + + +Chart the volume of data (in Mb) sent by each solution. + +```query +Usage +| summarize total_MBytes=sum(Quantity) by Solution +| sort by total_MBytes desc nulls last +| render barchart +``` + + + +### Total workspace ingestion over the last 24 hours + + +Volume (GB) of all data ingested to this workspace, over the last 24 hours. + +```query +Usage +|where TimeGenerated > ago(24h) +|summarize TotalIngestionVolGB = sum(Quantity)/1024.0 +``` + + + +### Container Insight solution billable data + + +See total billable data from Container Insights solution. + +```query +//This includes billable data for all solutions in the workspace, see for Container Insights solution +Usage +| where TimeGenerated > startofday(ago(30d)) +| where IsBillable == true +| summarize TotalVolumeGB = sum(Quantity) / 1000 by bin(TimeGenerated, 1d), Solution +| render barchart +``` + diff --git a/articles/azure-monitor/reference/queries/vcoremongorequests.md b/articles/azure-monitor/reference/queries/vcoremongorequests.md new file mode 100644 index 0000000000..d5403ea7eb --- /dev/null +++ b/articles/azure-monitor/reference/queries/vcoremongorequests.md @@ -0,0 +1,78 @@ +--- +title: Example log table queries for VCoreMongoRequests +description: Example queries for VCoreMongoRequests log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the VCoreMongoRequests table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Mongo vCore requests P99 duration by operation + + +Mongo vCore requests P99 runtime duration by operation name. + +```query +VCoreMongoRequests +// Time range filter: | where TimeGenerated between (StartTime .. EndTime) +// Resource id filter: | where _ResourceId == "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-resource-group-name/providers/microsoft.documentdb/mongoclusters/my-cluster-name" +| summarize percentile(DurationMs, 99) by bin(TimeGenerated, 1h), OperationName + +``` + + + +### Mongo vCore requests binned by duration + + +Count of Mongo vCore requests binned by total runtime duration. + +```query +VCoreMongoRequests +// Time range filter: | where TimeGenerated between (StartTime .. EndTime) +// Resource id filter: | where _ResourceId == "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-resource-group-name/providers/microsoft.documentdb/mongoclusters/my-cluster-name" +| project TimeGenerated, DurationBin=tostring(bin(DurationMs, 5)) +| summarize count() by bin(TimeGenerated, 1m), tostring(DurationBin) + +``` + + + +### Failed Mongo vCore requests + + +Count of failed Mongo vCore requests by error code. + +```query +VCoreMongoRequests +// Time range filter: | where TimeGenerated between (StartTime .. EndTime) +// Resource id filter: | where _ResourceId == "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-resource-group-name/providers/microsoft.documentdb/mongoclusters/my-cluster-name" +| where ErrorCode != 0 +| summarize count() by bin(TimeGenerated, 5m), ErrorCode=tostring(ErrorCode) + +``` + + + +### Mongo vCore requests by user agent + + +Count of Mongo vCore requests by user agent. + +```query +VCoreMongoRequests +// Time range filter: | where TimeGenerated between (StartTime .. EndTime) +// Resource id filter: | where _ResourceId == "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-resource-group-name/providers/microsoft.documentdb/mongoclusters/my-cluster-name" +| summarize count() by bin(TimeGenerated, 1h), UserAgent + +``` + diff --git a/articles/azure-monitor/reference/queries/viaudit.md b/articles/azure-monitor/reference/queries/viaudit.md new file mode 100644 index 0000000000..e3d2323a7d --- /dev/null +++ b/articles/azure-monitor/reference/queries/viaudit.md @@ -0,0 +1,83 @@ +--- +title: Example log table queries for VIAudit +description: Example queries for VIAudit log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the VIAudit table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Video Indexer Audit by account id + + +Display audit events for account (AccountId = \), with an optional filter by user UPN. + +```query +VIAudit +| where AccountId == "" // please fill in the accountId +// | where Upn == "" // to to filter on a specific user upn, uncomment this line +| limit 100 +``` + + + +### Video Indexer Audit top 10 users by operations + + +Render timechart of top 10 users by operations, with an optional account id for filtering. + +```query +// Trend of top 10 active Upn's +VIAudit +// | where AccountId == "" // to filter on a specific accountId, uncomment this line +| where TimeGenerated > ago(30d) +| summarize count() by Upn +| top 10 by count_ desc +| project Upn +| join (VIAudit +| where TimeGenerated > ago(30d) +| summarize count() by Upn, bin(TimeGenerated,1d)) on Upn +| project TimeGenerated, Upn, count_ +| render timechart +``` + + + +### Video Indexer Audit parsed error message + + +Display audit failed events with an optional account id for filtering. + +```query +// Project failures with detailed error message. +VIAudit +// | where AccountId == "" // to filter on a specific accountId, uncomment this line +| where Status == "Failure" +| parse Description with "ErrorType: " ErrorType ". Message: " ErrorMessage ". Trace" * +| project TimeGenerated, OperationName, ErrorMessage, ErrorType, CorrelationId, _ResourceId +``` + + + +### Video Indexer Audit failed operations + + +Display audit logs of all failed operations attempts, with an optional filter by account id and user UPN. + +```query +VIAudit +// | where AccountId == "" // to filter on a specific accountId, uncomment this line +// | where Upn == "" // to to filter on a specific user upn, uncomment this line +| where Status == "Failure" +| limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/viindexing.md b/articles/azure-monitor/reference/queries/viindexing.md new file mode 100644 index 0000000000..40babd3e98 --- /dev/null +++ b/articles/azure-monitor/reference/queries/viindexing.md @@ -0,0 +1,58 @@ +--- +title: Example log table queries for VIIndexing +description: Example queries for VIIndexing log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the VIIndexing table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Failed Indexing operations + + +Display Video Indexer Account logs of all failed indexing operations. + +```query +// Failed Indexing operations +// Display Video Indexer Account logs of all failed indexing operations. +VIIndexing +// | where AccountId == "" // to filter on a specific accountId, uncomment this line +| where Status == "Failure" +| summarize count() by bin(TimeGenerated, 1d) +| render columnchart +``` + + + +### Top 10 users + + +Summarize top 10 users. + +```query +// Video Indexer top 10 users by operations +// Render timechart of top 10 users by operations, with an optional account id for filtering. +// Trend of top 10 active Upn's +VIIndexing +// | where AccountId == "" // to filter on a specific accountId, uncomment this line +| where OperationName in ("IndexingStarted", "ReindexingStarted") +| summarize count() by Upn +| top 10 by count_ desc +| project Upn +| join (VIIndexing +| where TimeGenerated > ago(30d) +| where OperationName in ("IndexingStarted", "ReindexingStarted") +| summarize count() by Upn, bin(TimeGenerated,1d)) on Upn +| project TimeGenerated, Upn, count_ +| render timechart +``` + diff --git a/articles/azure-monitor/reference/queries/w3ciislog.md b/articles/azure-monitor/reference/queries/w3ciislog.md new file mode 100644 index 0000000000..f6b1d2738f --- /dev/null +++ b/articles/azure-monitor/reference/queries/w3ciislog.md @@ -0,0 +1,214 @@ +--- +title: Example log table queries for W3CIISLog +description: Example queries for W3CIISLog log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the W3CIISLog table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### List IIS log entries + + +Last 50 IIS log entries. + +```query +W3CIISLog +| top 50 by TimeGenerated desc +``` + + + +### Display breakdown respond codes + + +Display breakdown respond codes. + +```query +W3CIISLog +| summarize count() by scStatus +``` + + + +### Maximum time taken for each page + + +Find maximum time taken for each page. + +```query +W3CIISLog +| summarize max(TimeTaken) by csUriStem +``` + + + +### Show 404 pages list + + +Show 404 pages list. + +```query +W3CIISLog +| where scStatus == 404 +| summarize count() by csUriStem +| sort by count_ desc +``` + + + +### Average HTTP request time + + +Average HTTP request time for HTTP method. + +```query +W3CIISLog +| summarize avg(TimeTaken) by csMethod +``` + + + +### Servers with internal server error + + +Show servers throwing internal server error. + +```query +W3CIISLog +| where scStatus == "500" +| summarize count() by sComputerName +``` + + + +### Count IIS log entries by HTTP request method + + +Count IIS log entries by HTTP request method. + +```query +W3CIISLog +| summarize count() by csMethod +``` + + + +### Count IIS log entries by HTTP user agent + + +Count IIS log entries by HTTP user agent. + +```query +W3CIISLog +| summarize count() by csUserAgent +``` + + + +### Count IIS log entries by client IP address + + +Count IIS log entries by client IP address. + +```query +W3CIISLog +| summarize count() by cIP +``` + + + +### IIS log entries for client IP + + +IIS log entries for a client IP. + +```query +W3CIISLog +| where cIP == "192.168.0.1" // Enter Client IP here +| project csUriStem, scBytes, csBytes, TimeTaken, scStatus, TimeGenerated +| top 100 by TimeGenerated desc +``` + + + +### Count of IIS log entries by URL + + +Count of IIS log entries by URL requested by client. + +```query +W3CIISLog +| summarize count() by csUriStem +``` + + + +### Count of IIS log entries by host + + +Count of IIS log entries by host requested by client. + +```query +W3CIISLog +| summarize count() by csHost +``` + + + +### Total bytes traffic by client IP + + +Total bytes sent and received by client IP address. + +```query +W3CIISLog +| summarize BytesSent = sum(csBytes), BytesReceived = sum(scBytes) by cIP +``` + + + +### Bytes received by each IIS computer + + +Total bytes received by each IIS computer. + +```query +W3CIISLog +| summarize sum_csBytes = sum(csBytes) by Computer +| top 500 by sum_csBytes desc +``` + + + +### Bytes responded to clients by each IIS server IP + + +Total bytes responded to clients by each IIS server IP address. + +```query +W3CIISLog +| summarize sum(scBytes) by sIP +``` + + + +### Average HTTP request time by client IP + + +Average HTTP request time by client IP address. + +```query +W3CIISLog +| summarize avg(TimeTaken) by cIP +``` + diff --git a/articles/azure-monitor/reference/queries/waasdeploymentstatus.md b/articles/azure-monitor/reference/queries/waasdeploymentstatus.md new file mode 100644 index 0000000000..f26457803f --- /dev/null +++ b/articles/azure-monitor/reference/queries/waasdeploymentstatus.md @@ -0,0 +1,72 @@ +--- +title: Example log table queries for WaaSDeploymentStatus +description: Example queries for WaaSDeploymentStatus log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WaaSDeploymentStatus table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Update deployment failures + + +Update deployment failures by device and update classification. + +```query +WaaSDeploymentStatus +| where DeploymentStatus == "Failed" +| summarize arg_max(TimeGenerated, *) by ComputerID, UpdateClassification +| project Computer, ComputerID, ReleaseName, UpdateCategory, UpdateClassification, DeploymentError, DeploymentErrorCode +``` + + + +### Devices pending reboot to complete update + + +Devices with pending reboot to complete update. + +```query +WaaSDeploymentStatus +| where DetailedStatus == "Reboot pending" +| summarize arg_max(TimeGenerated, *) by ComputerID, UpdateClassification +| project Computer, ComputerID, DetailedStatus, ReleaseName, UpdateCategory, UpdateClassification, LastScan +``` + + + +### Devices with a Safeguard Hold + + +This query shows the device data for all devices that are impacted by safeguard holds. + +```query +WaaSDeploymentStatus +| where DetailedStatus == "Safeguard Hold" +| summarize arg_max(TimeGenerated, *) by ComputerID, UpdateClassification +| project TimeGenerated, DetailedStatus, ComputerID, ReleaseName, UpdateCategory, UpdateClassification +``` + + + +### Target build distribution of devices with a safeguard hold + + +Pie chart of target build distribution of devices impacted by safeguards. + +```query +WaaSDeploymentStatus +| where DetailedStatus == "Safeguard Hold" +| summarize count(ComputerID) by TargetBuild +| render piechart +``` + diff --git a/articles/azure-monitor/reference/queries/waasupdatestatus.md b/articles/azure-monitor/reference/queries/waasupdatestatus.md new file mode 100644 index 0000000000..8377d9ca36 --- /dev/null +++ b/articles/azure-monitor/reference/queries/waasupdatestatus.md @@ -0,0 +1,105 @@ +--- +title: Example log table queries for WaaSUpdateStatus +description: Example queries for WaaSUpdateStatus log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WaaSUpdateStatus table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Distribution of device Servicing Branch + + +Pie chart of devices distribution by servicing branch. + +```query +WaaSUpdateStatus +| summarize arg_max(TimeGenerated, *) by ComputerID +| project ComputerID, OSServicingBranch +| summarize dcount(ComputerID) by OSServicingBranch +| render piechart +``` + + + +### Distribution of device OS Edition + + +Counts devices by OS edition. + +```query +WaaSUpdateStatus +| summarize arg_max(TimeGenerated, *) by ComputerID +| project TimeGenerated, ComputerID, OSEdition +| summarize dcount(ComputerID) by OSEdition +``` + + + +### Feature Update Deferral Configurations + + +Chart of device count by feature update deferral configurations. + +```query +WaaSUpdateStatus +| summarize arg_max(TimeGenerated, *) by ComputerID +| project TimeGenerated, ComputerID, FeatureDeferralDays +| summarize dcount(ComputerID) by FeatureDeferralDays +| sort by FeatureDeferralDays asc +| render columnchart +``` + + + +### Feature Update Pause Configurations + + +Count devices by feature update pause configurations. + +```query +WaaSUpdateStatus +| summarize arg_max(TimeGenerated, *) by ComputerID +| project TimeGenerated, ComputerID, FeaturePauseState +| summarize dcount(ComputerID) by FeaturePauseState +``` + + + +### Quality Update Deferral Configurations + + +Chart of device count by quality update deferral configurations. + +```query +WaaSUpdateStatus +| summarize arg_max(TimeGenerated, *) by ComputerID +| project TimeGenerated, ComputerID, QualityDeferralDays +| summarize dcount(ComputerID) by QualityDeferralDays +| sort by QualityDeferralDays asc +| render columnchart +``` + + + +### Quality Update Pause Configurations + + +Count devices by quality update pause configurations. + +```query +WaaSUpdateStatus +| summarize arg_max(TimeGenerated, *) by ComputerID +| project TimeGenerated, ComputerID, QualityPauseState +| summarize dcount(ComputerID) by QualityPauseState +``` + diff --git a/articles/azure-monitor/reference/queries/watchlist.md b/articles/azure-monitor/reference/queries/watchlist.md new file mode 100644 index 0000000000..63e53827aa --- /dev/null +++ b/articles/azure-monitor/reference/queries/watchlist.md @@ -0,0 +1,44 @@ +--- +title: Example log table queries for Watchlist +description: Example queries for Watchlist log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the Watchlist table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Get Watchlist aliases + + +Gets a distinct list of all Watchlist aliases in a workspace. + +```query +Watchlist +| where _DTItemType == "Watchlist" +| where _DTTimestamp > ago(5d) +| distinct WatchlistAlias +``` + + + +### Lookup events using a Watchlist + + +Lookup events in Heartbeat table against data from a Watchlist by treating the Watchlist as a table for joins and lookups. + +```query +Heartbeat +| lookup kind=leftouter _GetWatchlist('mywatchlist') + on $left.ComputerIP == $right.SearchKey + | limit 100 +``` + diff --git a/articles/azure-monitor/reference/queries/windowsevent.md b/articles/azure-monitor/reference/queries/windowsevent.md new file mode 100644 index 0000000000..38be598e68 --- /dev/null +++ b/articles/azure-monitor/reference/queries/windowsevent.md @@ -0,0 +1,31 @@ +--- +title: Example log table queries for WindowsEvent +description: Example queries for WindowsEvent log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WindowsEvent table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### WindowsEvent Audit Policy Events + + +Display events where audits were cleared (EventId = 1102) or changed (EventId = 4719). + +```query +WindowsEvent +| where Provider == 'Microsoft-Windows-Security-Auditing' +| where EventID == 1102 or EventID == 4719 +| extend DescriptionMessage = iff(EventID == 1102, 'Audit log was cleared', 'System audit policy was changed') +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/wiredata.md b/articles/azure-monitor/reference/queries/wiredata.md new file mode 100644 index 0000000000..afa495645c --- /dev/null +++ b/articles/azure-monitor/reference/queries/wiredata.md @@ -0,0 +1,128 @@ +--- +title: Example log table queries for WireData +description: Example queries for WireData log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WireData table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Agents that provide wire data + + +Agents providing wire data and sum of total bytes for each agent. + +```query +WireData +| summarize sum(TotalBytes) by Computer +``` + + + +### IP Addresses of the agents providing wire data + + +IP Addresses of the agents providing wire data. + +```query +WireData +| summarize count() by LocalIP +``` + + + +### All Outbound communications by Remote IP Address + + +All Outbound communications by Remote IP Address. + +```query +WireData +| where Direction == "Outbound" +| summarize count() by RemoteIP +``` + + + +### Bytes sent by Application Protocol + + +Bytes sent by Application Protocol. + +```query +WireData +| where Direction == "Outbound" +| summarize sum(SentBytes) by ApplicationProtocol +``` + + + +### Bytes received by Protocol Name + + +Bytes received by Protocol Name (transport-level protocol, only some are recognized). + +```query +WireData +| where Direction == "Inbound" +| summarize sum(ReceivedBytes) by ProtocolName +``` + + + +### Total bytes by IP version + + +Total bytes by IP version (IPv4 or IPv6). + +```query +WireData +| summarize sum(TotalBytes) by IPVersion +``` + + + +### Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction) + + +Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction). + +```query +WireData +| where LocalSubnet == "10.0.0.0/8" +| summarize count() by RemoteIP +``` + + + +### Processes that initiated or received network traffic + + +Processes that initiated or received network traffic. + +```query +WireData +| distinct ProcessName +``` + + + +### Amount of Network Traffic by Process + + +Amount of Network Traffic (in Bytes) by Process. + +```query +WireData +| summarize sum(TotalBytes) by ProcessName +``` + diff --git a/articles/azure-monitor/reference/queries/workloaddiagnosticlogs.md b/articles/azure-monitor/reference/queries/workloaddiagnosticlogs.md new file mode 100644 index 0000000000..0b537e260e --- /dev/null +++ b/articles/azure-monitor/reference/queries/workloaddiagnosticlogs.md @@ -0,0 +1,30 @@ +--- +title: Example log table queries for WorkloadDiagnosticLogs +description: Example queries for WorkloadDiagnosticLogs log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WorkloadDiagnosticLogs table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Workload Monitoring Insights data collection warnings or errors + + +Warning or error logs from data collection services of Workload Monitoring of Azure Monitor Insights. + +```query +WorkloadDiagnosticLogs +| where Status in ("Warning", "Error") +| sort by TimeGenerated desc +| take 100 +``` + diff --git a/articles/azure-monitor/reference/queries/wvdagenthealthstatus.md b/articles/azure-monitor/reference/queries/wvdagenthealthstatus.md new file mode 100644 index 0000000000..44a6080965 --- /dev/null +++ b/articles/azure-monitor/reference/queries/wvdagenthealthstatus.md @@ -0,0 +1,78 @@ +--- +title: Example log table queries for WVDAgentHealthStatus +description: Example queries for WVDAgentHealthStatus log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WVDAgentHealthStatus table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Active sessions on SessionHost + + +Display a graph of active sessions. + +```query +let GranularityInterval = 30m; // Time resolution for query results (min value is 30s). +WVDAgentHealthStatus // Fires every ~30s +// Ensure only one data point is provided per host in the pool +| summarize PeakSessionsByHost=max(toint(ActiveSessions)) by SessionHostName, bin(TimeGenerated, 30s), _ResourceId +// Sum up the values for all of the hosts in each pool +| summarize SessionsByHostPool=sum(PeakSessionsByHost) by TimeGenerated, _ResourceId +// Reduce time resolution to desired GranularityInterval and report the peak session count for each pool in that time window +| summarize max(SessionsByHostPool) by bin(TimeGenerated, GranularityInterval), _ResourceId +| render timechart +``` + + + +### HealthChecks of SessionHost + + +Renders a summary of SessionHost health status. + +```query +let HealthCheckIdToDescription = (idx:long) { + case( + idx == 0, "DomainJoin", + idx == 1, "DomainTrust", + idx == 2, "FSLogix", + idx == 3, "SxSStack", + idx == 4, "URLCheck", + idx == 5, "GenevaAgent", + idx == 6, "DomainReachable", + idx == 7, "WebRTCRedirector", + idx == 8, "SxSStackEncryption", + idx == 9, "IMDSReachable", + idx == 10, "MSIXPackageStaging", + strcat("InvalidNameIndex: ", idx) + ) +}; +let GetHealthCheckResult = (idx:long) { + case( + idx == 0, "Unknown", + idx == 1, "Succeeded", + idx == 2, "Failed", + idx == 3, "SessionHostShutdown", + strcat("InvalidResultIndex: ", idx) + ) +}; +WVDAgentHealthStatus +// In some states (e.g. Unavailable, Upgrading) hosts are not running health checks +| where isnotempty(SessionHostHealthCheckResult) +| mv-expand SessionHostHealthCheckResult to typeof(dynamic) +| evaluate bag_unpack(SessionHostHealthCheckResult) +| evaluate bag_unpack(AdditionalFailureDetails) +| extend HealthCheckDesc = HealthCheckIdToDescription(HealthCheckName) +| summarize count(), FirstSeen=min(TimeGenerated), LastSeen=max(TimeGenerated) by HealthCheckDesc, SessionHostName, HealthCheckResult=GetHealthCheckResult(HealthCheckResult) +``` + diff --git a/articles/azure-monitor/reference/queries/wvdcheckpoints.md b/articles/azure-monitor/reference/queries/wvdcheckpoints.md new file mode 100644 index 0000000000..7721b39d51 --- /dev/null +++ b/articles/azure-monitor/reference/queries/wvdcheckpoints.md @@ -0,0 +1,34 @@ +--- +title: Example log table queries for WVDCheckpoints +description: Example queries for WVDCheckpoints log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WVDCheckpoints table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Published remote resources by count of users + + +Produces a bar chart of published resources by the number of users that have launched them. + +```query +// The checkpoints table keeps track of any individual remote application or desktop a user has started from the remote desktop client UI. +// Note: These logs will only reflect applications published as RemoteApp; applications started within a published desktop session are not individually captured and only show as the overall remote desktop connection. +WVDCheckpoints +| where Name == "LaunchExecutable" +| extend App = parse_json(Parameters).filename +| summarize Usage = dcount(UserName) by tostring(App) +| sort by Usage desc +| render barchart +``` + diff --git a/articles/azure-monitor/reference/queries/wvdconnectionnetworkdata.md b/articles/azure-monitor/reference/queries/wvdconnectionnetworkdata.md new file mode 100644 index 0000000000..2a6b0ab143 --- /dev/null +++ b/articles/azure-monitor/reference/queries/wvdconnectionnetworkdata.md @@ -0,0 +1,99 @@ +--- +title: Example log table queries for WVDConnectionNetworkData +description: Example queries for WVDConnectionNetworkData log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WVDConnectionNetworkData table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Average round-trip time over time + + +Display a graph of round-trip time (in Milliseconds) across all connections in 10 min intervals at the 10th, 50th, and 90th percentiles. + +```query +WVDConnectionNetworkData +| summarize percentiles(EstRoundTripTimeInMs, 90, 50, 10) by bin(TimeGenerated,10m) +| render timechart +``` + + + +### Average BW across all connections + + +Displays a graph of bandwidth (in Kilobytes per second) across all connections over 10 min intervals at the 10th, 50th, and 90th percentiles. + +```query +WVDConnectionNetworkData +| summarize percentiles(EstAvailableBandwidthKBps, 90, 50, 10) by bin(TimeGenerated,10m) +| render timechart +``` + + + +### Top 10 users with the highest round-trip time + + +Returns a list of the top 10 users with the highest average round-trip time (in Milliseconds). + +```query +WVDConnectionNetworkData +| join kind=leftouter +( + WVDConnections + | where State == "Completed" + | distinct CorrelationId, UserName +) on CorrelationId +| summarize AvgRTT=round(avg(EstRoundTripTimeInMs)), RTT_P95=percentile(EstRoundTripTimeInMs, 95) by UserName +| top 10 by AvgRTT desc +``` + + + +### Top 10 users with lowest bandwidth + + +Returns a list of the top 10 users with the lowest average bandwidth (in Kilobytes per second). + +```query +WVDConnectionNetworkData +| join kind=inner +( + WVDConnections + | where State == "Completed" + | distinct CorrelationId, UserName +) on CorrelationId +| summarize AvgBW=avg(EstAvailableBandwidthKBps), BW_P95=percentile(EstAvailableBandwidthKBps,95) by UserName +| top 10 by AvgBW asc +``` + + + +### Summary of Round-trip time and bandwidth + + +Returns the 90th percentiles for round-trip time (in Milliseconds) and bandwidth (in Kilobytes) for each connection along with additional connection details. + +```query +WVDConnectionNetworkData +| summarize RTTP90=percentile(EstRoundTripTimeInMs,90), BWP90=percentile(EstAvailableBandwidthKBps,90), StartTime=min(TimeGenerated), EndTime=max(TimeGenerated) by CorrelationId +| join kind=inner +( + WVDConnections + | where State == "Connected" + | extend Protocol = iif(UdpUse in ("0", "<>"), "TCP", "UDP") +) on CorrelationId +| project CorrelationId, StartTime, EndTime, UserName, SessionHostName, RTTP90, BWP90, Protocol, ClientOS, ClientType, ClientVersion, ConnectionType, ResourceAlias, SessionHostSxSStackVersion +``` + diff --git a/articles/azure-monitor/reference/queries/wvdconnections.md b/articles/azure-monitor/reference/queries/wvdconnections.md new file mode 100644 index 0000000000..103184f85d --- /dev/null +++ b/articles/azure-monitor/reference/queries/wvdconnections.md @@ -0,0 +1,205 @@ +--- +title: Example log table queries for WVDConnections +description: Example queries for WVDConnections log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WVDConnections table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Connection Errors + + +List connection checkpoints and errors for each connection attempt, along with detailed information across all users. + +```query +//You can also uncomment the where clause to filter to a specific user if you are troubleshooting an issue. +WVDConnections +//| where UserName == "upn.here@contoso.com" +| project-away TenantId,SourceSystem +| summarize arg_max(TimeGenerated, *), StartTime = min(iff(State=='Started', TimeGenerated , datetime(null) )), ConnectTime = min(iff(State=='Connected', TimeGenerated , datetime(null) )) by CorrelationId +| join kind=leftouter +( + WVDErrors + |summarize Errors=make_list(pack('Code', Code, 'CodeSymbolic', CodeSymbolic, 'Time', TimeGenerated, 'Message', Message ,'ServiceError', ServiceError, 'Source', Source)) by CorrelationId +) on CorrelationId +| join kind=leftouter +( + WVDCheckpoints + | summarize Checkpoints=make_list(pack('Time', TimeGenerated, 'Name', Name, 'Parameters', Parameters, 'Source', Source)) by CorrelationId + | mv-apply Checkpoints on + ( + order by todatetime(Checkpoints['Time']) asc + | summarize Checkpoints=make_list(Checkpoints) + ) +) on CorrelationId +| project-away CorrelationId1, CorrelationId2 +| order by TimeGenerated desc +``` + + + +### Session duration + + +Lists the duration and connection type of each user's connections. + +```query +// The "State" field provides information on the connection stage of an actitivity. +// The delta between "Connected" and "Completed" provides the connection duration. +WVDConnections +| where State == "Connected" +| project CorrelationId , UserName, ConnectionType , StartTime=TimeGenerated +| join kind=inner +( + WVDConnections + | where State == "Completed" + | project EndTime=TimeGenerated, CorrelationId +) on CorrelationId +| project Duration = EndTime - StartTime, ConnectionType, UserName +| sort by Duration desc +``` + + + +### Top 10 users by average connection duration + + +Lists 10 users with the longest average connection duration. + +```query +// Connection activities have 3 states, this query demonstrates how to calculate the connection duration. +WVDConnections +| where State == "Connected" +| project CorrelationId, UserName, ConnectionType, StartTime=TimeGenerated +| join kind=inner +( + WVDConnections + | where State == "Completed" + | project EndTime=TimeGenerated, CorrelationId +) on CorrelationId +| project Duration = EndTime - StartTime, ConnectionType, UserName +| summarize AVGDuration=avg(Duration) by UserName +| sort by AVGDuration desc +| limit 10 +``` + + + +### Top 10 most active users + + +Lists top 10 users by total connection duration. + +```query +// The connection duration is the delta between "Connected" and "Completed" state. +WVDConnections +| where State == "Connected" +| project CorrelationId , UserName, ConnectionType , StartTime=TimeGenerated +| join kind=inner +( + WVDConnections + | where State == "Completed" + | project EndTime=TimeGenerated, CorrelationId +) on CorrelationId +| extend SessionDuration = EndTime - StartTime +| summarize TotalConnectionTime = sum(SessionDuration) by UserName, ConnectionType +| top 10 by TotalConnectionTime desc +``` + + + +### Average connection duration by hostpool + + +Ranks hostpools by average connection duration. + +```query +// Characterize the usage pattern of all hostpools in the current Log Analytics scope +WVDConnections +| where State == "Connected" +| project ResourceAlias, CorrelationId, StartTime=TimeGenerated, _ResourceId +| join kind = leftouter +( + WVDConnections + | where State == "Completed" + | project EndTime=TimeGenerated, CorrelationId +) on CorrelationId +// If connection hasn't completed yet, it is still running so the end time can be assumed to be now (duration so far) +| project Duration = coalesce(EndTime, now()) - StartTime, _ResourceId +| summarize AvgDuration=avg(Duration) by _ResourceId +| parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.desktopvirtualization/hostpools/" HostPool +| project ResourceGroup, HostPool, AvgDuration +| sort by AvgDuration desc +``` + + + +### Client-side operating system information by user count + + +Produces a bar chart of operating systems used on client devices connecting to the deployment. + +```query +// Use this query to understand which OS version users have installed on the devices they are connecting from. +WVDConnections +| summarize UserCount=dcount(UserName) by ClientOS +| sort by UserCount desc +| render barchart +``` + + + +### Azure Virtual Desktop client usage information + + +List of client types and versions used by users connecting to the deployment. + +```query +WVDConnections +| summarize UserCount=dcount(UserName) by ClientType, ClientVersion +| sort by ClientVersion, ClientType, UserCount desc +``` + + + +### Average session logon time + + +Lists the average session logon time by host pool and session state. + +```query +WVDConnections +| where TimeGenerated > ago(24h) +| where State == "Started" +| project CorrelationId , UserName, ConnectionType , StartTime=TimeGenerated, _ResourceId +| join kind=inner +( + WVDConnections + | where State == "Connected" + | project ConnectTime=TimeGenerated, CorrelationId +) on CorrelationId +| join kind=inner +( + WVDCheckpoints + | where Name =~ "LoadBalancedNewConnection" + | extend LoadBalanceOutcome=tostring(parse_json(Parameters).LoadBalanceOutcome) +) on CorrelationId +| project Duration = ConnectTime - StartTime, _ResourceId, Session=case(LoadBalanceOutcome in ("Active", "Disconnected"), "ExistingSession", LoadBalanceOutcome == "Pending", "Creating", LoadBalanceOutcome) +// Exclude connections that are happening while another connection kicked off the session creation, since results will be inconclusive +| where Session != "Creating" +| summarize AvgDuration=avg(Duration) by _ResourceId, Session +| parse _ResourceId with "/subscriptions/" subscription "/resourcegroups/" ResourceGroup "/providers/microsoft.desktopvirtualization/hostpools/" HostPool +| project ResourceGroup, HostPool, Session, AvgDuration +| sort by AvgDuration desc +``` + diff --git a/articles/azure-monitor/reference/queries/wvderrors.md b/articles/azure-monitor/reference/queries/wvderrors.md new file mode 100644 index 0000000000..0bea210c4a --- /dev/null +++ b/articles/azure-monitor/reference/queries/wvderrors.md @@ -0,0 +1,60 @@ +--- +title: Example log table queries for WVDErrors +description: Example queries for WVDErrors log table +ms.topic: reference +ms.service: azure-monitor +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 + +# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script. + +--- + +# Queries for the WVDErrors table + +For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query). + + +### Top 10 connection errors + + +Returns the top 10 deployment-side connection errors by user count. + +```query +// You can replace "UserName" in the query by "CorrelationId" to see how many connections each error has impacted. +// The "CorrelationId" is unique for each connection attempt. +// The flag on "ServiceError" helps to focus on issues that are most likely mitigated by the administrator or end user. +// Change the ActivityType based on the type of issues you are troubleshooting. +WVDErrors +| where ServiceError == "false" +| where ActivityType == "Connection" +| summarize UserCount = dcount(UserName), SampleMessage = take_any(Message) by CodeSymbolic +| project SampleMessage, UserCount +| top 10 by UserCount desc +// Go to https://aka.ms/wvdgetstarted and review additional guidance for diagnostics in the How To section. +// Our troubleshooting guidance has information on escalation paths. +``` + + + +### Top 10 feed errors + + +Returns the top 10 deployment-side feed errors by user count. + +```query +// You can replace "UserName" in the query by "CorrelationId" to see how many feed refresh attempts each error has impacted. +// The "CorrelationId" is unique for each feed refresh attempt. +// The flag on "ServiceError" helps to focus on issues that are most likely mitigated by the administrator or end user. +// Change the ActivityType based on the type of issues you are troubleshooting. +WVDErrors +| where ServiceError == "false" +| where ActivityType == "Feed" +| summarize UserCount = dcount(UserName), SampleMessage = take_any(Message) by CodeSymbolic +| project SampleMessage, UserCount +| top 10 by UserCount desc +// Go to https://aka.ms/wvdgetstarted and review additional guidance for diagnostics in the How To section. +// Our troubleshooting guidance has information on escalation paths. +``` + diff --git a/articles/azure-monitor/reference/tables-category.md b/articles/azure-monitor/reference/tables-category.md new file mode 100644 index 0000000000..8dc1ff8247 --- /dev/null +++ b/articles/azure-monitor/reference/tables-category.md @@ -0,0 +1,845 @@ +--- +title: Azure Monitor resource log / Log Analytics table reference index by category +description: Index for tables in Azure Monitor Logs organized by category. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 +--- + +# Azure Monitor Log Analytics log tables organized by category + + + +### Applications +- [AppAvailabilityResults](./tables/appavailabilityresults.md) +- [AppBrowserTimings](./tables/appbrowsertimings.md) +- [AppDependencies](./tables/appdependencies.md) +- [AppEvents](./tables/appevents.md) +- [AppExceptions](./tables/appexceptions.md) +- [AppMetrics](./tables/appmetrics.md) +- [AppPageViews](./tables/apppageviews.md) +- [AppPerformanceCounters](./tables/appperformancecounters.md) +- [AppRequests](./tables/apprequests.md) +- [AppServiceConsoleLogs](./tables/appserviceconsolelogs.md) +- [AppSystemEvents](./tables/appsystemevents.md) +- [AppTraces](./tables/apptraces.md) +- [ContainerLog](./tables/containerlog.md) +- [FunctionAppLogs](./tables/functionapplogs.md) + + +### Audit +- [AACAudit](./tables/aacaudit.md) +- [AADB2CRequestLogs](./tables/aadb2crequestlogs.md) +- [AADCustomSecurityAttributeAuditLogs](./tables/aadcustomsecurityattributeauditlogs.md) +- [AADManagedIdentitySignInLogs](./tables/aadmanagedidentitysigninlogs.md) +- [AADNonInteractiveUserSignInLogs](./tables/aadnoninteractiveusersigninlogs.md) +- [AADProvisioningLogs](./tables/aadprovisioninglogs.md) +- [AADRiskyServicePrincipals](./tables/aadriskyserviceprincipals.md) +- [AADRiskyUsers](./tables/aadriskyusers.md) +- [AADServicePrincipalRiskEvents](./tables/aadserviceprincipalriskevents.md) +- [AADServicePrincipalSignInLogs](./tables/aadserviceprincipalsigninlogs.md) +- [AADUserRiskEvents](./tables/aaduserriskevents.md) +- [ACICollaborationAudit](./tables/acicollaborationaudit.md) +- [ACRConnectedClientList](./tables/acrconnectedclientlist.md) +- [ACREntraAuthenticationAuditLog](./tables/acrentraauthenticationauditlog.md) +- [ADFSSignInLogs](./tables/adfssigninlogs.md) +- [ADPAudit](./tables/adpaudit.md) +- [AEWAssignmentBlobLogs](./tables/aewassignmentbloblogs.md) +- [AEWAuditLogs](./tables/aewauditlogs.md) +- [AEWComputePipelinesLogs](./tables/aewcomputepipelineslogs.md) +- [AFSAuditLogs](./tables/afsauditlogs.md) +- [AGSGrafanaLoginEvents](./tables/agsgrafanaloginevents.md) +- [AGWAccessLogs](./tables/agwaccesslogs.md) +- [AGWFirewallLogs](./tables/agwfirewalllogs.md) +- [AGWPerformanceLogs](./tables/agwperformancelogs.md) +- [AHDSDeidAuditLogs](./tables/ahdsdeidauditlogs.md) +- [AHDSDicomAuditLogs](./tables/ahdsdicomauditlogs.md) +- [AKSAudit](./tables/aksaudit.md) +- [AKSAuditAdmin](./tables/aksauditadmin.md) +- [AMSKeyDeliveryRequests](./tables/amskeydeliveryrequests.md) +- [AMSLiveEventOperations](./tables/amsliveeventoperations.md) +- [AMSMediaAccountHealth](./tables/amsmediaaccounthealth.md) +- [AMSStreamingEndpointRequests](./tables/amsstreamingendpointrequests.md) +- [AOIDatabaseQuery](./tables/aoidatabasequery.md) +- [AOIStorage](./tables/aoistorage.md) +- [ASCAuditLogs](./tables/ascauditlogs.md) +- [ASCDeviceEvents](./tables/ascdeviceevents.md) +- [ASRJobs](./tables/asrjobs.md) +- [ASRReplicatedItems](./tables/asrreplicateditems.md) +- [AVNMConnectivityConfigurationChange](./tables/avnmconnectivityconfigurationchange.md) +- [AVNMIPAMPoolAllocationChange](./tables/avnmipampoolallocationchange.md) +- [AVNMNetworkGroupMembershipChange](./tables/avnmnetworkgroupmembershipchange.md) +- [AVNMRuleCollectionChange](./tables/avnmrulecollectionchange.md) +- [AZKVAuditLogs](./tables/azkvauditlogs.md) +- [AZKVPolicyEvaluationDetailsLogs](./tables/azkvpolicyevaluationdetailslogs.md) +- [AZMSApplicationMetricLogs](./tables/azmsapplicationmetriclogs.md) +- [AZMSArchiveLogs](./tables/azmsarchivelogs.md) +- [AZMSAutoscaleLogs](./tables/azmsautoscalelogs.md) +- [AZMSCustomerManagedKeyUserLogs](./tables/azmscustomermanagedkeyuserlogs.md) +- [AZMSDiagnosticErrorLogs](./tables/azmsdiagnosticerrorlogs.md) +- [AZMSHybridConnectionsEvents](./tables/azmshybridconnectionsevents.md) +- [AZMSKafkaCoordinatorLogs](./tables/azmskafkacoordinatorlogs.md) +- [AZMSKafkaUserErrorLogs](./tables/azmskafkausererrorlogs.md) +- [AZMSOperationalLogs](./tables/azmsoperationallogs.md) +- [AZMSRunTimeAuditLogs](./tables/azmsruntimeauditlogs.md) +- [AZMSVnetConnectionEvents](./tables/azmsvnetconnectionevents.md) +- [AegDataPlaneRequests](./tables/aegdataplanerequests.md) +- [AgriFoodApplicationAuditLogs](./tables/agrifoodapplicationauditlogs.md) +- [AmlComputeInstanceEvent](./tables/amlcomputeinstanceevent.md) +- [AmlDataLabelEvent](./tables/amldatalabelevent.md) +- [AmlDataSetEvent](./tables/amldatasetevent.md) +- [AmlDataStoreEvent](./tables/amldatastoreevent.md) +- [AmlDeploymentEvent](./tables/amldeploymentevent.md) +- [AmlEnvironmentEvent](./tables/amlenvironmentevent.md) +- [AmlInferencingEvent](./tables/amlinferencingevent.md) +- [AmlModelsEvent](./tables/amlmodelsevent.md) +- [AmlOnlineEndpointConsoleLog](./tables/amlonlineendpointconsolelog.md) +- [AmlOnlineEndpointEventLog](./tables/amlonlineendpointeventlog.md) +- [AmlOnlineEndpointTrafficLog](./tables/amlonlineendpointtrafficlog.md) +- [AmlPipelineEvent](./tables/amlpipelineevent.md) +- [AmlRegistryReadEventsLog](./tables/amlregistryreadeventslog.md) +- [AmlRegistryWriteEventsLog](./tables/amlregistrywriteeventslog.md) +- [AmlRunEvent](./tables/amlrunevent.md) +- [AppEnvSpringAppConsoleLogs](./tables/appenvspringappconsolelogs.md) +- [ArcK8sAudit](./tables/arck8saudit.md) +- [ArcK8sAuditAdmin](./tables/arck8sauditadmin.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureBackupOperations](./tables/azurebackupoperations.md) +- [AzureLoadTestingOperation](./tables/azureloadtestingoperation.md) +- [CCFApplicationLogs](./tables/ccfapplicationlogs.md) +- [CDBCassandraRequests](./tables/cdbcassandrarequests.md) +- [CDBControlPlaneRequests](./tables/cdbcontrolplanerequests.md) +- [CDBDataPlaneRequests](./tables/cdbdataplanerequests.md) +- [CDBGremlinRequests](./tables/cdbgremlinrequests.md) +- [CDBMongoRequests](./tables/cdbmongorequests.md) +- [CDBPartitionKeyRUConsumption](./tables/cdbpartitionkeyruconsumption.md) +- [CDBPartitionKeyStatistics](./tables/cdbpartitionkeystatistics.md) +- [CDBQueryRuntimeStatistics](./tables/cdbqueryruntimestatistics.md) +- [CDBTableApiRequests](./tables/cdbtableapirequests.md) +- [CHSMManagementAuditLogs](./tables/chsmmanagementauditlogs.md) +- [CHSMServiceOperationAuditLogs](./tables/chsmserviceoperationauditlogs.md) +- [CIEventsAudit](./tables/cieventsaudit.md) +- [CassandraAudit](./tables/cassandraaudit.md) +- [ChaosStudioExperimentEventLogs](./tables/chaosstudioexperimenteventlogs.md) +- [ContainerAppConsoleLogs](./tables/containerappconsolelogs.md) +- [ContainerAppSystemLogs](./tables/containerappsystemlogs.md) +- [ContainerEvent](./tables/containerevent.md) +- [ContainerInstanceLog](./tables/containerinstancelog.md) +- [DatabricksBrickStoreHttpGateway](./tables/databricksbrickstorehttpgateway.md) +- [DatabricksCloudStorageMetadata](./tables/databrickscloudstoragemetadata.md) +- [DatabricksDashboards](./tables/databricksdashboards.md) +- [DatabricksDataMonitoring](./tables/databricksdatamonitoring.md) +- [DatabricksFilesystem](./tables/databricksfilesystem.md) +- [DatabricksIngestion](./tables/databricksingestion.md) +- [DatabricksLineageTracking](./tables/databrickslineagetracking.md) +- [DatabricksMarketplaceConsumer](./tables/databricksmarketplaceconsumer.md) +- [DatabricksPredictiveOptimization](./tables/databrickspredictiveoptimization.md) +- [DataverseActivity](./tables/dataverseactivity.md) +- [DevCenterDiagnosticLogs](./tables/devcenterdiagnosticlogs.md) +- [EGNSuccessfulMqttConnections](./tables/egnsuccessfulmqttconnections.md) +- [HDInsightGatewayAuditLogs](./tables/hdinsightgatewayauditlogs.md) +- [HDInsightRangerAuditLogs](./tables/hdinsightrangerauditlogs.md) +- [LAQueryLogs](./tables/laquerylogs.md) +- [MicrosoftGraphActivityLogs](./tables/microsoftgraphactivitylogs.md) +- [MicrosoftHealthcareApisAuditLogs](./tables/microsofthealthcareapisauditlogs.md) +- [MicrosoftPurviewInformationProtection](./tables/microsoftpurviewinformationprotection.md) +- [NSPAccessLogs](./tables/nspaccesslogs.md) +- [OEPAuditLogs](./tables/oepauditlogs.md) +- [PFTitleAuditLogs](./tables/pftitleauditlogs.md) +- [PowerAppsActivity](./tables/powerappsactivity.md) +- [PowerAutomateActivity](./tables/powerautomateactivity.md) +- [PowerBIActivity](./tables/powerbiactivity.md) +- [PowerPlatformAdminActivity](./tables/powerplatformadminactivity.md) +- [PowerPlatformConnectorActivity](./tables/powerplatformconnectoractivity.md) +- [PowerPlatformDlpActivity](./tables/powerplatformdlpactivity.md) +- [REDConnectionEvents](./tables/redconnectionevents.md) +- [SentinelAudit](./tables/sentinelaudit.md) +- [VCoreMongoRequests](./tables/vcoremongorequests.md) +- [VIAudit](./tables/viaudit.md) +- [Windows365AuditLogs](./tables/windows365auditlogs.md) + + +### Azure Monitor +- [ALBHealthEvent](./tables/albhealthevent.md) +- [AMWMetricsUsageDetails](./tables/amwmetricsusagedetails.md) +- [Alert](./tables/alert.md) +- [AlertHistory](./tables/alerthistory.md) +- [AutoscaleEvaluationsLog](./tables/autoscaleevaluationslog.md) +- [AutoscaleScaleActionsLog](./tables/autoscalescaleactionslog.md) +- [ComputerGroup](./tables/computergroup.md) +- [Operation](./tables/operation.md) +- [Usage](./tables/usage.md) +- [WorkloadDiagnosticLogs](./tables/workloaddiagnosticlogs.md) + + +### Azure Resources +- [AACHttpRequest](./tables/aachttprequest.md) +- [AADDomainServicesAccountLogon](./tables/aaddomainservicesaccountlogon.md) +- [AADDomainServicesAccountManagement](./tables/aaddomainservicesaccountmanagement.md) +- [AADDomainServicesDirectoryServiceAccess](./tables/aaddomainservicesdirectoryserviceaccess.md) +- [AADDomainServicesLogonLogoff](./tables/aaddomainserviceslogonlogoff.md) +- [AADDomainServicesPolicyChange](./tables/aaddomainservicespolicychange.md) +- [AADDomainServicesPrivilegeUse](./tables/aaddomainservicesprivilegeuse.md) +- [ABSBotRequests](./tables/absbotrequests.md) +- [ACICollaborationAudit](./tables/acicollaborationaudit.md) +- [ACRConnectedClientList](./tables/acrconnectedclientlist.md) +- [ACREntraAuthenticationAuditLog](./tables/acrentraauthenticationauditlog.md) +- [ACSAdvancedMessagingOperations](./tables/acsadvancedmessagingoperations.md) +- [ACSAuthIncomingOperations](./tables/acsauthincomingoperations.md) +- [ACSBillingUsage](./tables/acsbillingusage.md) +- [ACSCallAutomationIncomingOperations](./tables/acscallautomationincomingoperations.md) +- [ACSCallAutomationMediaSummary](./tables/acscallautomationmediasummary.md) +- [ACSCallClientMediaStatsTimeSeries](./tables/acscallclientmediastatstimeseries.md) +- [ACSCallClientOperations](./tables/acscallclientoperations.md) +- [ACSCallClosedCaptionsSummary](./tables/acscallclosedcaptionssummary.md) +- [ACSCallDiagnostics](./tables/acscalldiagnostics.md) +- [ACSCallRecordingIncomingOperations](./tables/acscallrecordingincomingoperations.md) +- [ACSCallRecordingSummary](./tables/acscallrecordingsummary.md) +- [ACSCallSummary](./tables/acscallsummary.md) +- [ACSCallSurvey](./tables/acscallsurvey.md) +- [ACSChatIncomingOperations](./tables/acschatincomingoperations.md) +- [ACSEmailSendMailOperational](./tables/acsemailsendmailoperational.md) +- [ACSEmailStatusUpdateOperational](./tables/acsemailstatusupdateoperational.md) +- [ACSEmailUserEngagementOperational](./tables/acsemailuserengagementoperational.md) +- [ACSJobRouterIncomingOperations](./tables/acsjobrouterincomingoperations.md) +- [ACSRoomsIncomingOperations](./tables/acsroomsincomingoperations.md) +- [ACSSMSIncomingOperations](./tables/acssmsincomingoperations.md) +- [ADFActivityRun](./tables/adfactivityrun.md) +- [ADFPipelineRun](./tables/adfpipelinerun.md) +- [ADFSandboxActivityRun](./tables/adfsandboxactivityrun.md) +- [ADFSandboxPipelineRun](./tables/adfsandboxpipelinerun.md) +- [ADFTriggerRun](./tables/adftriggerrun.md) +- [ADPAudit](./tables/adpaudit.md) +- [ADPDiagnostics](./tables/adpdiagnostics.md) +- [ADPRequests](./tables/adprequests.md) +- [ADTDataHistoryOperation](./tables/adtdatahistoryoperation.md) +- [ADTDigitalTwinsOperation](./tables/adtdigitaltwinsoperation.md) +- [ADTEventRoutesOperation](./tables/adteventroutesoperation.md) +- [ADTModelsOperation](./tables/adtmodelsoperation.md) +- [ADTQueryOperation](./tables/adtqueryoperation.md) +- [ADXJournal](./tables/adxjournal.md) +- [ADXTableDetails](./tables/adxtabledetails.md) +- [AEWAssignmentBlobLogs](./tables/aewassignmentbloblogs.md) +- [AEWAuditLogs](./tables/aewauditlogs.md) +- [AEWComputePipelinesLogs](./tables/aewcomputepipelineslogs.md) +- [AFSAuditLogs](./tables/afsauditlogs.md) +- [AGCAccessLogs](./tables/agcaccesslogs.md) +- [AGSGrafanaLoginEvents](./tables/agsgrafanaloginevents.md) +- [AGWAccessLogs](./tables/agwaccesslogs.md) +- [AGWFirewallLogs](./tables/agwfirewalllogs.md) +- [AGWPerformanceLogs](./tables/agwperformancelogs.md) +- [AHDSDeidAuditLogs](./tables/ahdsdeidauditlogs.md) +- [AHDSDicomAuditLogs](./tables/ahdsdicomauditlogs.md) +- [AHDSDicomDiagnosticLogs](./tables/ahdsdicomdiagnosticlogs.md) +- [AHDSMedTechDiagnosticLogs](./tables/ahdsmedtechdiagnosticlogs.md) +- [AKSAudit](./tables/aksaudit.md) +- [AKSAuditAdmin](./tables/aksauditadmin.md) +- [AKSControlPlane](./tables/akscontrolplane.md) +- [ALBHealthEvent](./tables/albhealthevent.md) +- [AMSKeyDeliveryRequests](./tables/amskeydeliveryrequests.md) +- [AMSLiveEventOperations](./tables/amsliveeventoperations.md) +- [AMSMediaAccountHealth](./tables/amsmediaaccounthealth.md) +- [AMSStreamingEndpointRequests](./tables/amsstreamingendpointrequests.md) +- [AMWMetricsUsageDetails](./tables/amwmetricsusagedetails.md) +- [AOIDatabaseQuery](./tables/aoidatabasequery.md) +- [AOIStorage](./tables/aoistorage.md) +- [ASCAuditLogs](./tables/ascauditlogs.md) +- [ASCDeviceEvents](./tables/ascdeviceevents.md) +- [ATCExpressRouteCircuitIpfix](./tables/atcexpressroutecircuitipfix.md) +- [ATCPrivatePeeringMetadata](./tables/atcprivatepeeringmetadata.md) +- [AVNMConnectivityConfigurationChange](./tables/avnmconnectivityconfigurationchange.md) +- [AVNMIPAMPoolAllocationChange](./tables/avnmipampoolallocationchange.md) +- [AVNMNetworkGroupMembershipChange](./tables/avnmnetworkgroupmembershipchange.md) +- [AVNMRuleCollectionChange](./tables/avnmrulecollectionchange.md) +- [AZFWFlowTrace](./tables/azfwflowtrace.md) +- [AZKVAuditLogs](./tables/azkvauditlogs.md) +- [AZKVPolicyEvaluationDetailsLogs](./tables/azkvpolicyevaluationdetailslogs.md) +- [AZMSApplicationMetricLogs](./tables/azmsapplicationmetriclogs.md) +- [AZMSArchiveLogs](./tables/azmsarchivelogs.md) +- [AZMSAutoscaleLogs](./tables/azmsautoscalelogs.md) +- [AZMSCustomerManagedKeyUserLogs](./tables/azmscustomermanagedkeyuserlogs.md) +- [AZMSHybridConnectionsEvents](./tables/azmshybridconnectionsevents.md) +- [AZMSKafkaCoordinatorLogs](./tables/azmskafkacoordinatorlogs.md) +- [AZMSKafkaUserErrorLogs](./tables/azmskafkausererrorlogs.md) +- [AZMSOperationalLogs](./tables/azmsoperationallogs.md) +- [AZMSVnetConnectionEvents](./tables/azmsvnetconnectionevents.md) +- [AddonAzureBackupAlerts](./tables/addonazurebackupalerts.md) +- [AddonAzureBackupJobs](./tables/addonazurebackupjobs.md) +- [AddonAzureBackupPolicy](./tables/addonazurebackuppolicy.md) +- [AddonAzureBackupProtectedInstance](./tables/addonazurebackupprotectedinstance.md) +- [AddonAzureBackupStorage](./tables/addonazurebackupstorage.md) +- [AegDataPlaneRequests](./tables/aegdataplanerequests.md) +- [AegDeliveryFailureLogs](./tables/aegdeliveryfailurelogs.md) +- [AegPublishFailureLogs](./tables/aegpublishfailurelogs.md) +- [AgriFoodApplicationAuditLogs](./tables/agrifoodapplicationauditlogs.md) +- [AgriFoodFarmManagementLogs](./tables/agrifoodfarmmanagementlogs.md) +- [AgriFoodFarmOperationLogs](./tables/agrifoodfarmoperationlogs.md) +- [AgriFoodInsightLogs](./tables/agrifoodinsightlogs.md) +- [AgriFoodJobProcessedLogs](./tables/agrifoodjobprocessedlogs.md) +- [AgriFoodModelInferenceLogs](./tables/agrifoodmodelinferencelogs.md) +- [AgriFoodProviderAuthLogs](./tables/agrifoodproviderauthlogs.md) +- [AgriFoodSatelliteLogs](./tables/agrifoodsatellitelogs.md) +- [AgriFoodSensorManagementLogs](./tables/agrifoodsensormanagementlogs.md) +- [AgriFoodWeatherLogs](./tables/agrifoodweatherlogs.md) +- [AmlComputeClusterEvent](./tables/amlcomputeclusterevent.md) +- [AmlComputeClusterNodeEvent](./tables/amlcomputeclusternodeevent.md) +- [AmlComputeCpuGpuUtilization](./tables/amlcomputecpugpuutilization.md) +- [AmlComputeInstanceEvent](./tables/amlcomputeinstanceevent.md) +- [AmlComputeJobEvent](./tables/amlcomputejobevent.md) +- [AmlDataLabelEvent](./tables/amldatalabelevent.md) +- [AmlDataSetEvent](./tables/amldatasetevent.md) +- [AmlDataStoreEvent](./tables/amldatastoreevent.md) +- [AmlDeploymentEvent](./tables/amldeploymentevent.md) +- [AmlEnvironmentEvent](./tables/amlenvironmentevent.md) +- [AmlInferencingEvent](./tables/amlinferencingevent.md) +- [AmlModelsEvent](./tables/amlmodelsevent.md) +- [AmlOnlineEndpointConsoleLog](./tables/amlonlineendpointconsolelog.md) +- [AmlOnlineEndpointEventLog](./tables/amlonlineendpointeventlog.md) +- [AmlOnlineEndpointTrafficLog](./tables/amlonlineendpointtrafficlog.md) +- [AmlPipelineEvent](./tables/amlpipelineevent.md) +- [AmlRegistryReadEventsLog](./tables/amlregistryreadeventslog.md) +- [AmlRegistryWriteEventsLog](./tables/amlregistrywriteeventslog.md) +- [AmlRunEvent](./tables/amlrunevent.md) +- [AmlRunStatusChangedEvent](./tables/amlrunstatuschangedevent.md) +- [ApiManagementGatewayLogs](./tables/apimanagementgatewaylogs.md) +- [ApiManagementWebSocketConnectionLogs](./tables/apimanagementwebsocketconnectionlogs.md) +- [AppEnvSpringAppConsoleLogs](./tables/appenvspringappconsolelogs.md) +- [AppPlatformContainerEventLogs](./tables/appplatformcontainereventlogs.md) +- [AppPlatformIngressLogs](./tables/appplatformingresslogs.md) +- [AppPlatformLogsforSpring](./tables/appplatformlogsforspring.md) +- [AppPlatformSystemLogs](./tables/appplatformsystemlogs.md) +- [AppServiceAppLogs](./tables/appserviceapplogs.md) +- [AppServiceAuditLogs](./tables/appserviceauditlogs.md) +- [AppServiceAuthenticationLogs](./tables/appserviceauthenticationlogs.md) +- [AppServiceConsoleLogs](./tables/appserviceconsolelogs.md) +- [AppServiceFileAuditLogs](./tables/appservicefileauditlogs.md) +- [AppServiceHTTPLogs](./tables/appservicehttplogs.md) +- [AppServicePlatformLogs](./tables/appserviceplatformlogs.md) +- [ArcK8sAudit](./tables/arck8saudit.md) +- [ArcK8sAuditAdmin](./tables/arck8sauditadmin.md) +- [ArcK8sControlPlane](./tables/arck8scontrolplane.md) +- [AuditLogs](./tables/auditlogs.md) +- [AutoscaleEvaluationsLog](./tables/autoscaleevaluationslog.md) +- [AutoscaleScaleActionsLog](./tables/autoscalescaleactionslog.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureAttestationDiagnostics](./tables/azureattestationdiagnostics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureLoadTestingOperation](./tables/azureloadtestingoperation.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [BlockchainApplicationLog](./tables/blockchainapplicationlog.md) +- [BlockchainProxyLog](./tables/blockchainproxylog.md) +- [CCFApplicationLogs](./tables/ccfapplicationlogs.md) +- [CDBCassandraRequests](./tables/cdbcassandrarequests.md) +- [CDBControlPlaneRequests](./tables/cdbcontrolplanerequests.md) +- [CDBDataPlaneRequests](./tables/cdbdataplanerequests.md) +- [CDBGremlinRequests](./tables/cdbgremlinrequests.md) +- [CDBMongoRequests](./tables/cdbmongorequests.md) +- [CDBPartitionKeyRUConsumption](./tables/cdbpartitionkeyruconsumption.md) +- [CDBPartitionKeyStatistics](./tables/cdbpartitionkeystatistics.md) +- [CDBQueryRuntimeStatistics](./tables/cdbqueryruntimestatistics.md) +- [CDBTableApiRequests](./tables/cdbtableapirequests.md) +- [CHSMManagementAuditLogs](./tables/chsmmanagementauditlogs.md) +- [CHSMServiceOperationAuditLogs](./tables/chsmserviceoperationauditlogs.md) +- [CIEventsAudit](./tables/cieventsaudit.md) +- [CIEventsOperational](./tables/cieventsoperational.md) +- [ChaosStudioExperimentEventLogs](./tables/chaosstudioexperimenteventlogs.md) +- [ContainerAppConsoleLogs](./tables/containerappconsolelogs.md) +- [ContainerAppSystemLogs](./tables/containerappsystemlogs.md) +- [ContainerEvent](./tables/containerevent.md) +- [ContainerInstanceLog](./tables/containerinstancelog.md) +- [CoreAzureBackup](./tables/coreazurebackup.md) +- [DCRLogErrors](./tables/dcrlogerrors.md) +- [DNSQueryLogs](./tables/dnsquerylogs.md) +- [DSMAzureBlobStorageLogs](./tables/dsmazureblobstoragelogs.md) +- [DSMDataClassificationLogs](./tables/dsmdataclassificationlogs.md) +- [DSMDataLabelingLogs](./tables/dsmdatalabelinglogs.md) +- [DataTransferOperations](./tables/datatransferoperations.md) +- [DatabricksAccounts](./tables/databricksaccounts.md) +- [DatabricksBrickStoreHttpGateway](./tables/databricksbrickstorehttpgateway.md) +- [DatabricksCloudStorageMetadata](./tables/databrickscloudstoragemetadata.md) +- [DatabricksClusters](./tables/databricksclusters.md) +- [DatabricksDBFS](./tables/databricksdbfs.md) +- [DatabricksDashboards](./tables/databricksdashboards.md) +- [DatabricksDataMonitoring](./tables/databricksdatamonitoring.md) +- [DatabricksDatabricksSQL](./tables/databricksdatabrickssql.md) +- [DatabricksFeatureStore](./tables/databricksfeaturestore.md) +- [DatabricksFilesystem](./tables/databricksfilesystem.md) +- [DatabricksGenie](./tables/databricksgenie.md) +- [DatabricksGitCredentials](./tables/databricksgitcredentials.md) +- [DatabricksGlobalInitScripts](./tables/databricksglobalinitscripts.md) +- [DatabricksIAMRole](./tables/databricksiamrole.md) +- [DatabricksIngestion](./tables/databricksingestion.md) +- [DatabricksInstancePools](./tables/databricksinstancepools.md) +- [DatabricksJobs](./tables/databricksjobs.md) +- [DatabricksLineageTracking](./tables/databrickslineagetracking.md) +- [DatabricksMLflowAcledArtifact](./tables/databricksmlflowacledartifact.md) +- [DatabricksMLflowExperiment](./tables/databricksmlflowexperiment.md) +- [DatabricksMarketplaceConsumer](./tables/databricksmarketplaceconsumer.md) +- [DatabricksNotebook](./tables/databricksnotebook.md) +- [DatabricksPredictiveOptimization](./tables/databrickspredictiveoptimization.md) +- [DatabricksRemoteHistoryService](./tables/databricksremotehistoryservice.md) +- [DatabricksSQLPermissions](./tables/databrickssqlpermissions.md) +- [DatabricksSSH](./tables/databricksssh.md) +- [DatabricksSecrets](./tables/databrickssecrets.md) +- [DatabricksWebTerminal](./tables/databrickswebterminal.md) +- [DatabricksWorkspace](./tables/databricksworkspace.md) +- [DevCenterBillingEventLogs](./tables/devcenterbillingeventlogs.md) +- [DevCenterDiagnosticLogs](./tables/devcenterdiagnosticlogs.md) +- [DevCenterResourceOperationLogs](./tables/devcenterresourceoperationlogs.md) +- [EGNFailedHttpDataPlaneOperations](./tables/egnfailedhttpdataplaneoperations.md) +- [EGNFailedMqttConnections](./tables/egnfailedmqttconnections.md) +- [EGNFailedMqttPublishedMessages](./tables/egnfailedmqttpublishedmessages.md) +- [EGNFailedMqttSubscriptions](./tables/egnfailedmqttsubscriptions.md) +- [EGNMqttDisconnections](./tables/egnmqttdisconnections.md) +- [EGNSuccessfulHttpDataPlaneOperations](./tables/egnsuccessfulhttpdataplaneoperations.md) +- [EGNSuccessfulMqttConnections](./tables/egnsuccessfulmqttconnections.md) +- [FailedIngestion](./tables/failedingestion.md) +- [FunctionAppLogs](./tables/functionapplogs.md) +- [HDInsightAmbariClusterAlerts](./tables/hdinsightambariclusteralerts.md) +- [HDInsightAmbariSystemMetrics](./tables/hdinsightambarisystemmetrics.md) +- [HDInsightGatewayAuditLogs](./tables/hdinsightgatewayauditlogs.md) +- [HDInsightHBaseLogs](./tables/hdinsighthbaselogs.md) +- [HDInsightHBaseMetrics](./tables/hdinsighthbasemetrics.md) +- [HDInsightHadoopAndYarnLogs](./tables/hdinsighthadoopandyarnlogs.md) +- [HDInsightHadoopAndYarnMetrics](./tables/hdinsighthadoopandyarnmetrics.md) +- [HDInsightHiveAndLLAPLogs](./tables/hdinsighthiveandllaplogs.md) +- [HDInsightHiveAndLLAPMetrics](./tables/hdinsighthiveandllapmetrics.md) +- [HDInsightHiveQueryAppStats](./tables/hdinsighthivequeryappstats.md) +- [HDInsightHiveTezAppStats](./tables/hdinsighthivetezappstats.md) +- [HDInsightJupyterNotebookEvents](./tables/hdinsightjupyternotebookevents.md) +- [HDInsightKafkaLogs](./tables/hdinsightkafkalogs.md) +- [HDInsightKafkaMetrics](./tables/hdinsightkafkametrics.md) +- [HDInsightOozieLogs](./tables/hdinsightoozielogs.md) +- [HDInsightRangerAuditLogs](./tables/hdinsightrangerauditlogs.md) +- [HDInsightSecurityLogs](./tables/hdinsightsecuritylogs.md) +- [HDInsightSparkApplicationEvents](./tables/hdinsightsparkapplicationevents.md) +- [HDInsightSparkBlockManagerEvents](./tables/hdinsightsparkblockmanagerevents.md) +- [HDInsightSparkEnvironmentEvents](./tables/hdinsightsparkenvironmentevents.md) +- [HDInsightSparkExecutorEvents](./tables/hdinsightsparkexecutorevents.md) +- [HDInsightSparkExtraEvents](./tables/hdinsightsparkextraevents.md) +- [HDInsightSparkJobEvents](./tables/hdinsightsparkjobevents.md) +- [HDInsightSparkLogs](./tables/hdinsightsparklogs.md) +- [HDInsightSparkSQLExecutionEvents](./tables/hdinsightsparksqlexecutionevents.md) +- [HDInsightSparkStageEvents](./tables/hdinsightsparkstageevents.md) +- [HDInsightSparkStageTaskAccumulables](./tables/hdinsightsparkstagetaskaccumulables.md) +- [HDInsightSparkTaskEvents](./tables/hdinsightsparktaskevents.md) +- [HDInsightStormLogs](./tables/hdinsightstormlogs.md) +- [HDInsightStormMetrics](./tables/hdinsightstormmetrics.md) +- [HDInsightStormTopologyMetrics](./tables/hdinsightstormtopologymetrics.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [IoTHubDistributedTracing](./tables/iothubdistributedtracing.md) +- [LASummaryLogs](./tables/lasummarylogs.md) +- [LogicAppWorkflowRuntime](./tables/logicappworkflowruntime.md) +- [MCCEventLogs](./tables/mcceventlogs.md) +- [MCVPAuditLogs](./tables/mcvpauditlogs.md) +- [MCVPOperationLogs](./tables/mcvpoperationlogs.md) +- [MicrosoftAzureBastionAuditLogs](./tables/microsoftazurebastionauditlogs.md) +- [MicrosoftDataShareReceivedSnapshotLog](./tables/microsoftdatasharereceivedsnapshotlog.md) +- [MicrosoftDataShareSentSnapshotLog](./tables/microsoftdatasharesentsnapshotlog.md) +- [MicrosoftHealthcareApisAuditLogs](./tables/microsofthealthcareapisauditlogs.md) +- [NCBMBreakGlassAuditLogs](./tables/ncbmbreakglassauditlogs.md) +- [NCBMSecurityDefenderLogs](./tables/ncbmsecuritydefenderlogs.md) +- [NCBMSecurityLogs](./tables/ncbmsecuritylogs.md) +- [NCBMSystemLogs](./tables/ncbmsystemlogs.md) +- [NCCKubernetesLogs](./tables/ncckuberneteslogs.md) +- [NCCVMOrchestrationLogs](./tables/nccvmorchestrationlogs.md) +- [NCMClusterOperationsLogs](./tables/ncmclusteroperationslogs.md) +- [NCSStorageAlerts](./tables/ncsstoragealerts.md) +- [NCSStorageAudits](./tables/ncsstorageaudits.md) +- [NCSStorageLogs](./tables/ncsstoragelogs.md) +- [NGXOperationLogs](./tables/ngxoperationlogs.md) +- [NGXSecurityLogs](./tables/ngxsecuritylogs.md) +- [NSPAccessLogs](./tables/nspaccesslogs.md) +- [OEPAirFlowTask](./tables/oepairflowtask.md) +- [OEPAuditLogs](./tables/oepauditlogs.md) +- [OEPDataplaneLogs](./tables/oepdataplanelogs.md) +- [OEPElasticOperator](./tables/oepelasticoperator.md) +- [OEPElasticsearch](./tables/oepelasticsearch.md) +- [OLPSupplyChainEntityOperations](./tables/olpsupplychainentityoperations.md) +- [OLPSupplyChainEvents](./tables/olpsupplychainevents.md) +- [PFTitleAuditLogs](./tables/pftitleauditlogs.md) +- [PowerBIDatasetsTenant](./tables/powerbidatasetstenant.md) +- [PowerBIDatasetsWorkspace](./tables/powerbidatasetsworkspace.md) +- [PurviewDataSensitivityLogs](./tables/purviewdatasensitivitylogs.md) +- [PurviewScanStatusLogs](./tables/purviewscanstatuslogs.md) +- [PurviewSecurityLogs](./tables/purviewsecuritylogs.md) +- [REDConnectionEvents](./tables/redconnectionevents.md) +- [ResourceManagementPublicAccessLogs](./tables/resourcemanagementpublicaccesslogs.md) +- [SQLSecurityAuditEvents](./tables/sqlsecurityauditevents.md) +- [ServiceFabricOperationalEvent](./tables/servicefabricoperationalevent.md) +- [ServiceFabricReliableActorEvent](./tables/servicefabricreliableactorevent.md) +- [ServiceFabricReliableServiceEvent](./tables/servicefabricreliableserviceevent.md) +- [SignalRServiceDiagnosticLogs](./tables/signalrservicediagnosticlogs.md) +- [SigninLogs](./tables/signinlogs.md) +- [StorageBlobLogs](./tables/storagebloblogs.md) +- [StorageCacheOperationEvents](./tables/storagecacheoperationevents.md) +- [StorageCacheUpgradeEvents](./tables/storagecacheupgradeevents.md) +- [StorageCacheWarningEvents](./tables/storagecachewarningevents.md) +- [StorageFileLogs](./tables/storagefilelogs.md) +- [StorageMalwareScanningResults](./tables/storagemalwarescanningresults.md) +- [StorageMoverCopyLogsFailed](./tables/storagemovercopylogsfailed.md) +- [StorageMoverCopyLogsTransferred](./tables/storagemovercopylogstransferred.md) +- [StorageMoverJobRunLogs](./tables/storagemoverjobrunlogs.md) +- [StorageQueueLogs](./tables/storagequeuelogs.md) +- [StorageTableLogs](./tables/storagetablelogs.md) +- [SucceededIngestion](./tables/succeededingestion.md) +- [SynapseBigDataPoolApplicationsEnded](./tables/synapsebigdatapoolapplicationsended.md) +- [SynapseBuiltinSqlPoolRequestsEnded](./tables/synapsebuiltinsqlpoolrequestsended.md) +- [SynapseDXCommand](./tables/synapsedxcommand.md) +- [SynapseDXFailedIngestion](./tables/synapsedxfailedingestion.md) +- [SynapseDXIngestionBatching](./tables/synapsedxingestionbatching.md) +- [SynapseDXQuery](./tables/synapsedxquery.md) +- [SynapseDXSucceededIngestion](./tables/synapsedxsucceededingestion.md) +- [SynapseDXTableDetails](./tables/synapsedxtabledetails.md) +- [SynapseDXTableUsageStatistics](./tables/synapsedxtableusagestatistics.md) +- [SynapseGatewayApiRequests](./tables/synapsegatewayapirequests.md) +- [SynapseIntegrationActivityRuns](./tables/synapseintegrationactivityruns.md) +- [SynapseIntegrationPipelineRuns](./tables/synapseintegrationpipelineruns.md) +- [SynapseIntegrationTriggerRuns](./tables/synapseintegrationtriggerruns.md) +- [SynapseLinkEvent](./tables/synapselinkevent.md) +- [SynapseRbacOperations](./tables/synapserbacoperations.md) +- [SynapseScopePoolScopeJobsEnded](./tables/synapsescopepoolscopejobsended.md) +- [SynapseScopePoolScopeJobsStateChange](./tables/synapsescopepoolscopejobsstatechange.md) +- [SynapseSqlPoolDmsWorkers](./tables/synapsesqlpooldmsworkers.md) +- [SynapseSqlPoolExecRequests](./tables/synapsesqlpoolexecrequests.md) +- [SynapseSqlPoolRequestSteps](./tables/synapsesqlpoolrequeststeps.md) +- [SynapseSqlPoolSqlRequests](./tables/synapsesqlpoolsqlrequests.md) +- [SynapseSqlPoolWaits](./tables/synapsesqlpoolwaits.md) +- [TSIIngress](./tables/tsiingress.md) +- [VIIndexing](./tables/viindexing.md) +- [WebPubSubConnectivity](./tables/webpubsubconnectivity.md) +- [WebPubSubHttpRequest](./tables/webpubsubhttprequest.md) +- [WebPubSubMessaging](./tables/webpubsubmessaging.md) + + +### Azure Virtual Desktop +- [WVDAutoscaleEvaluationPooled](./tables/wvdautoscaleevaluationpooled.md) +- [WVDCheckpoints](./tables/wvdcheckpoints.md) +- [WVDConnectionGraphicsDataPreview](./tables/wvdconnectiongraphicsdatapreview.md) +- [WVDConnectionNetworkData](./tables/wvdconnectionnetworkdata.md) +- [WVDConnections](./tables/wvdconnections.md) +- [WVDErrors](./tables/wvderrors.md) +- [WVDFeeds](./tables/wvdfeeds.md) +- [WVDHostRegistrations](./tables/wvdhostregistrations.md) +- [WVDManagement](./tables/wvdmanagement.md) +- [WVDSessionHostManagement](./tables/wvdsessionhostmanagement.md) + + +### Containers +- [AKSAudit](./tables/aksaudit.md) +- [AKSAuditAdmin](./tables/aksauditadmin.md) +- [AKSControlPlane](./tables/akscontrolplane.md) +- [ArcK8sAudit](./tables/arck8saudit.md) +- [ArcK8sAuditAdmin](./tables/arck8sauditadmin.md) +- [ArcK8sControlPlane](./tables/arck8scontrolplane.md) +- [ContainerImageInventory](./tables/containerimageinventory.md) +- [ContainerInventory](./tables/containerinventory.md) +- [ContainerLog](./tables/containerlog.md) +- [ContainerLogV2](./tables/containerlogv2.md) +- [ContainerNodeInventory](./tables/containernodeinventory.md) +- [ContainerRegistryLoginEvents](./tables/containerregistryloginevents.md) +- [ContainerRegistryRepositoryEvents](./tables/containerregistryrepositoryevents.md) +- [ContainerServiceLog](./tables/containerservicelog.md) +- [Heartbeat](./tables/heartbeat.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [KubeEvents](./tables/kubeevents.md) +- [KubeMonAgentEvents](./tables/kubemonagentevents.md) +- [KubeNodeInventory](./tables/kubenodeinventory.md) +- [KubePVInventory](./tables/kubepvinventory.md) +- [KubePodInventory](./tables/kubepodinventory.md) +- [KubeServices](./tables/kubeservices.md) +- [Perf](./tables/perf.md) + + +### Desktop Analytics +- [DHAppReliability](./tables/dhappreliability.md) +- [DHDriverReliability](./tables/dhdriverreliability.md) +- [DHLogonFailures](./tables/dhlogonfailures.md) +- [DHLogonMetrics](./tables/dhlogonmetrics.md) +- [DHOSCrashData](./tables/dhoscrashdata.md) +- [DHOSReliability](./tables/dhosreliability.md) +- [DHWipAppLearning](./tables/dhwipapplearning.md) +- [MAApplication](./tables/maapplication.md) +- [MAApplicationHealth](./tables/maapplicationhealth.md) +- [MAApplicationHealthAlternativeVersions](./tables/maapplicationhealthalternativeversions.md) +- [MAApplicationHealthIssues](./tables/maapplicationhealthissues.md) +- [MAApplicationInstance](./tables/maapplicationinstance.md) +- [MAApplicationInstanceReadiness](./tables/maapplicationinstancereadiness.md) +- [MAApplicationReadiness](./tables/maapplicationreadiness.md) +- [MADeploymentPlan](./tables/madeploymentplan.md) +- [MADevice](./tables/madevice.md) +- [MADeviceNRT](./tables/madevicenrt.md) +- [MADeviceNotEnrolled](./tables/madevicenotenrolled.md) +- [MADeviceReadiness](./tables/madevicereadiness.md) +- [MADriverInstanceReadiness](./tables/madriverinstancereadiness.md) +- [MADriverReadiness](./tables/madriverreadiness.md) +- [MAOfficeAddin](./tables/maofficeaddin.md) +- [MAOfficeAddinInstance](./tables/maofficeaddininstance.md) +- [MAOfficeAddinReadiness](./tables/maofficeaddinreadiness.md) +- [MAOfficeAppInstance](./tables/maofficeappinstance.md) +- [MAOfficeAppReadiness](./tables/maofficeappreadiness.md) +- [MAOfficeBuildInfo](./tables/maofficebuildinfo.md) +- [MAOfficeCurrencyAssessment](./tables/maofficecurrencyassessment.md) +- [MAOfficeSuiteInstance](./tables/maofficesuiteinstance.md) +- [MAProposedPilotDevices](./tables/maproposedpilotdevices.md) +- [MAWindowsBuildInfo](./tables/mawindowsbuildinfo.md) +- [MAWindowsCurrencyAssessment](./tables/mawindowscurrencyassessment.md) +- [MAWindowsCurrencyAssessmentDailyCounts](./tables/mawindowscurrencyassessmentdailycounts.md) +- [MAWindowsDeploymentStatus](./tables/mawindowsdeploymentstatus.md) +- [MAWindowsDeploymentStatusNRT](./tables/mawindowsdeploymentstatusnrt.md) +- [UAApp](./tables/uaapp.md) +- [UAComputer](./tables/uacomputer.md) +- [UAComputerRank](./tables/uacomputerrank.md) +- [UADriver](./tables/uadriver.md) +- [UADriverProblemCodes](./tables/uadriverproblemcodes.md) +- [UAFeedback](./tables/uafeedback.md) +- [UAIESiteDiscovery](./tables/uaiesitediscovery.md) +- [UAOfficeAddIn](./tables/uaofficeaddin.md) +- [UAProposedActionPlan](./tables/uaproposedactionplan.md) +- [UASysReqIssue](./tables/uasysreqissue.md) +- [UAUpgradedComputer](./tables/uaupgradedcomputer.md) +- [UCDOAggregatedStatus](./tables/ucdoaggregatedstatus.md) +- [UCDOStatus](./tables/ucdostatus.md) +- [WDAVStatus](./tables/wdavstatus.md) +- [WDAVThreat](./tables/wdavthreat.md) +- [WUDOAggregatedStatus](./tables/wudoaggregatedstatus.md) +- [WUDOStatus](./tables/wudostatus.md) +- [WaaSDeploymentStatus](./tables/waasdeploymentstatus.md) +- [WaaSInsiderStatus](./tables/waasinsiderstatus.md) +- [WaaSUpdateStatus](./tables/waasupdatestatus.md) + + +### IT & Management Tools +- [AddonAzureBackupAlerts](./tables/addonazurebackupalerts.md) +- [AddonAzureBackupJobs](./tables/addonazurebackupjobs.md) +- [AddonAzureBackupPolicy](./tables/addonazurebackuppolicy.md) +- [AddonAzureBackupProtectedInstance](./tables/addonazurebackupprotectedinstance.md) +- [AddonAzureBackupStorage](./tables/addonazurebackupstorage.md) +- [ComputerGroup](./tables/computergroup.md) +- [ConfigurationChange](./tables/configurationchange.md) +- [ConfigurationData](./tables/configurationdata.md) +- [CoreAzureBackup](./tables/coreazurebackup.md) +- [EnrichedMicrosoft365AuditLogs](./tables/enrichedmicrosoft365auditlogs.md) +- [Heartbeat](./tables/heartbeat.md) +- [IntuneAuditLogs](./tables/intuneauditlogs.md) +- [IntuneDeviceComplianceOrg](./tables/intunedevicecomplianceorg.md) +- [IntuneDevices](./tables/intunedevices.md) +- [IntuneOperationalLogs](./tables/intuneoperationallogs.md) +- [NetworkAccessAlerts](./tables/networkaccessalerts.md) +- [NetworkAccessTraffic](./tables/networkaccesstraffic.md) +- [RemoteNetworkHealthLogs](./tables/remotenetworkhealthlogs.md) +- [Update](./tables/update.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) +- [W3CIISLog](./tables/w3ciislog.md) + + +### Network +- [AGWAccessLogs](./tables/agwaccesslogs.md) +- [AGWFirewallLogs](./tables/agwfirewalllogs.md) +- [AGWPerformanceLogs](./tables/agwperformancelogs.md) +- [AVNMConnectivityConfigurationChange](./tables/avnmconnectivityconfigurationchange.md) +- [AVNMIPAMPoolAllocationChange](./tables/avnmipampoolallocationchange.md) +- [AVNMNetworkGroupMembershipChange](./tables/avnmnetworkgroupmembershipchange.md) +- [AVNMRuleCollectionChange](./tables/avnmrulecollectionchange.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [DnsEvents](./tables/dnsevents.md) +- [DnsInventory](./tables/dnsinventory.md) +- [EnrichedMicrosoft365AuditLogs](./tables/enrichedmicrosoft365auditlogs.md) +- [MNFDeviceUpdates](./tables/mnfdeviceupdates.md) +- [MNFSystemSessionHistoryUpdates](./tables/mnfsystemsessionhistoryupdates.md) +- [MNFSystemStateMessageUpdates](./tables/mnfsystemstatemessageupdates.md) +- [NSPAccessLogs](./tables/nspaccesslogs.md) +- [NTAInsights](./tables/ntainsights.md) +- [NTAIpDetails](./tables/ntaipdetails.md) +- [NTANetAnalytics](./tables/ntanetanalytics.md) +- [NTATopologyDetails](./tables/ntatopologydetails.md) +- [NWConnectionMonitorDNSResult](./tables/nwconnectionmonitordnsresult.md) +- [NWConnectionMonitorPathResult](./tables/nwconnectionmonitorpathresult.md) +- [NWConnectionMonitorTestResult](./tables/nwconnectionmonitortestresult.md) +- [NetworkAccessAlerts](./tables/networkaccessalerts.md) +- [NetworkAccessTraffic](./tables/networkaccesstraffic.md) +- [NetworkMonitoring](./tables/networkmonitoring.md) +- [RemoteNetworkHealthLogs](./tables/remotenetworkhealthlogs.md) + + +### Security +- [AADB2CRequestLogs](./tables/aadb2crequestlogs.md) +- [AADCustomSecurityAttributeAuditLogs](./tables/aadcustomsecurityattributeauditlogs.md) +- [AADDomainServicesAccountLogon](./tables/aaddomainservicesaccountlogon.md) +- [AADDomainServicesAccountManagement](./tables/aaddomainservicesaccountmanagement.md) +- [AADDomainServicesDirectoryServiceAccess](./tables/aaddomainservicesdirectoryserviceaccess.md) +- [AADDomainServicesLogonLogoff](./tables/aaddomainserviceslogonlogoff.md) +- [AADDomainServicesPolicyChange](./tables/aaddomainservicespolicychange.md) +- [AADDomainServicesPrivilegeUse](./tables/aaddomainservicesprivilegeuse.md) +- [AADManagedIdentitySignInLogs](./tables/aadmanagedidentitysigninlogs.md) +- [AADNonInteractiveUserSignInLogs](./tables/aadnoninteractiveusersigninlogs.md) +- [AADProvisioningLogs](./tables/aadprovisioninglogs.md) +- [AADRiskyServicePrincipals](./tables/aadriskyserviceprincipals.md) +- [AADRiskyUsers](./tables/aadriskyusers.md) +- [AADServicePrincipalRiskEvents](./tables/aadserviceprincipalriskevents.md) +- [AADServicePrincipalSignInLogs](./tables/aadserviceprincipalsigninlogs.md) +- [AADUserRiskEvents](./tables/aaduserriskevents.md) +- [ADFSSignInLogs](./tables/adfssigninlogs.md) +- [AWSCloudTrail](./tables/awscloudtrail.md) +- [AWSCloudWatch](./tables/awscloudwatch.md) +- [AWSGuardDuty](./tables/awsguardduty.md) +- [AWSVPCFlow](./tables/awsvpcflow.md) +- [AWSWAF](./tables/awswaf.md) +- [AZFWApplicationRule](./tables/azfwapplicationrule.md) +- [AZFWApplicationRuleAggregation](./tables/azfwapplicationruleaggregation.md) +- [AZFWDnsQuery](./tables/azfwdnsquery.md) +- [AZFWFatFlow](./tables/azfwfatflow.md) +- [AZFWIdpsSignature](./tables/azfwidpssignature.md) +- [AZFWInternalFqdnResolutionFailure](./tables/azfwinternalfqdnresolutionfailure.md) +- [AZFWNatRule](./tables/azfwnatrule.md) +- [AZFWNatRuleAggregation](./tables/azfwnatruleaggregation.md) +- [AZFWNetworkRule](./tables/azfwnetworkrule.md) +- [AZFWNetworkRuleAggregation](./tables/azfwnetworkruleaggregation.md) +- [AZFWThreatIntel](./tables/azfwthreatintel.md) +- [AlertEvidence](./tables/alertevidence.md) +- [AlertInfo](./tables/alertinfo.md) +- [Anomalies](./tables/anomalies.md) +- [AppServiceServerlessSecurityPluginData](./tables/appserviceserverlesssecurityplugindata.md) +- [AuditLogs](./tables/auditlogs.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [BehaviorAnalytics](./tables/behavioranalytics.md) +- [CloudAppEvents](./tables/cloudappevents.md) +- [CommonSecurityLog](./tables/commonsecuritylog.md) +- [ConfidentialWatchlist](./tables/confidentialwatchlist.md) +- [DSMAzureBlobStorageLogs](./tables/dsmazureblobstoragelogs.md) +- [DSMDataClassificationLogs](./tables/dsmdataclassificationlogs.md) +- [DSMDataLabelingLogs](./tables/dsmdatalabelinglogs.md) +- [DataverseActivity](./tables/dataverseactivity.md) +- [DeviceEvents](./tables/deviceevents.md) +- [DeviceFileCertificateInfo](./tables/devicefilecertificateinfo.md) +- [DeviceFileEvents](./tables/devicefileevents.md) +- [DeviceImageLoadEvents](./tables/deviceimageloadevents.md) +- [DeviceInfo](./tables/deviceinfo.md) +- [DeviceLogonEvents](./tables/devicelogonevents.md) +- [DeviceNetworkEvents](./tables/devicenetworkevents.md) +- [DeviceNetworkInfo](./tables/devicenetworkinfo.md) +- [DeviceProcessEvents](./tables/deviceprocessevents.md) +- [DeviceRegistryEvents](./tables/deviceregistryevents.md) +- [DeviceTvmSecureConfigurationAssessment](./tables/devicetvmsecureconfigurationassessment.md) +- [DeviceTvmSecureConfigurationAssessmentKB](./tables/devicetvmsecureconfigurationassessmentkb.md) +- [DeviceTvmSoftwareInventory](./tables/devicetvmsoftwareinventory.md) +- [DeviceTvmSoftwareVulnerabilities](./tables/devicetvmsoftwarevulnerabilities.md) +- [DeviceTvmSoftwareVulnerabilitiesKB](./tables/devicetvmsoftwarevulnerabilitieskb.md) +- [DynamicEventCollection](./tables/dynamiceventcollection.md) +- [EmailAttachmentInfo](./tables/emailattachmentinfo.md) +- [EmailEvents](./tables/emailevents.md) +- [EmailPostDeliveryEvents](./tables/emailpostdeliveryevents.md) +- [EmailUrlInfo](./tables/emailurlinfo.md) +- [EnrichedMicrosoft365AuditLogs](./tables/enrichedmicrosoft365auditlogs.md) +- [GCPAuditLogs](./tables/gcpauditlogs.md) +- [GoogleCloudSCC](./tables/googlecloudscc.md) +- [HDInsightSecurityLogs](./tables/hdinsightsecuritylogs.md) +- [HuntingBookmark](./tables/huntingbookmark.md) +- [IdentityDirectoryEvents](./tables/identitydirectoryevents.md) +- [IdentityLogonEvents](./tables/identitylogonevents.md) +- [IdentityQueryEvents](./tables/identityqueryevents.md) +- [LinuxAuditLog](./tables/linuxauditlog.md) +- [MDCDetectionDNSEvents](./tables/mdcdetectiondnsevents.md) +- [MDCDetectionFimEvents](./tables/mdcdetectionfimevents.md) +- [MDCFileIntegrityMonitoringEvents](./tables/mdcfileintegritymonitoringevents.md) +- [MDECustomCollectionDeviceFileEvents](./tables/mdecustomcollectiondevicefileevents.md) +- [McasShadowItReporting](./tables/mcasshadowitreporting.md) +- [MicrosoftGraphActivityLogs](./tables/microsoftgraphactivitylogs.md) +- [MicrosoftPurviewInformationProtection](./tables/microsoftpurviewinformationprotection.md) +- [NCBMBreakGlassAuditLogs](./tables/ncbmbreakglassauditlogs.md) +- [NCBMSecurityDefenderLogs](./tables/ncbmsecuritydefenderlogs.md) +- [NCBMSecurityLogs](./tables/ncbmsecuritylogs.md) +- [NSPAccessLogs](./tables/nspaccesslogs.md) +- [NetworkAccessAlerts](./tables/networkaccessalerts.md) +- [NetworkAccessTraffic](./tables/networkaccesstraffic.md) +- [NetworkSessions](./tables/networksessions.md) +- [OfficeActivity](./tables/officeactivity.md) +- [PowerAppsActivity](./tables/powerappsactivity.md) +- [PowerAutomateActivity](./tables/powerautomateactivity.md) +- [PowerBIActivity](./tables/powerbiactivity.md) +- [PowerPlatformAdminActivity](./tables/powerplatformadminactivity.md) +- [PowerPlatformConnectorActivity](./tables/powerplatformconnectoractivity.md) +- [PowerPlatformDlpActivity](./tables/powerplatformdlpactivity.md) +- [ProjectActivity](./tables/projectactivity.md) +- [ProtectionStatus](./tables/protectionstatus.md) +- [PurviewDataSensitivityLogs](./tables/purviewdatasensitivitylogs.md) +- [RemoteNetworkHealthLogs](./tables/remotenetworkhealthlogs.md) +- [SecurityAttackPathData](./tables/securityattackpathdata.md) +- [SecurityBaseline](./tables/securitybaseline.md) +- [SecurityBaselineSummary](./tables/securitybaselinesummary.md) +- [SecurityDetection](./tables/securitydetection.md) +- [SecurityEvent](./tables/securityevent.md) +- [SecurityIoTRawEvent](./tables/securityiotrawevent.md) +- [SecurityRecommendation](./tables/securityrecommendation.md) +- [SentinelAudit](./tables/sentinelaudit.md) +- [SentinelHealth](./tables/sentinelhealth.md) +- [SigninLogs](./tables/signinlogs.md) +- [StorageMalwareScanningResults](./tables/storagemalwarescanningresults.md) +- [Syslog](./tables/syslog.md) +- [ThreatIntelligenceIndicator](./tables/threatintelligenceindicator.md) +- [Update](./tables/update.md) +- [UrlClickEvents](./tables/urlclickevents.md) +- [UserAccessAnalytics](./tables/useraccessanalytics.md) +- [UserPeerAnalytics](./tables/userpeeranalytics.md) +- [Watchlist](./tables/watchlist.md) +- [WindowsEvent](./tables/windowsevent.md) +- [WindowsFirewall](./tables/windowsfirewall.md) +- [WireData](./tables/wiredata.md) + + +### Virtual Machines +- [AutoscaleEvaluationsLog](./tables/autoscaleevaluationslog.md) +- [AutoscaleScaleActionsLog](./tables/autoscalescaleactionslog.md) +- [ComputerGroup](./tables/computergroup.md) +- [ETWEvent](./tables/etwevent.md) +- [Event](./tables/event.md) +- [Heartbeat](./tables/heartbeat.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [Perf](./tables/perf.md) +- [Syslog](./tables/syslog.md) +- [UpdateSummary](./tables/updatesummary.md) +- [VMBoundPort](./tables/vmboundport.md) +- [VMComputer](./tables/vmcomputer.md) +- [VMConnection](./tables/vmconnection.md) +- [VMProcess](./tables/vmprocess.md) +- [W3CIISLog](./tables/w3ciislog.md) +- [WVDAgentHealthStatus](./tables/wvdagenthealthstatus.md) +- [WireData](./tables/wiredata.md) + + +### Workloads +- [ADAssessmentRecommendation](./tables/adassessmentrecommendation.md) +- [ADReplicationResult](./tables/adreplicationresult.md) +- [ADSecurityAssessmentRecommendation](./tables/adsecurityassessmentrecommendation.md) +- [AzureAssessmentRecommendation](./tables/azureassessmentrecommendation.md) +- [DeviceAppCrash](./tables/deviceappcrash.md) +- [DeviceAppLaunch](./tables/deviceapplaunch.md) +- [DeviceCalendar](./tables/devicecalendar.md) +- [DeviceCleanup](./tables/devicecleanup.md) +- [DeviceConnectSession](./tables/deviceconnectsession.md) +- [DeviceEtw](./tables/deviceetw.md) +- [DeviceHardwareHealth](./tables/devicehardwarehealth.md) +- [DeviceHealth](./tables/devicehealth.md) +- [DeviceHeartbeat](./tables/deviceheartbeat.md) +- [DeviceSkypeHeartbeat](./tables/deviceskypeheartbeat.md) +- [DeviceSkypeSignIn](./tables/deviceskypesignin.md) +- [ExchangeAssessmentRecommendation](./tables/exchangeassessmentrecommendation.md) +- [ExchangeOnlineAssessmentRecommendation](./tables/exchangeonlineassessmentrecommendation.md) +- [MicrosoftDynamicsTelemetryPerformanceLogs](./tables/microsoftdynamicstelemetryperformancelogs.md) +- [MicrosoftDynamicsTelemetrySystemMetricsLogs](./tables/microsoftdynamicstelemetrysystemmetricslogs.md) +- [SCCMAssessmentRecommendation](./tables/sccmassessmentrecommendation.md) +- [SCOMAssessmentRecommendation](./tables/scomassessmentrecommendation.md) +- [SPAssessmentRecommendation](./tables/spassessmentrecommendation.md) +- [SQLAssessmentRecommendation](./tables/sqlassessmentrecommendation.md) +- [SfBAssessmentRecommendation](./tables/sfbassessmentrecommendation.md) +- [SfBOnlineAssessmentRecommendation](./tables/sfbonlineassessmentrecommendation.md) +- [SharePointOnlineAssessmentRecommendation](./tables/sharepointonlineassessmentrecommendation.md) +- [SqlVulnerabilityAssessmentResult](./tables/sqlvulnerabilityassessmentresult.md) +- [WindowsClientAssessmentRecommendation](./tables/windowsclientassessmentrecommendation.md) +- [WindowsServerAssessmentRecommendation](./tables/windowsserverassessmentrecommendation.md) +- [WorkloadDiagnosticLogs](./tables/workloaddiagnosticlogs.md) +- [WorkloadMonitoringPerf](./tables/workloadmonitoringperf.md) diff --git a/articles/azure-monitor/reference/tables-index.md b/articles/azure-monitor/reference/tables-index.md new file mode 100644 index 0000000000..453ebd951d --- /dev/null +++ b/articles/azure-monitor/reference/tables-index.md @@ -0,0 +1,1641 @@ +--- +title: Azure Monitor Resource log / log analytics tables +description: Field definitions for Azure Monitor resource log / log analytics tables. +author: EdB-MSFT +ms.topic: reference +ms.service: azure-monitor +ms.date: 09/16/2024 +ms.author: edbaynash +ms.reviewer: lualderm + +--- + +# Azure Monitor Resource log / log analytics tables + +[Azure Monitor resource logs](/azure/azure-monitor/essentials/platform-logs-overview) are logs emitted by Azure services that describe the operation of those services or resources. All resource logs available through Azure Monitor share a common top-level schema. Each service has the flexibility to emit unique properties for its own events. When exported to a [Log Analytics workspace](/azure/azure-monitor/logs/log-analytics-workspace-overview) the logs are stored in tables. This set of articles contains field definitions for the log analytics tables. The table definitions are also available in the Log Analytics workspace. + +## Resource log / log analytics tables + + +### Analysis Services + +microsoft.analysisservices/servers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### API Management services + +Microsoft.ApiManagement/service + +- [APIMDevPortalAuditDiagnosticLog](./tables/apimdevportalauditdiagnosticlog.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [ApiManagementGatewayLogs](./tables/apimanagementgatewaylogs.md) +- [ApiManagementWebSocketConnectionLogs](./tables/apimanagementwebsocketconnectionlogs.md) + +### App Services + +Microsoft.Web/sites + +- [AzureActivity](./tables/azureactivity.md) +- [LogicAppWorkflowRuntime](./tables/logicappworkflowruntime.md) +- [AppServiceAuthenticationLogs](./tables/appserviceauthenticationlogs.md) +- [AppServiceServerlessSecurityPluginData](./tables/appserviceserverlesssecurityplugindata.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AppServiceAppLogs](./tables/appserviceapplogs.md) +- [AppServiceAuditLogs](./tables/appserviceauditlogs.md) +- [AppServiceConsoleLogs](./tables/appserviceconsolelogs.md) +- [AppServiceFileAuditLogs](./tables/appservicefileauditlogs.md) +- [AppServiceHTTPLogs](./tables/appservicehttplogs.md) +- [FunctionAppLogs](./tables/functionapplogs.md) +- [AppServicePlatformLogs](./tables/appserviceplatformlogs.md) +- [AppServiceIPSecAuditLogs](./tables/appserviceipsecauditlogs.md) + +### Application Gateway for Containers + +Microsoft.ServiceNetworking/TrafficControllers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AGCAccessLogs](./tables/agcaccesslogs.md) + +### Application Gateways + +Microsoft.Network/applicationGateways + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AGWAccessLogs](./tables/agwaccesslogs.md) +- [AGWPerformanceLogs](./tables/agwperformancelogs.md) +- [AGWFirewallLogs](./tables/agwfirewalllogs.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Application Insights + +microsoft.insights/components + +- [AzureActivity](./tables/azureactivity.md) +- [AppAvailabilityResults](./tables/appavailabilityresults.md) +- [AppBrowserTimings](./tables/appbrowsertimings.md) +- [AppDependencies](./tables/appdependencies.md) +- [AppEvents](./tables/appevents.md) +- [AppMetrics](./tables/appmetrics.md) +- [AppPageViews](./tables/apppageviews.md) +- [AppPerformanceCounters](./tables/appperformancecounters.md) +- [AppRequests](./tables/apprequests.md) +- [AppSystemEvents](./tables/appsystemevents.md) +- [AppTraces](./tables/apptraces.md) +- [AppExceptions](./tables/appexceptions.md) + +### Automation account + +Microsoft.Automation/AutomationAccounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [Heartbeat](./tables/heartbeat.md) +- [Update](./tables/update.md) +- [UpdateSummary](./tables/updatesummary.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) + +### AVS Private Cloud + +microsoft.avs/privateClouds + +- [AVSSyslog](./tables/avssyslog.md) + +### Azure Active Directory Logs + +microsoft.aadiam/tenants + +- [AADB2CRequestLogs](./tables/aadb2crequestlogs.md) + +### Azure AD Domain Services + +Microsoft.AAD/domainServices + +- [AzureActivity](./tables/azureactivity.md) +- [AADDomainServicesDNSAuditsDynamicUpdates](./tables/aaddomainservicesdnsauditsdynamicupdates.md) +- [AADDomainServicesDNSAuditsGeneral](./tables/aaddomainservicesdnsauditsgeneral.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AADDomainServicesAccountLogon](./tables/aaddomainservicesaccountlogon.md) +- [AADDomainServicesAccountManagement](./tables/aaddomainservicesaccountmanagement.md) +- [AADDomainServicesDirectoryServiceAccess](./tables/aaddomainservicesdirectoryserviceaccess.md) +- [AADDomainServicesLogonLogoff](./tables/aaddomainserviceslogonlogoff.md) +- [AADDomainServicesPolicyChange](./tables/aaddomainservicespolicychange.md) +- [AADDomainServicesPrivilegeUse](./tables/aaddomainservicesprivilegeuse.md) + +### Azure API for FHIR + +Microsoft.HealthcareApis/services + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [MicrosoftHealthcareApisAuditLogs](./tables/microsofthealthcareapisauditlogs.md) + +### Azure Arc Enabled Kubernetes + +Microsoft.Kubernetes/connectedClusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ContainerImageInventory](./tables/containerimageinventory.md) +- [ContainerInventory](./tables/containerinventory.md) +- [ContainerLog](./tables/containerlog.md) +- [ContainerLogV2](./tables/containerlogv2.md) +- [ContainerNodeInventory](./tables/containernodeinventory.md) +- [ContainerServiceLog](./tables/containerservicelog.md) +- [Heartbeat](./tables/heartbeat.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [KubeEvents](./tables/kubeevents.md) +- [KubeMonAgentEvents](./tables/kubemonagentevents.md) +- [KubeNodeInventory](./tables/kubenodeinventory.md) +- [KubePodInventory](./tables/kubepodinventory.md) +- [KubePVInventory](./tables/kubepvinventory.md) +- [KubeServices](./tables/kubeservices.md) +- [Perf](./tables/perf.md) +- [Syslog](./tables/syslog.md) +- [ArcK8sAudit](./tables/arck8saudit.md) +- [ArcK8sAuditAdmin](./tables/arck8sauditadmin.md) +- [ArcK8sControlPlane](./tables/arck8scontrolplane.md) + +### Azure Arc Provisioned Clusters + +Microsoft.HybridContainerservice/Provisionedclusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ContainerImageInventory](./tables/containerimageinventory.md) +- [ContainerInventory](./tables/containerinventory.md) +- [ContainerLog](./tables/containerlog.md) +- [ContainerLogV2](./tables/containerlogv2.md) +- [ContainerNodeInventory](./tables/containernodeinventory.md) +- [ContainerServiceLog](./tables/containerservicelog.md) +- [KubeEvents](./tables/kubeevents.md) +- [KubeNodeInventory](./tables/kubenodeinventory.md) +- [KubePodInventory](./tables/kubepodinventory.md) +- [KubePVInventory](./tables/kubepvinventory.md) +- [KubeServices](./tables/kubeservices.md) +- [KubeMonAgentEvents](./tables/kubemonagentevents.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [Perf](./tables/perf.md) +- [Syslog](./tables/syslog.md) +- [Heartbeat](./tables/heartbeat.md) + +### Azure Attestation + +Microsoft.Attestation/attestationProviders + +- [AzureActivity](./tables/azureactivity.md) +- [AzureAttestationDiagnostics](./tables/azureattestationdiagnostics.md) + +### Azure Autonomous Development Platform workspace + +Microsoft.AutonomousDevelopmentPlatform/workspaces + +- [AzureActivity](./tables/azureactivity.md) +- [ADPRequests](./tables/adprequests.md) +- [ADPAudit](./tables/adpaudit.md) +- [ADPDiagnostics](./tables/adpdiagnostics.md) + +### Azure Blockchain Service + +Microsoft.Blockchain/blockchainMembers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [BlockchainApplicationLog](./tables/blockchainapplicationlog.md) +- [BlockchainProxyLog](./tables/blockchainproxylog.md) + +### Azure Cache for Redis + +microsoft.cache/redis + +- [ACRConnectedClientList](./tables/acrconnectedclientlist.md) +- [ACREntraAuthenticationAuditLog](./tables/acrentraauthenticationauditlog.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### Azure Cache for Redis Enterprise + +Microsoft.Cache/redisEnterprise + +- [REDConnectionEvents](./tables/redconnectionevents.md) + +### Azure CloudHsm + +Microsoft.HardwareSecurityModules/cloudHsmClusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [CHSMManagementAuditLogs](./tables/chsmmanagementauditlogs.md) +- [CHSMServiceOperationAuditLogs](./tables/chsmserviceoperationauditlogs.md) + +### Azure Cosmos DB + +Microsoft.DocumentDb/databaseAccounts + +- [AzureActivity](./tables/azureactivity.md) +- [CDBDataPlaneRequests](./tables/cdbdataplanerequests.md) +- [CDBPartitionKeyStatistics](./tables/cdbpartitionkeystatistics.md) +- [CDBPartitionKeyRUConsumption](./tables/cdbpartitionkeyruconsumption.md) +- [CDBQueryRuntimeStatistics](./tables/cdbqueryruntimestatistics.md) +- [CDBMongoRequests](./tables/cdbmongorequests.md) +- [CDBCassandraRequests](./tables/cdbcassandrarequests.md) +- [CDBGremlinRequests](./tables/cdbgremlinrequests.md) +- [CDBTableApiRequests](./tables/cdbtableapirequests.md) +- [CDBControlPlaneRequests](./tables/cdbcontrolplanerequests.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Azure Cosmos DB for MongoDB (vCore) + +Microsoft.DocumentDB/mongoClusters + +- [VCoreMongoRequests](./tables/vcoremongorequests.md) + +### Azure Cosmos DB for PostgreSQL + +Microsoft.DBForPostgreSQL/servergroupsv2 + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### Azure Data Explorer Clusters + +Microsoft.Kusto/Clusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [FailedIngestion](./tables/failedingestion.md) +- [SucceededIngestion](./tables/succeededingestion.md) +- [ADXIngestionBatching](./tables/adxingestionbatching.md) +- [ADXCommand](./tables/adxcommand.md) +- [ADXQuery](./tables/adxquery.md) +- [ADXTableUsageStatistics](./tables/adxtableusagestatistics.md) +- [ADXTableDetails](./tables/adxtabledetails.md) +- [ADXJournal](./tables/adxjournal.md) + +### Azure Data Manager for Energy + +Microsoft.OpenEnergyPlatform/energyServices + +- [OEPAirFlowTask](./tables/oepairflowtask.md) +- [OEPElasticOperator](./tables/oepelasticoperator.md) +- [OEPElasticsearch](./tables/oepelasticsearch.md) +- [OEPAuditLogs](./tables/oepauditlogs.md) +- [OEPDataplaneLogs](./tables/oepdataplanelogs.md) + +### Azure Data Transfer + +Microsoft.AzureDataTransfer/connections + +- [DataTransferOperations](./tables/datatransferoperations.md) + +### Azure Database for MariaDB Servers + +Microsoft.DBforMariaDB/servers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Azure Database for MySQL Flexible Servers + +Microsoft.DBForMySQL/flexibleServers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### Azure Database for MySQL Servers + +Microsoft.DBforMySQL/servers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Azure Database for PostgreSQL Flexible Servers + +Microsoft.DBForPostgreSQL/flexibleServers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### Azure Database for PostgreSQL Servers + +Microsoft.DBforPostgreSQL/servers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Azure Database for PostgreSQL Servers V2 + +Microsoft.DBforPostgreSQL/serversv2 + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Azure Databricks Services + +Microsoft.Databricks/workspaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [DatabricksBrickStoreHttpGateway](./tables/databricksbrickstorehttpgateway.md) +- [DatabricksDashboards](./tables/databricksdashboards.md) +- [DatabricksCloudStorageMetadata](./tables/databrickscloudstoragemetadata.md) +- [DatabricksPredictiveOptimization](./tables/databrickspredictiveoptimization.md) +- [DatabricksDataMonitoring](./tables/databricksdatamonitoring.md) +- [DatabricksIngestion](./tables/databricksingestion.md) +- [DatabricksMarketplaceConsumer](./tables/databricksmarketplaceconsumer.md) +- [DatabricksLineageTracking](./tables/databrickslineagetracking.md) +- [DatabricksFilesystem](./tables/databricksfilesystem.md) +- [DatabricksAccounts](./tables/databricksaccounts.md) +- [DatabricksClusters](./tables/databricksclusters.md) +- [DatabricksDBFS](./tables/databricksdbfs.md) +- [DatabricksInstancePools](./tables/databricksinstancepools.md) +- [DatabricksJobs](./tables/databricksjobs.md) +- [DatabricksNotebook](./tables/databricksnotebook.md) +- [DatabricksSQL](./tables/databrickssql.md) +- [DatabricksSQLPermissions](./tables/databrickssqlpermissions.md) +- [DatabricksSSH](./tables/databricksssh.md) +- [DatabricksSecrets](./tables/databrickssecrets.md) +- [DatabricksWorkspace](./tables/databricksworkspace.md) +- [DatabricksFeatureStore](./tables/databricksfeaturestore.md) +- [DatabricksGenie](./tables/databricksgenie.md) +- [DatabricksGlobalInitScripts](./tables/databricksglobalinitscripts.md) +- [DatabricksIAMRole](./tables/databricksiamrole.md) +- [DatabricksMLflowAcledArtifact](./tables/databricksmlflowacledartifact.md) +- [DatabricksMLflowExperiment](./tables/databricksmlflowexperiment.md) +- [DatabricksRemoteHistoryService](./tables/databricksremotehistoryservice.md) +- [DatabricksGitCredentials](./tables/databricksgitcredentials.md) +- [DatabricksWebTerminal](./tables/databrickswebterminal.md) +- [DatabricksDatabricksSQL](./tables/databricksdatabrickssql.md) + +### Azure Digital Twins + +Microsoft.DigitalTwins/digitalTwinsInstances + +- [AzureActivity](./tables/azureactivity.md) +- [ADTDataHistoryOperation](./tables/adtdatahistoryoperation.md) +- [ADTDigitalTwinsOperation](./tables/adtdigitaltwinsoperation.md) +- [ADTEventRoutesOperation](./tables/adteventroutesoperation.md) +- [ADTModelsOperation](./tables/adtmodelsoperation.md) +- [ADTQueryOperation](./tables/adtqueryoperation.md) + +### Azure Health Data Services de-identification service + +Microsoft.HealthDataAIServices/deidServices + +- [AHDSDeidAuditLogs](./tables/ahdsdeidauditlogs.md) + +### Azure HPC Cache + +Microsoft.StorageCache/caches + +- [StorageCacheOperationEvents](./tables/storagecacheoperationevents.md) +- [StorageCacheUpgradeEvents](./tables/storagecacheupgradeevents.md) +- [StorageCacheWarningEvents](./tables/storagecachewarningevents.md) + +### Azure Load Testing + +Microsoft.LoadTestService/loadtests + +- [AzureActivity](./tables/azureactivity.md) +- [AzureLoadTestingOperation](./tables/azureloadtestingoperation.md) + +### Azure Managed CCF + +Microsoft.ConfidentialLedger/ManagedCCFs + +- [CCFApplicationLogs](./tables/ccfapplicationlogs.md) + +### Azure Managed Instance for Apache Cassandra + +Microsoft.DocumentDB/cassandraClusters + +- [AzureActivity](./tables/azureactivity.md) +- [CassandraAudit](./tables/cassandraaudit.md) +- [CassandraLogs](./tables/cassandralogs.md) + +### Azure Managed Lustre + +Microsoft.StorageCache/amlFilesytems + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AFSAuditLogs](./tables/afsauditlogs.md) + +### Azure Managed Workspace for Grafana + +Microsoft.Dashboard/grafana + +- [AzureActivity](./tables/azureactivity.md) +- [AGSGrafanaLoginEvents](./tables/agsgrafanaloginevents.md) + +### Azure Monitor autoscale settings + +Microsoft.Insights/AutoscaleSettings + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AutoscaleEvaluationsLog](./tables/autoscaleevaluationslog.md) +- [AutoscaleScaleActionsLog](./tables/autoscalescaleactionslog.md) + +### Azure Monitor Workspace + +Microsoft.Monitor/accounts + +- [AMWMetricsUsageDetails](./tables/amwmetricsusagedetails.md) + +### Azure Operator Insights - Data Product + +Microsoft.NetworkAnalytics/DataProducts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AOIDigestion](./tables/aoidigestion.md) +- [AOIDatabaseQuery](./tables/aoidatabasequery.md) +- [AOIStorage](./tables/aoistorage.md) + +### Azure PlayFab + +Microsoft.PlayFab/titles + +- [PFTitleAuditLogs](./tables/pftitleauditlogs.md) + +### Azure Sphere + +Microsoft.AzureSphere/catalogs + +- [ASCAuditLogs](./tables/ascauditlogs.md) +- [ASCDeviceEvents](./tables/ascdeviceevents.md) + +### Azure Spring Apps + +Microsoft.AppPlatform/Spring + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AppPlatformLogsforSpring](./tables/appplatformlogsforspring.md) +- [AppPlatformSystemLogs](./tables/appplatformsystemlogs.md) +- [AppPlatformIngressLogs](./tables/appplatformingresslogs.md) +- [AppPlatformBuildLogs](./tables/appplatformbuildlogs.md) +- [AppPlatformContainerEventLogs](./tables/appplatformcontainereventlogs.md) + +### Azure Stack HCI + +Microsoft.AzureStackHCI/VirtualMachines + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ADAssessmentRecommendation](./tables/adassessmentrecommendation.md) +- [ADReplicationResult](./tables/adreplicationresult.md) +- [ComputerGroup](./tables/computergroup.md) +- [ContainerLog](./tables/containerlog.md) +- [DnsEvents](./tables/dnsevents.md) +- [DnsInventory](./tables/dnsinventory.md) +- [SecurityBaselineSummary](./tables/securitybaselinesummary.md) +- [SQLAssessmentRecommendation](./tables/sqlassessmentrecommendation.md) +- [ConfigurationChange](./tables/configurationchange.md) +- [ConfigurationData](./tables/configurationdata.md) +- [Event](./tables/event.md) +- [Heartbeat](./tables/heartbeat.md) +- [Perf](./tables/perf.md) +- [ProtectionStatus](./tables/protectionstatus.md) +- [SecurityBaseline](./tables/securitybaseline.md) +- [SecurityEvent](./tables/securityevent.md) +- [Syslog](./tables/syslog.md) +- [Update](./tables/update.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) +- [UpdateSummary](./tables/updatesummary.md) +- [VMBoundPort](./tables/vmboundport.md) +- [VMConnection](./tables/vmconnection.md) +- [VMComputer](./tables/vmcomputer.md) +- [VMProcess](./tables/vmprocess.md) +- [W3CIISLog](./tables/w3ciislog.md) +- [WindowsFirewall](./tables/windowsfirewall.md) +- [WireData](./tables/wiredata.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [HealthStateChangeEvent](./tables/healthstatechangeevent.md) +- [CommonSecurityLog](./tables/commonsecuritylog.md) + +### Azure Stack HCI + +Microsoft.AzureStackHCI/clusters + +- [Perf](./tables/perf.md) +- [Event](./tables/event.md) + +### Azure Storage Mover + +Microsoft.StorageMover/storageMovers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [StorageMoverCopyLogsFailed](./tables/storagemovercopylogsfailed.md) +- [StorageMoverCopyLogsTransferred](./tables/storagemovercopylogstransferred.md) +- [StorageMoverJobRunLogs](./tables/storagemoverjobrunlogs.md) + +### Azure Traffic Collector + +Microsoft.NetworkFunction/AzureTrafficCollectors + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ATCExpressRouteCircuitIpfix](./tables/atcexpressroutecircuitipfix.md) +- [ATCPrivatePeeringMetadata](./tables/atcprivatepeeringmetadata.md) + +### Azure Virtual Network Manager + +Microsoft.Network/networkManagers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AVNMNetworkGroupMembershipChange](./tables/avnmnetworkgroupmembershipchange.md) +- [AVNMRuleCollectionChange](./tables/avnmrulecollectionchange.md) +- [AVNMConnectivityConfigurationChange](./tables/avnmconnectivityconfigurationchange.md) +- [AVNMIPAMPoolAllocationChange](./tables/avnmipampoolallocationchange.md) + +### Bastions + +Microsoft.Network/bastionHosts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [MicrosoftAzureBastionAuditLogs](./tables/microsoftazurebastionauditlogs.md) + +### Batch Accounts + +microsoft.batch/batchaccounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Bot Services + +Microsoft.BotService/botServices + +- [AzureActivity](./tables/azureactivity.md) +- [ABSBotRequests](./tables/absbotrequests.md) + +### CDN Profiles + +Microsoft.Cdn/profiles + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Chaos Experiment + +Microsoft.Chaos/experiments + +- [AzureActivity](./tables/azureactivity.md) +- [ChaosStudioExperimentEventLogs](./tables/chaosstudioexperimenteventlogs.md) + +### Cognitive Services + +microsoft.cognitiveservices/accounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Communication Services + +Microsoft.Communication/CommunicationServices + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ACSChatIncomingOperations](./tables/acschatincomingoperations.md) +- [ACSSMSIncomingOperations](./tables/acssmsincomingoperations.md) +- [ACSAuthIncomingOperations](./tables/acsauthincomingoperations.md) +- [ACSBillingUsage](./tables/acsbillingusage.md) +- [ACSCallDiagnostics](./tables/acscalldiagnostics.md) +- [ACSCallSurvey](./tables/acscallsurvey.md) +- [ACSCallClientOperations](./tables/acscallclientoperations.md) +- [ACSCallClientMediaStatsTimeSeries](./tables/acscallclientmediastatstimeseries.md) +- [ACSCallSummary](./tables/acscallsummary.md) +- [ACSEmailSendMailOperational](./tables/acsemailsendmailoperational.md) +- [ACSEmailStatusUpdateOperational](./tables/acsemailstatusupdateoperational.md) +- [ACSEmailUserEngagementOperational](./tables/acsemailuserengagementoperational.md) +- [ACSCallRecordingIncomingOperations](./tables/acscallrecordingincomingoperations.md) +- [ACSCallRecordingSummary](./tables/acscallrecordingsummary.md) +- [ACSCallClosedCaptionsSummary](./tables/acscallclosedcaptionssummary.md) +- [ACSJobRouterIncomingOperations](./tables/acsjobrouterincomingoperations.md) +- [ACSRoomsIncomingOperations](./tables/acsroomsincomingoperations.md) +- [ACSCallAutomationIncomingOperations](./tables/acscallautomationincomingoperations.md) +- [ACSCallAutomationMediaSummary](./tables/acscallautomationmediasummary.md) +- [ACSAdvancedMessagingOperations](./tables/acsadvancedmessagingoperations.md) + +### Container Apps + +Microsoft.App/managedEnvironments + +- [AzureActivity](./tables/azureactivity.md) +- [ContainerAppConsoleLogs](./tables/containerappconsolelogs.md) +- [ContainerAppSystemLogs](./tables/containerappsystemlogs.md) +- [AppEnvSpringAppConsoleLogs](./tables/appenvspringappconsolelogs.md) + +### Container Registries + +Microsoft.ContainerRegistry/registries + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ContainerRegistryLoginEvents](./tables/containerregistryloginevents.md) +- [ContainerRegistryRepositoryEvents](./tables/containerregistryrepositoryevents.md) + +### Data Collection Rules + +Microsoft.Insights/datacollectionrules + +- [DCRLogErrors](./tables/dcrlogerrors.md) + +### Data factories + +Microsoft.DataFactory/factories + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [ADFActivityRun](./tables/adfactivityrun.md) +- [ADFPipelineRun](./tables/adfpipelinerun.md) +- [ADFTriggerRun](./tables/adftriggerrun.md) +- [ADFSandboxActivityRun](./tables/adfsandboxactivityrun.md) +- [ADFSandboxPipelineRun](./tables/adfsandboxpipelinerun.md) +- [ADFSSISIntegrationRuntimeLogs](./tables/adfssisintegrationruntimelogs.md) +- [ADFSSISPackageEventMessageContext](./tables/adfssispackageeventmessagecontext.md) +- [ADFSSISPackageEventMessages](./tables/adfssispackageeventmessages.md) +- [ADFSSISPackageExecutableStatistics](./tables/adfssispackageexecutablestatistics.md) +- [ADFSSISPackageExecutionComponentPhases](./tables/adfssispackageexecutioncomponentphases.md) +- [ADFSSISPackageExecutionDataStatistics](./tables/adfssispackageexecutiondatastatistics.md) + +### Data Lake Analytics + +Microsoft.DataLakeAnalytics/accounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Data Lake Storage Gen1 + +Microsoft.DataLakeStore/accounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Data Share + +Microsoft.DataShare/accounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [MicrosoftDataShareSentSnapshotLog](./tables/microsoftdatasharesentsnapshotlog.md) +- [MicrosoftDataShareReceivedSnapshotLog](./tables/microsoftdatasharereceivedsnapshotlog.md) + +### Defender for Storage Settings + +Microsoft.Security/DefenderForStorageSettings + +- [StorageMalwareScanningResults](./tables/storagemalwarescanningresults.md) + +### Desktop Virtualization Application Groups + +Microsoft.DesktopVirtualization/applicationGroups + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [WVDErrors](./tables/wvderrors.md) +- [WVDCheckpoints](./tables/wvdcheckpoints.md) +- [WVDManagement](./tables/wvdmanagement.md) + +### Desktop Virtualization Host Pools + +Microsoft.DesktopVirtualization/hostPools + +- [WVDAgentHealthStatus](./tables/wvdagenthealthstatus.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [WVDConnections](./tables/wvdconnections.md) +- [WVDErrors](./tables/wvderrors.md) +- [WVDCheckpoints](./tables/wvdcheckpoints.md) +- [WVDManagement](./tables/wvdmanagement.md) +- [WVDHostRegistrations](./tables/wvdhostregistrations.md) +- [WVDConnectionNetworkData](./tables/wvdconnectionnetworkdata.md) +- [WVDSessionHostManagement](./tables/wvdsessionhostmanagement.md) +- [WVDAutoscaleEvaluationPooled](./tables/wvdautoscaleevaluationpooled.md) +- [WVDConnectionGraphicsDataPreview](./tables/wvdconnectiongraphicsdatapreview.md) + +### Desktop Virtualization workspaces + +Microsoft.DesktopVirtualization/workspaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [WVDFeeds](./tables/wvdfeeds.md) +- [WVDErrors](./tables/wvderrors.md) +- [WVDCheckpoints](./tables/wvdcheckpoints.md) +- [WVDManagement](./tables/wvdmanagement.md) + +### Dev Centers + +Microsoft.DevCenter/devcenters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [DevCenterDiagnosticLogs](./tables/devcenterdiagnosticlogs.md) +- [DevCenterResourceOperationLogs](./tables/devcenterresourceoperationlogs.md) +- [DevCenterBillingEventLogs](./tables/devcenterbillingeventlogs.md) + +### Device Provisioning Services + +Microsoft.Devices/ProvisioningServices + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### DNS Resolver Policies + +Microsoft.Network/dnsResolverPolicies + +- [AzureActivity](./tables/azureactivity.md) +- [DNSQueryLogs](./tables/dnsquerylogs.md) + +### Dynamics 365 Customer Insights + +Microsoft.D365CustomerInsights/instances + +- [AzureActivity](./tables/azureactivity.md) +- [CIEventsAudit](./tables/cieventsaudit.md) +- [CIEventsOperational](./tables/cieventsoperational.md) + +### Event Grid Domains + +Microsoft.EventGrid/domains + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AegDeliveryFailureLogs](./tables/aegdeliveryfailurelogs.md) +- [AegPublishFailureLogs](./tables/aegpublishfailurelogs.md) +- [AegDataPlaneRequests](./tables/aegdataplanerequests.md) + +### Event Grid Namespaces + +Microsoft.EventGrid/namespaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [EGNSuccessfulMqttConnections](./tables/egnsuccessfulmqttconnections.md) +- [EGNFailedMqttConnections](./tables/egnfailedmqttconnections.md) +- [EGNMqttDisconnections](./tables/egnmqttdisconnections.md) +- [EGNFailedMqttPublishedMessages](./tables/egnfailedmqttpublishedmessages.md) +- [EGNFailedMqttSubscriptions](./tables/egnfailedmqttsubscriptions.md) +- [EGNSuccessfulHttpDataPlaneOperations](./tables/egnsuccessfulhttpdataplaneoperations.md) +- [EGNFailedHttpDataPlaneOperations](./tables/egnfailedhttpdataplaneoperations.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Event Grid Partner Namespaces + +Microsoft.EventGrid/partnerNamespaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AegPublishFailureLogs](./tables/aegpublishfailurelogs.md) +- [AegDataPlaneRequests](./tables/aegdataplanerequests.md) + +### Event Grid Partner Topics + +Microsoft.EventGrid/partnerTopics + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AegDeliveryFailureLogs](./tables/aegdeliveryfailurelogs.md) + +### Event Grid System Topics + +Microsoft.EventGrid/systemTopics + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AegDeliveryFailureLogs](./tables/aegdeliveryfailurelogs.md) + +### Event Grid Topics + +Microsoft.EventGrid/topics + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AegDataPlaneRequests](./tables/aegdataplanerequests.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AegDeliveryFailureLogs](./tables/aegdeliveryfailurelogs.md) +- [AegPublishFailureLogs](./tables/aegpublishfailurelogs.md) + +### Event Hubs + +Microsoft.EventHub/namespaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AZMSApplicationMetricLogs](./tables/azmsapplicationmetriclogs.md) +- [AZMSOperationalLogs](./tables/azmsoperationallogs.md) +- [AZMSRunTimeAuditLogs](./tables/azmsruntimeauditlogs.md) +- [AZMSDiagnosticErrorLogs](./tables/azmsdiagnosticerrorlogs.md) +- [AZMSVnetConnectionEvents](./tables/azmsvnetconnectionevents.md) +- [AZMSArchiveLogs](./tables/azmsarchivelogs.md) +- [AZMSAutoscaleLogs](./tables/azmsautoscalelogs.md) +- [AZMSKafkaCoordinatorLogs](./tables/azmskafkacoordinatorlogs.md) +- [AZMSKafkaUserErrorLogs](./tables/azmskafkausererrorlogs.md) +- [AZMSCustomerManagedKeyUserLogs](./tables/azmscustomermanagedkeyuserlogs.md) + +### Experiment Workspace + +Microsoft.Experimentation/experimentWorkspaces + +- [AzureActivity](./tables/azureactivity.md) +- [AEWAuditLogs](./tables/aewauditlogs.md) +- [AEWComputePipelinesLogs](./tables/aewcomputepipelineslogs.md) +- [AEWAssignmentBlobLogs](./tables/aewassignmentbloblogs.md) + +### ExpressRoute Circuits + +Microsoft.Network/expressRouteCircuits + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Firewalls + +Microsoft.Network/azureFirewalls + +- [AZFWNetworkRule](./tables/azfwnetworkrule.md) +- [AZFWFatFlow](./tables/azfwfatflow.md) +- [AZFWFlowTrace](./tables/azfwflowtrace.md) +- [AZFWApplicationRule](./tables/azfwapplicationrule.md) +- [AZFWThreatIntel](./tables/azfwthreatintel.md) +- [AZFWNatRule](./tables/azfwnatrule.md) +- [AZFWIdpsSignature](./tables/azfwidpssignature.md) +- [AZFWDnsQuery](./tables/azfwdnsquery.md) +- [AZFWInternalFqdnResolutionFailure](./tables/azfwinternalfqdnresolutionfailure.md) +- [AZFWNetworkRuleAggregation](./tables/azfwnetworkruleaggregation.md) +- [AZFWApplicationRuleAggregation](./tables/azfwapplicationruleaggregation.md) +- [AZFWNatRuleAggregation](./tables/azfwnatruleaggregation.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Front Doors + +Microsoft.Network/frontdoors + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### HDInsight Clusters + +Microsoft.HDInsight/Clusters + +- [AzureActivity](./tables/azureactivity.md) +- [HDInsightKafkaLogs](./tables/hdinsightkafkalogs.md) +- [HDInsightKafkaMetrics](./tables/hdinsightkafkametrics.md) +- [HDInsightHBaseLogs](./tables/hdinsighthbaselogs.md) +- [HDInsightHBaseMetrics](./tables/hdinsighthbasemetrics.md) +- [HDInsightStormLogs](./tables/hdinsightstormlogs.md) +- [HDInsightStormMetrics](./tables/hdinsightstormmetrics.md) +- [HDInsightStormTopologyMetrics](./tables/hdinsightstormtopologymetrics.md) +- [HDInsightGatewayAuditLogs](./tables/hdinsightgatewayauditlogs.md) +- [HDInsightAmbariSystemMetrics](./tables/hdinsightambarisystemmetrics.md) +- [HDInsightAmbariClusterAlerts](./tables/hdinsightambariclusteralerts.md) +- [HDInsightSparkApplicationEvents](./tables/hdinsightsparkapplicationevents.md) +- [HDInsightSparkBlockManagerEvents](./tables/hdinsightsparkblockmanagerevents.md) +- [HDInsightSparkEnvironmentEvents](./tables/hdinsightsparkenvironmentevents.md) +- [HDInsightJupyterNotebookEvents](./tables/hdinsightjupyternotebookevents.md) +- [HDInsightSparkExecutorEvents](./tables/hdinsightsparkexecutorevents.md) +- [HDInsightSparkExtraEvents](./tables/hdinsightsparkextraevents.md) +- [HDInsightSparkJobEvents](./tables/hdinsightsparkjobevents.md) +- [HDInsightSparkSQLExecutionEvents](./tables/hdinsightsparksqlexecutionevents.md) +- [HDInsightSparkStageEvents](./tables/hdinsightsparkstageevents.md) +- [HDInsightSparkStageTaskAccumulables](./tables/hdinsightsparkstagetaskaccumulables.md) +- [HDInsightSparkTaskEvents](./tables/hdinsightsparktaskevents.md) +- [HDInsightSparkLogs](./tables/hdinsightsparklogs.md) +- [HDInsightSecurityLogs](./tables/hdinsightsecuritylogs.md) +- [HDInsightRangerAuditLogs](./tables/hdinsightrangerauditlogs.md) +- [HDInsightHiveAndLLAPLogs](./tables/hdinsighthiveandllaplogs.md) +- [HDInsightHiveAndLLAPMetrics](./tables/hdinsighthiveandllapmetrics.md) +- [HDInsightHadoopAndYarnLogs](./tables/hdinsighthadoopandyarnlogs.md) +- [HDInsightHadoopAndYarnMetrics](./tables/hdinsighthadoopandyarnmetrics.md) +- [HDInsightOozieLogs](./tables/hdinsightoozielogs.md) +- [HDInsightHiveQueryAppStats](./tables/hdinsighthivequeryappstats.md) +- [HDInsightHiveTezAppStats](./tables/hdinsighthivetezappstats.md) + +### Health Data Services + +Microsoft.HealthcareApis/workspaces + +- [AHDSMedTechDiagnosticLogs](./tables/ahdsmedtechdiagnosticlogs.md) +- [AHDSDicomDiagnosticLogs](./tables/ahdsdicomdiagnosticlogs.md) +- [AHDSDicomAuditLogs](./tables/ahdsdicomauditlogs.md) + +### Integration Account. + +Microsoft.Logic/integrationAccounts + +- [AzureActivity](./tables/azureactivity.md) + +### Intune Specialist Reports. + +microsoft.intune/operations + +- [Windows365AuditLogs](./tables/windows365auditlogs.md) + +### IoT Hub + +Microsoft.Devices/IotHubs + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [IoTHubDistributedTracing](./tables/iothubdistributedtracing.md) +- [InsightsMetrics](./tables/insightsmetrics.md) + +### Key Vaults + +Microsoft.KeyVault/vaults + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AZKVAuditLogs](./tables/azkvauditlogs.md) +- [AZKVPolicyEvaluationDetailsLogs](./tables/azkvpolicyevaluationdetailslogs.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Kubernetes Services + +Microsoft.ContainerService/managedClusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ContainerImageInventory](./tables/containerimageinventory.md) +- [ContainerInventory](./tables/containerinventory.md) +- [ContainerLog](./tables/containerlog.md) +- [ContainerLogV2](./tables/containerlogv2.md) +- [ContainerNodeInventory](./tables/containernodeinventory.md) +- [ContainerServiceLog](./tables/containerservicelog.md) +- [Heartbeat](./tables/heartbeat.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [KubeEvents](./tables/kubeevents.md) +- [KubeMonAgentEvents](./tables/kubemonagentevents.md) +- [KubeNodeInventory](./tables/kubenodeinventory.md) +- [KubePodInventory](./tables/kubepodinventory.md) +- [KubePVInventory](./tables/kubepvinventory.md) +- [KubeServices](./tables/kubeservices.md) +- [Perf](./tables/perf.md) +- [Syslog](./tables/syslog.md) +- [AKSAudit](./tables/aksaudit.md) +- [AKSAuditAdmin](./tables/aksauditadmin.md) +- [AKSControlPlane](./tables/akscontrolplane.md) + +### Load Balancers + +Microsoft.Network/LoadBalancers + +- [ALBHealthEvent](./tables/albhealthevent.md) +- [AzureActivity](./tables/azureactivity.md) + +### Log Analytics workspaces + +Microsoft.OperationalInsights/Workspaces + +- [LAQueryLogs](./tables/laquerylogs.md) +- [LASummaryLogs](./tables/lasummarylogs.md) + +### Logic Apps + +Microsoft.Logic/workflows + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [LogicAppWorkflowRuntime](./tables/logicappworkflowruntime.md) + +### Machine Learning + +Microsoft.MachineLearningServices/workspaces + +- [AzureActivity](./tables/azureactivity.md) +- [AmlOnlineEndpointConsoleLog](./tables/amlonlineendpointconsolelog.md) +- [AmlOnlineEndpointTrafficLog](./tables/amlonlineendpointtrafficlog.md) +- [AmlOnlineEndpointEventLog](./tables/amlonlineendpointeventlog.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AmlComputeClusterEvent](./tables/amlcomputeclusterevent.md) +- [AmlComputeClusterNodeEvent](./tables/amlcomputeclusternodeevent.md) +- [AmlComputeJobEvent](./tables/amlcomputejobevent.md) +- [AmlRunStatusChangedEvent](./tables/amlrunstatuschangedevent.md) +- [AmlComputeCpuGpuUtilization](./tables/amlcomputecpugpuutilization.md) +- [AmlComputeInstanceEvent](./tables/amlcomputeinstanceevent.md) +- [AmlDataLabelEvent](./tables/amldatalabelevent.md) +- [AmlDataSetEvent](./tables/amldatasetevent.md) +- [AmlDataStoreEvent](./tables/amldatastoreevent.md) +- [AmlDeploymentEvent](./tables/amldeploymentevent.md) +- [AmlEnvironmentEvent](./tables/amlenvironmentevent.md) +- [AmlInferencingEvent](./tables/amlinferencingevent.md) +- [AmlModelsEvent](./tables/amlmodelsevent.md) +- [AmlPipelineEvent](./tables/amlpipelineevent.md) +- [AmlRunEvent](./tables/amlrunevent.md) + +### Machine Learning + +Microsoft.MachineLearningServices/registries + +- [AzureActivity](./tables/azureactivity.md) +- [AmlRegistryReadEventsLog](./tables/amlregistryreadeventslog.md) +- [AmlRegistryWriteEventsLog](./tables/amlregistrywriteeventslog.md) + +### Media Services + +Microsoft.Media/mediaservices + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AMSKeyDeliveryRequests](./tables/amskeydeliveryrequests.md) +- [AMSMediaAccountHealth](./tables/amsmediaaccounthealth.md) +- [AMSLiveEventOperations](./tables/amsliveeventoperations.md) +- [AMSStreamingEndpointRequests](./tables/amsstreamingendpointrequests.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Microsoft App Configuration + +Microsoft.AppConfiguration/configurationStores + +- [AzureActivity](./tables/azureactivity.md) +- [AACHttpRequest](./tables/aachttprequest.md) +- [AACAudit](./tables/aacaudit.md) + +### Microsoft Connected Cache + +Microsoft.ConnectedCache/CacheNodes + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [MCCEventLogs](./tables/mcceventlogs.md) + +### Microsoft Connected Vehicle Platform + +Microsoft.ConnectedVehicle/platformAccounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [MCVPOperationLogs](./tables/mcvpoperationlogs.md) +- [MCVPAuditLogs](./tables/mcvpauditlogs.md) + +### Microsoft Container Instances Services + +Microsoft.ContainerInstance/containerGroups + +- [ContainerInstanceLog](./tables/containerinstancelog.md) +- [ContainerEvent](./tables/containerevent.md) + +### Microsoft Defender for Cloud + +Microsoft.Security/Security + +- [SecurityAttackPathData](./tables/securityattackpathdata.md) + +### Microsoft Graph Logs + +Microsoft.Graph/tenants + +- [AzureActivity](./tables/azureactivity.md) +- [SigninLogs](./tables/signinlogs.md) +- [AuditLogs](./tables/auditlogs.md) + +### Microsoft Playwright Testing + +Microsoft.AzurePlaywrightService/accounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### Microsoft.AgFoodPlatform/farmBeats + +Microsoft.AgFoodPlatform/farmBeats + +- [AgriFoodFarmManagementLogs](./tables/agrifoodfarmmanagementlogs.md) +- [AgriFoodWeatherLogs](./tables/agrifoodweatherlogs.md) +- [AgriFoodSatelliteLogs](./tables/agrifoodsatellitelogs.md) +- [AgriFoodFarmOperationLogs](./tables/agrifoodfarmoperationlogs.md) +- [AgriFoodProviderAuthLogs](./tables/agrifoodproviderauthlogs.md) +- [AgriFoodApplicationAuditLogs](./tables/agrifoodapplicationauditlogs.md) +- [AgriFoodModelInferenceLogs](./tables/agrifoodmodelinferencelogs.md) +- [AgriFoodInsightLogs](./tables/agrifoodinsightlogs.md) +- [AgriFoodJobProcessedLogs](./tables/agrifoodjobprocessedlogs.md) +- [AgriFoodSensorManagementLogs](./tables/agrifoodsensormanagementlogs.md) + +### Microsoft.OpenLogisticsPlatform/Workspaces + +Microsoft.OpenLogisticsPlatform/Workspaces + +- [OLPSupplyChainEvents](./tables/olpsupplychainevents.md) +- [OLPSupplyChainEntityOperations](./tables/olpsupplychainentityoperations.md) + +### Microsoft.Purview/accounts + +Microsoft.Purview/accounts + +- [AzureActivity](./tables/azureactivity.md) +- [PurviewScanStatusLogs](./tables/purviewscanstatuslogs.md) +- [PurviewDataSensitivityLogs](./tables/purviewdatasensitivitylogs.md) +- [PurviewSecurityLogs](./tables/purviewsecuritylogs.md) + +### Network Devices (Operator Nexus) + +Microsoft.ManagedNetworkFabric/networkDevices + +- [Azuremetrics](./tables/azuremetrics.md) +- [AzureActivity](./tables/azureactivity.md) +- [MNFDeviceUpdates](./tables/mnfdeviceupdates.md) +- [MNFSystemStateMessageUpdates](./tables/mnfsystemstatemessageupdates.md) +- [MNFSystemSessionHistoryUpdates](./tables/mnfsystemsessionhistoryupdates.md) + +### Network Interfaces + +Microsoft.Network/networkinterfaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Network Security Groups + +Microsoft.Network/NetworkSecurityGroups + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Network Security Perimeters + +Microsoft.Network/NetworkSecurityPerimeters + +- [NSPAccessLogs](./tables/nspaccesslogs.md) + +### Network Watcher - Connection Monitor + +Microsoft.Network/NetworkWatchers/Connectionmonitors + +- [AzureActivity](./tables/azureactivity.md) +- [NWConnectionMonitorTestResult](./tables/nwconnectionmonitortestresult.md) +- [NWConnectionMonitorPathResult](./tables/nwconnectionmonitorpathresult.md) +- [NWConnectionMonitorDNSResult](./tables/nwconnectionmonitordnsresult.md) + +### Nexus BareMetal Machines + +Microsoft.NetworkCloud/bareMetalMachines + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [NCBMSystemLogs](./tables/ncbmsystemlogs.md) +- [NCBMSecurityLogs](./tables/ncbmsecuritylogs.md) +- [NCBMSecurityDefenderLogs](./tables/ncbmsecuritydefenderlogs.md) +- [NCBMBreakGlassAuditLogs](./tables/ncbmbreakglassauditlogs.md) + +### Nexus Cluster Managers + +Microsoft.NetworkCloud/clusterManagers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [NCMClusterOperationsLogs](./tables/ncmclusteroperationslogs.md) + +### Nexus Clusters + +Microsoft.NetworkCloud/clusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [NCCKubernetesLogs](./tables/ncckuberneteslogs.md) +- [NCCVMOrchestrationLogs](./tables/nccvmorchestrationlogs.md) + +### Nexus Storage Appliances + +Microsoft.NetworkCloud/storageAppliances + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [NCSStorageAudits](./tables/ncsstorageaudits.md) +- [NCSStorageAlerts](./tables/ncsstoragealerts.md) +- [NCSStorageLogs](./tables/ncsstoragelogs.md) + +### NGINXaaS + +NGINX.NGINXPLUS/nginxDeployments + +- [NGXOperationLogs](./tables/ngxoperationlogs.md) +- [NGXSecurityLogs](./tables/ngxsecuritylogs.md) + +### Power BI Datasets + +Microsoft.PowerBI/tenants + +- [PowerBIDatasetsTenant](./tables/powerbidatasetstenant.md) + +### Power BI Datasets + +Microsoft.PowerBI/tenants/workspaces + +- [PowerBIDatasetsWorkspace](./tables/powerbidatasetsworkspace.md) + +### Power BI Embedded + +microsoft.powerbidedicated/capacities + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Project CI Workspace + +Microsoft.DataCollaboration/workspaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ACICollaborationAudit](./tables/acicollaborationaudit.md) + +### Public IP Addresses + +Microsoft.Network/PublicIpAddresses + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Recovery Services Vaults + +Microsoft.RecoveryServices/Vaults + +- [AzureActivity](./tables/azureactivity.md) +- [ASRJobs](./tables/asrjobs.md) +- [ASRReplicatedItems](./tables/asrreplicateditems.md) +- [AzureBackupOperations](./tables/azurebackupoperations.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [CoreAzureBackup](./tables/coreazurebackup.md) +- [AddonAzureBackupJobs](./tables/addonazurebackupjobs.md) +- [AddonAzureBackupAlerts](./tables/addonazurebackupalerts.md) +- [AddonAzureBackupPolicy](./tables/addonazurebackuppolicy.md) +- [AddonAzureBackupStorage](./tables/addonazurebackupstorage.md) +- [AddonAzureBackupProtectedInstance](./tables/addonazurebackupprotectedinstance.md) + +### Relay + +Microsoft.Relay/namespaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AZMSVnetConnectionEvents](./tables/azmsvnetconnectionevents.md) +- [AZMSHybridConnectionsEvents](./tables/azmshybridconnectionsevents.md) + +### Search Services + +Microsoft.Search/searchServices + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Service Bus + +Microsoft.ServiceBus/namespaces + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) +- [AZMSOperationalLogs](./tables/azmsoperationallogs.md) +- [AZMSVnetConnectionEvents](./tables/azmsvnetconnectionevents.md) +- [AZMSRunTimeAuditLogs](./tables/azmsruntimeauditlogs.md) +- [AZMSApplicationMetricLogs](./tables/azmsapplicationmetriclogs.md) +- [AZMSDiagnosticErrorLogs](./tables/azmsdiagnosticerrorlogs.md) + +### Service Fabric Clusters + +Microsoft.ServiceFabric/clusters + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### SignalR + +Microsoft.SignalRService/SignalR + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [SignalRServiceDiagnosticLogs](./tables/signalrservicediagnosticlogs.md) + +### SignalR Service WebPubSub + +Microsoft.SignalRService/WebPubSub + +- [AzureActivity](./tables/azureactivity.md) +- [WebPubSubHttpRequest](./tables/webpubsubhttprequest.md) +- [WebPubSubMessaging](./tables/webpubsubmessaging.md) +- [WebPubSubConnectivity](./tables/webpubsubconnectivity.md) + +### SQL Databases + +Microsoft.Sql/servers/databases + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### SQL Managed Instances + +Microsoft.Sql/managedInstances + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### SQL Servers + +microsoft.sql/servers + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Storage Accounts + +Microsoft.Storage/storageAccounts + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [StorageTableLogs](./tables/storagetablelogs.md) +- [StorageQueueLogs](./tables/storagequeuelogs.md) +- [StorageFileLogs](./tables/storagefilelogs.md) +- [StorageBlobLogs](./tables/storagebloblogs.md) + +### Stream Analytics jobs + +microsoft.streamanalytics/streamingjobs + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Synapse Workspaces + +Microsoft.Synapse/workspaces + +- [AzureActivity](./tables/azureactivity.md) +- [SynapseRbacOperations](./tables/synapserbacoperations.md) +- [SynapseGatewayApiRequests](./tables/synapsegatewayapirequests.md) +- [SynapseSqlPoolExecRequests](./tables/synapsesqlpoolexecrequests.md) +- [SynapseSqlPoolRequestSteps](./tables/synapsesqlpoolrequeststeps.md) +- [SynapseSqlPoolDmsWorkers](./tables/synapsesqlpooldmsworkers.md) +- [SynapseSqlPoolWaits](./tables/synapsesqlpoolwaits.md) +- [SynapseSqlPoolSqlRequests](./tables/synapsesqlpoolsqlrequests.md) +- [SynapseIntegrationPipelineRuns](./tables/synapseintegrationpipelineruns.md) +- [SynapseLinkEvent](./tables/synapselinkevent.md) +- [SynapseIntegrationActivityRuns](./tables/synapseintegrationactivityruns.md) +- [SynapseIntegrationTriggerRuns](./tables/synapseintegrationtriggerruns.md) +- [SynapseBigDataPoolApplicationsEnded](./tables/synapsebigdatapoolapplicationsended.md) +- [SynapseBuiltinSqlPoolRequestsEnded](./tables/synapsebuiltinsqlpoolrequestsended.md) +- [SQLSecurityAuditEvents](./tables/sqlsecurityauditevents.md) +- [SynapseScopePoolScopeJobsEnded](./tables/synapsescopepoolscopejobsended.md) +- [SynapseScopePoolScopeJobsStateChange](./tables/synapsescopepoolscopejobsstatechange.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [SynapseDXCommand](./tables/synapsedxcommand.md) +- [SynapseDXFailedIngestion](./tables/synapsedxfailedingestion.md) +- [SynapseDXIngestionBatching](./tables/synapsedxingestionbatching.md) +- [SynapseDXQuery](./tables/synapsedxquery.md) +- [SynapseDXSucceededIngestion](./tables/synapsedxsucceededingestion.md) +- [SynapseDXTableUsageStatistics](./tables/synapsedxtableusagestatistics.md) +- [SynapseDXTableDetails](./tables/synapsedxtabledetails.md) + +### System Center Virtual Machine Manager + +Microsoft.SCVMM/VirtualMachines + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ADAssessmentRecommendation](./tables/adassessmentrecommendation.md) +- [ADReplicationResult](./tables/adreplicationresult.md) +- [ComputerGroup](./tables/computergroup.md) +- [ContainerLog](./tables/containerlog.md) +- [DnsEvents](./tables/dnsevents.md) +- [DnsInventory](./tables/dnsinventory.md) +- [SecurityBaselineSummary](./tables/securitybaselinesummary.md) +- [SQLAssessmentRecommendation](./tables/sqlassessmentrecommendation.md) +- [ConfigurationChange](./tables/configurationchange.md) +- [ConfigurationData](./tables/configurationdata.md) +- [Event](./tables/event.md) +- [Heartbeat](./tables/heartbeat.md) +- [Perf](./tables/perf.md) +- [ProtectionStatus](./tables/protectionstatus.md) +- [SecurityBaseline](./tables/securitybaseline.md) +- [SecurityEvent](./tables/securityevent.md) +- [Syslog](./tables/syslog.md) +- [Update](./tables/update.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) +- [UpdateSummary](./tables/updatesummary.md) +- [VMBoundPort](./tables/vmboundport.md) +- [VMConnection](./tables/vmconnection.md) +- [VMComputer](./tables/vmcomputer.md) +- [VMProcess](./tables/vmprocess.md) +- [W3CIISLog](./tables/w3ciislog.md) +- [WindowsFirewall](./tables/windowsfirewall.md) +- [WireData](./tables/wiredata.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [HealthStateChangeEvent](./tables/healthstatechangeevent.md) +- [CommonSecurityLog](./tables/commonsecuritylog.md) + +### Time Series Insights Environments + +Microsoft.TimeSeriesInsights/environments + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [TSIIngress](./tables/tsiingress.md) + +### Traffic Manager Profiles + +Microsoft.Network/trafficmanagerprofiles + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Video Indexer + +Microsoft.VideoIndexer/accounts + +- [VIAudit](./tables/viaudit.md) +- [VIIndexing](./tables/viindexing.md) + +### Virtual Machine Scale Sets + +Microsoft.Compute/virtualMachineScaleSets + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ConfigurationChange](./tables/configurationchange.md) +- [ConfigurationData](./tables/configurationdata.md) +- [ContainerLog](./tables/containerlog.md) +- [Event](./tables/event.md) +- [Heartbeat](./tables/heartbeat.md) +- [Perf](./tables/perf.md) +- [ProtectionStatus](./tables/protectionstatus.md) +- [SecurityBaseline](./tables/securitybaseline.md) +- [SecurityEvent](./tables/securityevent.md) +- [Syslog](./tables/syslog.md) +- [Update](./tables/update.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) +- [UpdateSummary](./tables/updatesummary.md) +- [VMBoundPort](./tables/vmboundport.md) +- [VMConnection](./tables/vmconnection.md) +- [VMComputer](./tables/vmcomputer.md) +- [VMProcess](./tables/vmprocess.md) +- [W3CIISLog](./tables/w3ciislog.md) +- [WindowsFirewall](./tables/windowsfirewall.md) +- [WireData](./tables/wiredata.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [CommonSecurityLog](./tables/commonsecuritylog.md) + +### Virtual machines + +Microsoft.Compute/VirtualMachines + +- [Heartbeat](./tables/heartbeat.md) +- [W3CIISLog](./tables/w3ciislog.md) +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ADAssessmentRecommendation](./tables/adassessmentrecommendation.md) +- [ADReplicationResult](./tables/adreplicationresult.md) +- [ComputerGroup](./tables/computergroup.md) +- [ContainerLog](./tables/containerlog.md) +- [DnsEvents](./tables/dnsevents.md) +- [DnsInventory](./tables/dnsinventory.md) +- [SecurityBaselineSummary](./tables/securitybaselinesummary.md) +- [SQLAssessmentRecommendation](./tables/sqlassessmentrecommendation.md) +- [ConfigurationChange](./tables/configurationchange.md) +- [ConfigurationData](./tables/configurationdata.md) +- [Event](./tables/event.md) +- [Perf](./tables/perf.md) +- [ProtectionStatus](./tables/protectionstatus.md) +- [SecurityBaseline](./tables/securitybaseline.md) +- [SecurityEvent](./tables/securityevent.md) +- [Syslog](./tables/syslog.md) +- [Update](./tables/update.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) +- [UpdateSummary](./tables/updatesummary.md) +- [VMBoundPort](./tables/vmboundport.md) +- [VMConnection](./tables/vmconnection.md) +- [VMComputer](./tables/vmcomputer.md) +- [VMProcess](./tables/vmprocess.md) +- [WindowsFirewall](./tables/windowsfirewall.md) +- [WireData](./tables/wiredata.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [HealthStateChangeEvent](./tables/healthstatechangeevent.md) +- [CommonSecurityLog](./tables/commonsecuritylog.md) + +### Virtual Network Gateways + +Microsoft.Network/virtualNetworkGateways + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Virtual Networks + +Microsoft.Network/virtualNetworks + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### Virtual Private Network Gateways + +Microsoft.Network/vpnGateways + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [AzureDiagnostics](./tables/azurediagnostics.md) + +### VMware + +Microsoft.ConenctedVMwarevSphere/VirtualMachines + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) +- [ADAssessmentRecommendation](./tables/adassessmentrecommendation.md) +- [ADReplicationResult](./tables/adreplicationresult.md) +- [ComputerGroup](./tables/computergroup.md) +- [ContainerLog](./tables/containerlog.md) +- [DnsEvents](./tables/dnsevents.md) +- [DnsInventory](./tables/dnsinventory.md) +- [SecurityBaselineSummary](./tables/securitybaselinesummary.md) +- [SQLAssessmentRecommendation](./tables/sqlassessmentrecommendation.md) +- [ConfigurationChange](./tables/configurationchange.md) +- [ConfigurationData](./tables/configurationdata.md) +- [Event](./tables/event.md) +- [Heartbeat](./tables/heartbeat.md) +- [Perf](./tables/perf.md) +- [ProtectionStatus](./tables/protectionstatus.md) +- [SecurityBaseline](./tables/securitybaseline.md) +- [SecurityEvent](./tables/securityevent.md) +- [Syslog](./tables/syslog.md) +- [Update](./tables/update.md) +- [UpdateRunProgress](./tables/updaterunprogress.md) +- [UpdateSummary](./tables/updatesummary.md) +- [VMBoundPort](./tables/vmboundport.md) +- [VMConnection](./tables/vmconnection.md) +- [VMComputer](./tables/vmcomputer.md) +- [VMProcess](./tables/vmprocess.md) +- [W3CIISLog](./tables/w3ciislog.md) +- [WindowsFirewall](./tables/windowsfirewall.md) +- [WireData](./tables/wiredata.md) +- [InsightsMetrics](./tables/insightsmetrics.md) +- [HealthStateChangeEvent](./tables/healthstatechangeevent.md) +- [CommonSecurityLog](./tables/commonsecuritylog.md) + +### Workload Monitor + +Microsoft.WorkloadMonitor/monitors + +- [AzureActivity](./tables/azureactivity.md) +- [AzureMetrics](./tables/azuremetrics.md) + +### Workload Monitoring of Azure Monitor Insights + +Microsoft.Insights/WorkloadMonitoring + +- [InsightsMetrics](./tables/insightsmetrics.md) + +## Next steps + +- [Analyze logs from Azure storage with Log Analytics](/azure/azure-monitor/essentials/resource-logs#send-to-log-analytics-workspace) +- [Learn more about resource logs](/azure/azure-monitor/essentials/platform-logs-overview) +- [Change resource log diagnostic settings using the Azure Monitor REST API](/rest/api/monitor/diagnosticsettings) diff --git a/articles/azure-monitor/reference/tables/aacaudit.md b/articles/azure-monitor/reference/tables/aacaudit.md new file mode 100644 index 0000000000..66b87caba3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aacaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AACAudit +description: Reference for AACAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AACAudit + +Azure App Configuration audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appconfiguration/configurationstores| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aacaudit)| + + + +## Columns + +[!INCLUDE [aacaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aacaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/aachttprequest.md b/articles/azure-monitor/reference/tables/aachttprequest.md new file mode 100644 index 0000000000..08765620f1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aachttprequest.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AACHttpRequest +description: Reference for AACHttpRequest table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AACHttpRequest + +Incoming requests to Azure App Configuration. The records in this table are aggregated. The 'HitCount' field describes the number of requests that each record accounts for. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appconfiguration/configurationstores| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aachttprequest)| + + + +## Columns + +[!INCLUDE [aachttprequest](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aachttprequest-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadb2crequestlogs.md b/articles/azure-monitor/reference/tables/aadb2crequestlogs.md new file mode 100644 index 0000000000..42ee11bf07 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadb2crequestlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADB2CRequestLogs +description: Reference for AADB2CRequestLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADB2CRequestLogs + +Logs generated by AAD gateway for displaying B2C tenant's web requests and its throttle info. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aadiam/tenants| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [aadb2crequestlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadb2crequestlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadcustomsecurityattributeauditlogs.md b/articles/azure-monitor/reference/tables/aadcustomsecurityattributeauditlogs.md new file mode 100644 index 0000000000..2cdf9338aa --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadcustomsecurityattributeauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADCustomSecurityAttributeAuditLogs +description: Reference for AADCustomSecurityAttributeAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADCustomSecurityAttributeAuditLogs + +Non-interactive Azure Active Directory sign-in logs from user. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadcustomsecurityattributeauditlogs)| + + + +## Columns + +[!INCLUDE [aadcustomsecurityattributeauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadcustomsecurityattributeauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicesaccountlogon.md b/articles/azure-monitor/reference/tables/aaddomainservicesaccountlogon.md new file mode 100644 index 0000000000..68d72fe8c0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicesaccountlogon.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesAccountLogon +description: Reference for AADDomainServicesAccountLogon table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesAccountLogon + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaddomainservicesaccountlogon)| + + + +## Columns + +[!INCLUDE [aaddomainservicesaccountlogon](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicesaccountlogon-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicesaccountmanagement.md b/articles/azure-monitor/reference/tables/aaddomainservicesaccountmanagement.md new file mode 100644 index 0000000000..f3373ffa38 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicesaccountmanagement.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesAccountManagement +description: Reference for AADDomainServicesAccountManagement table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesAccountManagement + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaddomainservicesaccountmanagement)| + + + +## Columns + +[!INCLUDE [aaddomainservicesaccountmanagement](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicesaccountmanagement-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicesdirectoryserviceaccess.md b/articles/azure-monitor/reference/tables/aaddomainservicesdirectoryserviceaccess.md new file mode 100644 index 0000000000..10bceb3bdb --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicesdirectoryserviceaccess.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesDirectoryServiceAccess +description: Reference for AADDomainServicesDirectoryServiceAccess table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesDirectoryServiceAccess + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaddomainservicesdirectoryserviceaccess)| + + + +## Columns + +[!INCLUDE [aaddomainservicesdirectoryserviceaccess](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicesdirectoryserviceaccess-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicesdnsauditsdynamicupdates.md b/articles/azure-monitor/reference/tables/aaddomainservicesdnsauditsdynamicupdates.md new file mode 100644 index 0000000000..5ac42cb41b --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicesdnsauditsdynamicupdates.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesDNSAuditsDynamicUpdates +description: Reference for AADDomainServicesDNSAuditsDynamicUpdates table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesDNSAuditsDynamicUpdates + +DNS server audit events enable change tracking on the DNS server. This table contains operational audit events for dynamic updates. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [aaddomainservicesdnsauditsdynamicupdates](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicesdnsauditsdynamicupdates-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicesdnsauditsgeneral.md b/articles/azure-monitor/reference/tables/aaddomainservicesdnsauditsgeneral.md new file mode 100644 index 0000000000..b644ec8dc0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicesdnsauditsgeneral.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesDNSAuditsGeneral +description: Reference for AADDomainServicesDNSAuditsGeneral table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesDNSAuditsGeneral + +DNS server audit events enable change tracking on the DNS server. An audit event is logged each time server, zone, or resource record settings are changed. This includes operational events such as zone transfers, and DNSSEC zone signing and unsigning. This table captures audit events that are not from dynamic updates. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [aaddomainservicesdnsauditsgeneral](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicesdnsauditsgeneral-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainserviceslogonlogoff.md b/articles/azure-monitor/reference/tables/aaddomainserviceslogonlogoff.md new file mode 100644 index 0000000000..71dc04aa9b --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainserviceslogonlogoff.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesLogonLogoff +description: Reference for AADDomainServicesLogonLogoff table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesLogonLogoff + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaddomainserviceslogonlogoff)| + + + +## Columns + +[!INCLUDE [aaddomainserviceslogonlogoff](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainserviceslogonlogoff-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicespolicychange.md b/articles/azure-monitor/reference/tables/aaddomainservicespolicychange.md new file mode 100644 index 0000000000..831a26db84 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicespolicychange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesPolicyChange +description: Reference for AADDomainServicesPolicyChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesPolicyChange + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaddomainservicespolicychange)| + + + +## Columns + +[!INCLUDE [aaddomainservicespolicychange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicespolicychange-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaddomainservicesprivilegeuse.md b/articles/azure-monitor/reference/tables/aaddomainservicesprivilegeuse.md new file mode 100644 index 0000000000..a2cf09e5b4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaddomainservicesprivilegeuse.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADDomainServicesPrivilegeUse +description: Reference for AADDomainServicesPrivilegeUse table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADDomainServicesPrivilegeUse + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaddomainservicesprivilegeuse)| + + + +## Columns + +[!INCLUDE [aaddomainservicesprivilegeuse](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaddomainservicesprivilegeuse-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadmanagedidentitysigninlogs.md b/articles/azure-monitor/reference/tables/aadmanagedidentitysigninlogs.md new file mode 100644 index 0000000000..04e2609f6b --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadmanagedidentitysigninlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADManagedIdentitySignInLogs +description: Reference for AADManagedIdentitySignInLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADManagedIdentitySignInLogs + +Managed identity Azure Active Directory sign-in logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadmanagedidentitysigninlogs)| + + + +## Columns + +[!INCLUDE [aadmanagedidentitysigninlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadmanagedidentitysigninlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadnoninteractiveusersigninlogs.md b/articles/azure-monitor/reference/tables/aadnoninteractiveusersigninlogs.md new file mode 100644 index 0000000000..2171161711 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadnoninteractiveusersigninlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADNonInteractiveUserSignInLogs +description: Reference for AADNonInteractiveUserSignInLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADNonInteractiveUserSignInLogs + +Non-interactive Azure Active Directory sign-in logs from user. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadnoninteractiveusersigninlogs)| + + + +## Columns + +[!INCLUDE [aadnoninteractiveusersigninlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadnoninteractiveusersigninlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadprovisioninglogs.md b/articles/azure-monitor/reference/tables/aadprovisioninglogs.md new file mode 100644 index 0000000000..dde27dcfea --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadprovisioninglogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADProvisioningLogs +description: Reference for AADProvisioningLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADProvisioningLogs + +Logs generated by Azure AD Provisioning. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadprovisioninglogs)| + + + +## Columns + +[!INCLUDE [aadprovisioninglogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadprovisioninglogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadriskyserviceprincipals.md b/articles/azure-monitor/reference/tables/aadriskyserviceprincipals.md new file mode 100644 index 0000000000..abd38df5db --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadriskyserviceprincipals.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADRiskyServicePrincipals +description: Reference for AADRiskyServicePrincipals table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADRiskyServicePrincipals + +Logs generated by identity protection for Azure AD risky service principals. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [aadriskyserviceprincipals](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadriskyserviceprincipals-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadriskyusers.md b/articles/azure-monitor/reference/tables/aadriskyusers.md new file mode 100644 index 0000000000..e77315924a --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadriskyusers.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADRiskyUsers +description: Reference for AADRiskyUsers table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADRiskyUsers + +Logs generated by Identity Protection for Azure AD Risky Users. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadriskyusers)| + + + +## Columns + +[!INCLUDE [aadriskyusers](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadriskyusers-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadserviceprincipalriskevents.md b/articles/azure-monitor/reference/tables/aadserviceprincipalriskevents.md new file mode 100644 index 0000000000..9f72fa99a4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadserviceprincipalriskevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADServicePrincipalRiskEvents +description: Reference for AADServicePrincipalRiskEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADServicePrincipalRiskEvents + +Logs generated by identity protection for Azure AD service principal risk events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadserviceprincipalriskevents)| + + + +## Columns + +[!INCLUDE [aadserviceprincipalriskevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadserviceprincipalriskevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/aadserviceprincipalsigninlogs.md b/articles/azure-monitor/reference/tables/aadserviceprincipalsigninlogs.md new file mode 100644 index 0000000000..532d6ce06b --- /dev/null +++ b/articles/azure-monitor/reference/tables/aadserviceprincipalsigninlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADServicePrincipalSignInLogs +description: Reference for AADServicePrincipalSignInLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADServicePrincipalSignInLogs + +Service principal Azure Active Directory sign-in logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aadserviceprincipalsigninlogs)| + + + +## Columns + +[!INCLUDE [aadserviceprincipalsigninlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aadserviceprincipalsigninlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aaduserriskevents.md b/articles/azure-monitor/reference/tables/aaduserriskevents.md new file mode 100644 index 0000000000..6b094edbff --- /dev/null +++ b/articles/azure-monitor/reference/tables/aaduserriskevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AADUserRiskEvents +description: Reference for AADUserRiskEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AADUserRiskEvents + +Logs generated by Identity Protection for Azure AD User Risk Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aaduserriskevents)| + + + +## Columns + +[!INCLUDE [aaduserriskevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aaduserriskevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/absbotrequests.md b/articles/azure-monitor/reference/tables/absbotrequests.md new file mode 100644 index 0000000000..0fa66c5818 --- /dev/null +++ b/articles/azure-monitor/reference/tables/absbotrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ABSBotRequests +description: Reference for ABSBotRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ABSBotRequests + +Logs of requests made by Azure Bot Service onbehalf of a bot such as requests from channel to bot and to other dependencies. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.botservice/botservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/absbotrequests)| + + + +## Columns + +[!INCLUDE [absbotrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/absbotrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/abschanneltobotrequests.md b/articles/azure-monitor/reference/tables/abschanneltobotrequests.md new file mode 100644 index 0000000000..854472915e --- /dev/null +++ b/articles/azure-monitor/reference/tables/abschanneltobotrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ABSChannelToBotRequests +description: Reference for ABSChannelToBotRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ABSChannelToBotRequests + +All logs of requests from Azure Bot Service channels services to bots. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [abschanneltobotrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/abschanneltobotrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/absdependenciesrequests.md b/articles/azure-monitor/reference/tables/absdependenciesrequests.md new file mode 100644 index 0000000000..fb4e7de290 --- /dev/null +++ b/articles/azure-monitor/reference/tables/absdependenciesrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ABSDependenciesRequests +description: Reference for ABSDependenciesRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ABSDependenciesRequests + +All logs of requests logs of requessts from Azure Bot Service to other dependencies such as external APIs that help to fulfill overall requests. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [absdependenciesrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/absdependenciesrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/acicollaborationaudit.md b/articles/azure-monitor/reference/tables/acicollaborationaudit.md new file mode 100644 index 0000000000..7c83a9ddfe --- /dev/null +++ b/articles/azure-monitor/reference/tables/acicollaborationaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACICollaborationAudit +description: Reference for ACICollaborationAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACICollaborationAudit + +Audits of collaborative resources approval and access during pipeline execution. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datacollaboration/workspaces| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acicollaborationaudit)| + + + +## Columns + +[!INCLUDE [acicollaborationaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acicollaborationaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/acrconnectedclientlist.md b/articles/azure-monitor/reference/tables/acrconnectedclientlist.md new file mode 100644 index 0000000000..1c9fc05500 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acrconnectedclientlist.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACRConnectedClientList +description: Reference for ACRConnectedClientList table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACRConnectedClientList + +Logs count of Redis clients connected to a cache instance and their IP addresses, logged at a 10-second interval. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.cache/redis| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acrconnectedclientlist)| + + + +## Columns + +[!INCLUDE [acrconnectedclientlist](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acrconnectedclientlist-include.md)] diff --git a/articles/azure-monitor/reference/tables/acrentraauthenticationauditlog.md b/articles/azure-monitor/reference/tables/acrentraauthenticationauditlog.md new file mode 100644 index 0000000000..4334d5bce1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acrentraauthenticationauditlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACREntraAuthenticationAuditLog +description: Reference for ACREntraAuthenticationAuditLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACREntraAuthenticationAuditLog + +Logs Microsoft Entra authentication audit events for Azure Cache for Redis. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.cache/redis| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acrentraauthenticationauditlog)| + + + +## Columns + +[!INCLUDE [acrentraauthenticationauditlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acrentraauthenticationauditlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsadvancedmessagingoperations.md b/articles/azure-monitor/reference/tables/acsadvancedmessagingoperations.md new file mode 100644 index 0000000000..40bb462138 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsadvancedmessagingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSAdvancedMessagingOperations +description: Reference for ACSAdvancedMessagingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSAdvancedMessagingOperations + +Communication Services logs of incoming requests to Advanced Messaging operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsadvancedmessagingoperations)| + + + +## Columns + +[!INCLUDE [acsadvancedmessagingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsadvancedmessagingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsauthincomingoperations.md b/articles/azure-monitor/reference/tables/acsauthincomingoperations.md new file mode 100644 index 0000000000..a46d29826d --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsauthincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSAuthIncomingOperations +description: Reference for ACSAuthIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSAuthIncomingOperations + +Communication Services logs of incoming requests to auth operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsauthincomingoperations)| + + + +## Columns + +[!INCLUDE [acsauthincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsauthincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsbillingusage.md b/articles/azure-monitor/reference/tables/acsbillingusage.md new file mode 100644 index 0000000000..adea7b46aa --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsbillingusage.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSBillingUsage +description: Reference for ACSBillingUsage table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSBillingUsage + +Usage records across all modes of Communication Services. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsbillingusage)| + + + +## Columns + +[!INCLUDE [acsbillingusage](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsbillingusage-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallautomationincomingoperations.md b/articles/azure-monitor/reference/tables/acscallautomationincomingoperations.md new file mode 100644 index 0000000000..74147cd659 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallautomationincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallAutomationIncomingOperations +description: Reference for ACSCallAutomationIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallAutomationIncomingOperations + +Communication Services logs of incoming requests to Call Automation operations. Every entry corresponds to the result of a call to the Call Automation APIs, e.g. CreateCall, AnswerCall, Play, Recognize, etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallautomationincomingoperations)| + + + +## Columns + +[!INCLUDE [acscallautomationincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallautomationincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallautomationmediasummary.md b/articles/azure-monitor/reference/tables/acscallautomationmediasummary.md new file mode 100644 index 0000000000..421426fd2c --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallautomationmediasummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallAutomationMediaSummary +description: Reference for ACSCallAutomationMediaSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallAutomationMediaSummary + +Communication Services summary logs of Call Automation Media operations. Every entry corresponds to the result of a call to the Call Automation Media APIs. (e.g. Play, Recognize). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallautomationmediasummary)| + + + +## Columns + +[!INCLUDE [acscallautomationmediasummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallautomationmediasummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallclientmediastatstimeseries.md b/articles/azure-monitor/reference/tables/acscallclientmediastatstimeseries.md new file mode 100644 index 0000000000..aa37120d15 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallclientmediastatstimeseries.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallClientMediaStatsTimeSeries +description: Reference for ACSCallClientMediaStatsTimeSeries table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallClientMediaStatsTimeSeries + +Call client media stats logs provide media statistics about a call made through ACS. These los are used to provide granular timeseries for quality metrics in Call Diagnostics Center. The logs contains information about media stream type, direction, codec as well as bitrate properties (e.g. max, min, average). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallclientmediastatstimeseries)| + + + +## Columns + +[!INCLUDE [acscallclientmediastatstimeseries](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallclientmediastatstimeseries-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallclientoperations.md b/articles/azure-monitor/reference/tables/acscallclientoperations.md new file mode 100644 index 0000000000..31a4711f2e --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallclientoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallClientOperations +description: Reference for ACSCallClientOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallClientOperations + +Call client operation logs provide information regarding operations performed by clients using the Azure Communication Service Calling client SDK. It includes information regarding events raised by the SDK, such as state changes, e.g. createView, startAudio,DevicePermissionRequest. This log will be used by Call Diagnostics Center to visualize a call flow in a time series manner. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallclientoperations)| + + + +## Columns + +[!INCLUDE [acscallclientoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallclientoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallclosedcaptionssummary.md b/articles/azure-monitor/reference/tables/acscallclosedcaptionssummary.md new file mode 100644 index 0000000000..a7658b0028 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallclosedcaptionssummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallClosedCaptionsSummary +description: Reference for ACSCallClosedCaptionsSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallClosedCaptionsSummary + +Call closed captions summary logs provide an overview about a closed captions made through ACS. There is one log for every closed captions done, and logs contain information about the duration of the closed captions, start time, spoken language and end reason, as well as the cancel reason of closed captions. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [acscallclosedcaptionssummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallclosedcaptionssummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscalldiagnostics.md b/articles/azure-monitor/reference/tables/acscalldiagnostics.md new file mode 100644 index 0000000000..01a07f9cee --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscalldiagnostics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallDiagnostics +description: Reference for ACSCallDiagnostics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallDiagnostics + +Diagnostics logs provide information about the media transfers that occur in a call. Every log corresponds to an individual media stream and contains information about the emitting endpoint (e.g. the user sending the stream). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscalldiagnostics)| + + + +## Columns + +[!INCLUDE [acscalldiagnostics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscalldiagnostics-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallrecordingincomingoperations.md b/articles/azure-monitor/reference/tables/acscallrecordingincomingoperations.md new file mode 100644 index 0000000000..3adac95ee2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallrecordingincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallRecordingIncomingOperations +description: Reference for ACSCallRecordingIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallRecordingIncomingOperations + +Communication Services logs of incoming requests to Call Recording operations. Every entry corresponds to the result of a call to the Call Recording APIs, e.g. StartRecording, StopRecording, PauseRecording, ResumeRecording, etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallrecordingincomingoperations)| + + + +## Columns + +[!INCLUDE [acscallrecordingincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallrecordingincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallrecordingsummary.md b/articles/azure-monitor/reference/tables/acscallrecordingsummary.md new file mode 100644 index 0000000000..dd5e7a4b4d --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallrecordingsummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallRecordingSummary +description: Reference for ACSCallRecordingSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallRecordingSummary + +Call recording summary logs provide an overview about a recording maed through ACS. There is one log for every recording done, and logs contain information about the duration of the recording, the content (e.g. Audio-Video, Unmixed, Transcription, etc.) and format (e.g. WAV, MP4, etc) types used for the recording, as well as the end reason of recording. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallrecordingsummary)| + + + +## Columns + +[!INCLUDE [acscallrecordingsummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallrecordingsummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallsummary.md b/articles/azure-monitor/reference/tables/acscallsummary.md new file mode 100644 index 0000000000..8e8b572cb2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallsummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallSummary +description: Reference for ACSCallSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallSummary + +Call summary logs provide an overview about a call made through ACS. There is one log for every participant in the call, and logs contain information about the duration of the call, the duration of the individual participant, the type of participant (e.g. VoIP, PSTN, etc.), as well as the endpoint information like the OS version being used, or the SDK version of the ACS platform. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallsummary)| + + + +## Columns + +[!INCLUDE [acscallsummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallsummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/acscallsurvey.md b/articles/azure-monitor/reference/tables/acscallsurvey.md new file mode 100644 index 0000000000..5dc434ba72 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acscallsurvey.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSCallSurvey +description: Reference for ACSCallSurvey table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSCallSurvey + +Call survey provides information about the call surveys submitted by the participants. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acscallsurvey)| + + + +## Columns + +[!INCLUDE [acscallsurvey](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acscallsurvey-include.md)] diff --git a/articles/azure-monitor/reference/tables/acschatincomingoperations.md b/articles/azure-monitor/reference/tables/acschatincomingoperations.md new file mode 100644 index 0000000000..3711b8d4cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/acschatincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSChatIncomingOperations +description: Reference for ACSChatIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSChatIncomingOperations + +Communication Services logs of incoming requests to chat operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acschatincomingoperations)| + + + +## Columns + +[!INCLUDE [acschatincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acschatincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsemailsendmailoperational.md b/articles/azure-monitor/reference/tables/acsemailsendmailoperational.md new file mode 100644 index 0000000000..52edaab52d --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsemailsendmailoperational.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSEmailSendMailOperational +description: Reference for ACSEmailSendMailOperational table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSEmailSendMailOperational + +Email Communication Services logs for send operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsemailsendmailoperational)| + + + +## Columns + +[!INCLUDE [acsemailsendmailoperational](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsemailsendmailoperational-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsemailstatusupdateoperational.md b/articles/azure-monitor/reference/tables/acsemailstatusupdateoperational.md new file mode 100644 index 0000000000..a6e5e7cede --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsemailstatusupdateoperational.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSEmailStatusUpdateOperational +description: Reference for ACSEmailStatusUpdateOperational table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSEmailStatusUpdateOperational + +Email Communication Services logs for message and recipient depllivery status update operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsemailstatusupdateoperational)| + + + +## Columns + +[!INCLUDE [acsemailstatusupdateoperational](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsemailstatusupdateoperational-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsemailuserengagementoperational.md b/articles/azure-monitor/reference/tables/acsemailuserengagementoperational.md new file mode 100644 index 0000000000..cbea49616d --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsemailuserengagementoperational.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSEmailUserEngagementOperational +description: Reference for ACSEmailUserEngagementOperational table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSEmailUserEngagementOperational + +Email Communication Services logs for message and recipient depllivery status update operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [acsemailuserengagementoperational](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsemailuserengagementoperational-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsjobrouterincomingoperations.md b/articles/azure-monitor/reference/tables/acsjobrouterincomingoperations.md new file mode 100644 index 0000000000..4d7c6fb32a --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsjobrouterincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSJobRouterIncomingOperations +description: Reference for ACSJobRouterIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSJobRouterIncomingOperations + +Communication Services logs of incoming requests to Job Router operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsjobrouterincomingoperations)| + + + +## Columns + +[!INCLUDE [acsjobrouterincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsjobrouterincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acsroomsincomingoperations.md b/articles/azure-monitor/reference/tables/acsroomsincomingoperations.md new file mode 100644 index 0000000000..f4074773ae --- /dev/null +++ b/articles/azure-monitor/reference/tables/acsroomsincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSRoomsIncomingOperations +description: Reference for ACSRoomsIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSRoomsIncomingOperations + +Communication Services logs of incoming requests to rooms operations, with summaries of room object, lifespan, participants and roles count etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acsroomsincomingoperations)| + + + +## Columns + +[!INCLUDE [acsroomsincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acsroomsincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/acssmsincomingoperations.md b/articles/azure-monitor/reference/tables/acssmsincomingoperations.md new file mode 100644 index 0000000000..52cd6f1e10 --- /dev/null +++ b/articles/azure-monitor/reference/tables/acssmsincomingoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ACSSMSIncomingOperations +description: Reference for ACSSMSIncomingOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ACSSMSIncomingOperations + +Communication Services logs of incoming requests to SMS operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.communication/communicationservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/acssmsincomingoperations)| + + + +## Columns + +[!INCLUDE [acssmsincomingoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/acssmsincomingoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/adassessmentrecommendation.md b/articles/azure-monitor/reference/tables/adassessmentrecommendation.md new file mode 100644 index 0000000000..abe263441f --- /dev/null +++ b/articles/azure-monitor/reference/tables/adassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADAssessmentRecommendation +description: Reference for ADAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADAssessmentRecommendation + +Recommendations generated by AD assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Workloads| +|**Solutions**| ADAssessment, ADAssessmentPlus, AzureResources| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adassessmentrecommendation)| + + + +## Columns + +[!INCLUDE [adassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/addonazurebackupalerts.md b/articles/azure-monitor/reference/tables/addonazurebackupalerts.md new file mode 100644 index 0000000000..37c69ee4a3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/addonazurebackupalerts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AddonAzureBackupAlerts +description: Reference for AddonAzureBackupAlerts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AddonAzureBackupAlerts + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|IT & Management Tools, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [addonazurebackupalerts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/addonazurebackupalerts-include.md)] diff --git a/articles/azure-monitor/reference/tables/addonazurebackupjobs.md b/articles/azure-monitor/reference/tables/addonazurebackupjobs.md new file mode 100644 index 0000000000..a5f5bc7c2b --- /dev/null +++ b/articles/azure-monitor/reference/tables/addonazurebackupjobs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AddonAzureBackupJobs +description: Reference for AddonAzureBackupJobs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AddonAzureBackupJobs + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|IT & Management Tools, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/addonazurebackupjobs)| + + + +## Columns + +[!INCLUDE [addonazurebackupjobs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/addonazurebackupjobs-include.md)] diff --git a/articles/azure-monitor/reference/tables/addonazurebackuppolicy.md b/articles/azure-monitor/reference/tables/addonazurebackuppolicy.md new file mode 100644 index 0000000000..ac4b29a1d8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/addonazurebackuppolicy.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AddonAzureBackupPolicy +description: Reference for AddonAzureBackupPolicy table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AddonAzureBackupPolicy + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|IT & Management Tools, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [addonazurebackuppolicy](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/addonazurebackuppolicy-include.md)] diff --git a/articles/azure-monitor/reference/tables/addonazurebackupprotectedinstance.md b/articles/azure-monitor/reference/tables/addonazurebackupprotectedinstance.md new file mode 100644 index 0000000000..88f1efc5c3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/addonazurebackupprotectedinstance.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AddonAzureBackupProtectedInstance +description: Reference for AddonAzureBackupProtectedInstance table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AddonAzureBackupProtectedInstance + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|IT & Management Tools, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [addonazurebackupprotectedinstance](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/addonazurebackupprotectedinstance-include.md)] diff --git a/articles/azure-monitor/reference/tables/addonazurebackupstorage.md b/articles/azure-monitor/reference/tables/addonazurebackupstorage.md new file mode 100644 index 0000000000..cc4b42183d --- /dev/null +++ b/articles/azure-monitor/reference/tables/addonazurebackupstorage.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AddonAzureBackupStorage +description: Reference for AddonAzureBackupStorage table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AddonAzureBackupStorage + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|IT & Management Tools, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/addonazurebackupstorage)| + + + +## Columns + +[!INCLUDE [addonazurebackupstorage](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/addonazurebackupstorage-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfactivityrun.md b/articles/azure-monitor/reference/tables/adfactivityrun.md new file mode 100644 index 0000000000..12855defcd --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfactivityrun.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFActivityRun +description: Reference for ADFActivityRun table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFActivityRun + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adfactivityrun)| + + + +## Columns + +[!INCLUDE [adfactivityrun](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfactivityrun-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfairflowschedulerlogs.md b/articles/azure-monitor/reference/tables/adfairflowschedulerlogs.md new file mode 100644 index 0000000000..a43a49524e --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfairflowschedulerlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFAirflowSchedulerLogs +description: Reference for ADFAirflowSchedulerLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFAirflowSchedulerLogs + +ADF Airflow scheduler logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfairflowschedulerlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfairflowschedulerlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfairflowtasklogs.md b/articles/azure-monitor/reference/tables/adfairflowtasklogs.md new file mode 100644 index 0000000000..c8635318b9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfairflowtasklogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFAirflowTaskLogs +description: Reference for ADFAirflowTaskLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFAirflowTaskLogs + +ADF Airflow task logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfairflowtasklogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfairflowtasklogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfairflowweblogs.md b/articles/azure-monitor/reference/tables/adfairflowweblogs.md new file mode 100644 index 0000000000..9b847e1762 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfairflowweblogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFAirflowWebLogs +description: Reference for ADFAirflowWebLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFAirflowWebLogs + +ADF Airflow web logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfairflowweblogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfairflowweblogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfairflowworkerlogs.md b/articles/azure-monitor/reference/tables/adfairflowworkerlogs.md new file mode 100644 index 0000000000..2cdb4f2773 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfairflowworkerlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFAirflowWorkerLogs +description: Reference for ADFAirflowWorkerLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFAirflowWorkerLogs + +ADF Airflow worker logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfairflowworkerlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfairflowworkerlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfpipelinerun.md b/articles/azure-monitor/reference/tables/adfpipelinerun.md new file mode 100644 index 0000000000..c9eac7cefb --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfpipelinerun.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFPipelineRun +description: Reference for ADFPipelineRun table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFPipelineRun + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adfpipelinerun)| + + + +## Columns + +[!INCLUDE [adfpipelinerun](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfpipelinerun-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfsandboxactivityrun.md b/articles/azure-monitor/reference/tables/adfsandboxactivityrun.md new file mode 100644 index 0000000000..08b7a607bf --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfsandboxactivityrun.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSandboxActivityRun +description: Reference for ADFSandboxActivityRun table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSandboxActivityRun + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfsandboxactivityrun](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfsandboxactivityrun-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfsandboxpipelinerun.md b/articles/azure-monitor/reference/tables/adfsandboxpipelinerun.md new file mode 100644 index 0000000000..ceb9557ad6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfsandboxpipelinerun.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSandboxPipelineRun +description: Reference for ADFSandboxPipelineRun table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSandboxPipelineRun + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfsandboxpipelinerun](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfsandboxpipelinerun-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssigninlogs.md b/articles/azure-monitor/reference/tables/adfssigninlogs.md new file mode 100644 index 0000000000..9a13fe6d04 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssigninlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSignInLogs +description: Reference for ADFSSignInLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSignInLogs + +Logs generated by Active Directory Federation Service. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adfssigninlogs)| + + + +## Columns + +[!INCLUDE [adfssigninlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssigninlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssisintegrationruntimelogs.md b/articles/azure-monitor/reference/tables/adfssisintegrationruntimelogs.md new file mode 100644 index 0000000000..2f8cecfe33 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssisintegrationruntimelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSISIntegrationRuntimeLogs +description: Reference for ADFSSISIntegrationRuntimeLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSISIntegrationRuntimeLogs + +ADF SSIS integration runtime logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfssisintegrationruntimelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssisintegrationruntimelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssispackageeventmessagecontext.md b/articles/azure-monitor/reference/tables/adfssispackageeventmessagecontext.md new file mode 100644 index 0000000000..dc5eaec6b7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssispackageeventmessagecontext.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSISPackageEventMessageContext +description: Reference for ADFSSISPackageEventMessageContext table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSISPackageEventMessageContext + +ADF SSIS package execution event message context + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfssispackageeventmessagecontext](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssispackageeventmessagecontext-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssispackageeventmessages.md b/articles/azure-monitor/reference/tables/adfssispackageeventmessages.md new file mode 100644 index 0000000000..5041c4cb08 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssispackageeventmessages.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSISPackageEventMessages +description: Reference for ADFSSISPackageEventMessages table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSISPackageEventMessages + +ADF SSIS package execution event messages + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfssispackageeventmessages](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssispackageeventmessages-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssispackageexecutablestatistics.md b/articles/azure-monitor/reference/tables/adfssispackageexecutablestatistics.md new file mode 100644 index 0000000000..d4aa08b7df --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssispackageexecutablestatistics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSISPackageExecutableStatistics +description: Reference for ADFSSISPackageExecutableStatistics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSISPackageExecutableStatistics + +ADF SSIS package execution executable statistics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfssispackageexecutablestatistics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssispackageexecutablestatistics-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssispackageexecutioncomponentphases.md b/articles/azure-monitor/reference/tables/adfssispackageexecutioncomponentphases.md new file mode 100644 index 0000000000..2beda219b6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssispackageexecutioncomponentphases.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSISPackageExecutionComponentPhases +description: Reference for ADFSSISPackageExecutionComponentPhases table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSISPackageExecutionComponentPhases + +ADF SSIS package execution component phases + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfssispackageexecutioncomponentphases](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssispackageexecutioncomponentphases-include.md)] diff --git a/articles/azure-monitor/reference/tables/adfssispackageexecutiondatastatistics.md b/articles/azure-monitor/reference/tables/adfssispackageexecutiondatastatistics.md new file mode 100644 index 0000000000..dcc6d89f4b --- /dev/null +++ b/articles/azure-monitor/reference/tables/adfssispackageexecutiondatastatistics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFSSISPackageExecutionDataStatistics +description: Reference for ADFSSISPackageExecutionDataStatistics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFSSISPackageExecutionDataStatistics + +ADF SSIS package execution data statistics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adfssispackageexecutiondatastatistics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adfssispackageexecutiondatastatistics-include.md)] diff --git a/articles/azure-monitor/reference/tables/adftriggerrun.md b/articles/azure-monitor/reference/tables/adftriggerrun.md new file mode 100644 index 0000000000..3ec0c2cbfb --- /dev/null +++ b/articles/azure-monitor/reference/tables/adftriggerrun.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADFTriggerRun +description: Reference for ADFTriggerRun table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADFTriggerRun + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datafactory/factories| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adftriggerrun)| + + + +## Columns + +[!INCLUDE [adftriggerrun](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adftriggerrun-include.md)] diff --git a/articles/azure-monitor/reference/tables/adpaudit.md b/articles/azure-monitor/reference/tables/adpaudit.md new file mode 100644 index 0000000000..dd410bf3c0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adpaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADPAudit +description: Reference for ADPAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADPAudit + +Audit entries for ADP operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.autonomousdevelopmentplatform/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adpaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adpaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/adpdiagnostics.md b/articles/azure-monitor/reference/tables/adpdiagnostics.md new file mode 100644 index 0000000000..c4dd5ee004 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adpdiagnostics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADPDiagnostics +description: Reference for ADPDiagnostics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADPDiagnostics + +Diagnostic logs of the ADP service. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.autonomousdevelopmentplatform/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adpdiagnostics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adpdiagnostics-include.md)] diff --git a/articles/azure-monitor/reference/tables/adprequests.md b/articles/azure-monitor/reference/tables/adprequests.md new file mode 100644 index 0000000000..5e8bbb16cb --- /dev/null +++ b/articles/azure-monitor/reference/tables/adprequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADPRequests +description: Reference for ADPRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADPRequests + +Requests made to the ADP service. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.autonomousdevelopmentplatform/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adprequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adprequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/adreplicationresult.md b/articles/azure-monitor/reference/tables/adreplicationresult.md new file mode 100644 index 0000000000..d285674d8d --- /dev/null +++ b/articles/azure-monitor/reference/tables/adreplicationresult.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADReplicationResult +description: Reference for ADReplicationResult table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADReplicationResult + +The AD Replication Status solution regularly monitors your Active Directory environment for any replication failures. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Workloads| +|**Solutions**| ADReplication, AzureResources| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adreplicationresult](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adreplicationresult-include.md)] diff --git a/articles/azure-monitor/reference/tables/adsecurityassessmentrecommendation.md b/articles/azure-monitor/reference/tables/adsecurityassessmentrecommendation.md new file mode 100644 index 0000000000..834f34eb98 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adsecurityassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADSecurityAssessmentRecommendation +description: Reference for ADSecurityAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADSecurityAssessmentRecommendation + +Recommendations generated by AD Security assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| ADSecurityAssessment, AzureResources| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adsecurityassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adsecurityassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adtdatahistoryoperation.md b/articles/azure-monitor/reference/tables/adtdatahistoryoperation.md new file mode 100644 index 0000000000..d5f8a7c2de --- /dev/null +++ b/articles/azure-monitor/reference/tables/adtdatahistoryoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADTDataHistoryOperation +description: Reference for ADTDataHistoryOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADTDataHistoryOperation + +This table tracks all data history events being published to time series database connections. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.digitaltwins/digitaltwinsinstances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adtdatahistoryoperation)| + + + +## Columns + +[!INCLUDE [adtdatahistoryoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adtdatahistoryoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adtdigitaltwinsoperation.md b/articles/azure-monitor/reference/tables/adtdigitaltwinsoperation.md new file mode 100644 index 0000000000..e0cedb58b1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adtdigitaltwinsoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADTDigitalTwinsOperation +description: Reference for ADTDigitalTwinsOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADTDigitalTwinsOperation + +Schema for Azure Digital Twins' Digital Twin operations. The Digital Twins Operation category tracks all customer requests to manage a digital twin, including CRUD on Twins and Relationships. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.digitaltwins/digitaltwinsinstances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adtdigitaltwinsoperation)| + + + +## Columns + +[!INCLUDE [adtdigitaltwinsoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adtdigitaltwinsoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adteventroutesoperation.md b/articles/azure-monitor/reference/tables/adteventroutesoperation.md new file mode 100644 index 0000000000..ec6174c4d4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adteventroutesoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADTEventRoutesOperation +description: Reference for ADTEventRoutesOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADTEventRoutesOperation + +Schema for Azure Digital Twins' Event Routes operations. The Event Routes Operation category tracks all events being published to endpoints, which are other Azure services. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.digitaltwins/digitaltwinsinstances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adteventroutesoperation)| + + + +## Columns + +[!INCLUDE [adteventroutesoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adteventroutesoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adtmodelsoperation.md b/articles/azure-monitor/reference/tables/adtmodelsoperation.md new file mode 100644 index 0000000000..0ff4cefc01 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adtmodelsoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADTModelsOperation +description: Reference for ADTModelsOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADTModelsOperation + +Schema for Azure Digital Twins' Models operations. The Models Operation category tracks all customer requests to manage models in a digital twins instance. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.digitaltwins/digitaltwinsinstances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adtmodelsoperation)| + + + +## Columns + +[!INCLUDE [adtmodelsoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adtmodelsoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adtqueryoperation.md b/articles/azure-monitor/reference/tables/adtqueryoperation.md new file mode 100644 index 0000000000..c3c5aaf0f5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adtqueryoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADTQueryOperation +description: Reference for ADTQueryOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADTQueryOperation + +Schema for Azure Digital Twins' Query operations. The Query Operation category tracks all customer requests to query their digital twins instance. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.digitaltwins/digitaltwinsinstances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adtqueryoperation)| + + + +## Columns + +[!INCLUDE [adtqueryoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adtqueryoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxcommand.md b/articles/azure-monitor/reference/tables/adxcommand.md new file mode 100644 index 0000000000..75245f7e28 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxcommand.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXCommand +description: Reference for ADXCommand table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXCommand + +Azure Data Explorer command execution summary. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adxcommand](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxcommand-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxdataoperation.md b/articles/azure-monitor/reference/tables/adxdataoperation.md new file mode 100644 index 0000000000..b3be499ab1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxdataoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXDataOperation +description: Reference for ADXDataOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXDataOperation + +Azure Data Explorer data operation summary. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adxdataoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxdataoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxingestionbatching.md b/articles/azure-monitor/reference/tables/adxingestionbatching.md new file mode 100644 index 0000000000..770e246454 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxingestionbatching.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXIngestionBatching +description: Reference for ADXIngestionBatching table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXIngestionBatching + +Azure Data Explorer ingestion batching operations. These logs have detailed statistics of batches ready for ingestion (duration, batch size and blobs count). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adxingestionbatching)| + + + +## Columns + +[!INCLUDE [adxingestionbatching](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxingestionbatching-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxjournal.md b/articles/azure-monitor/reference/tables/adxjournal.md new file mode 100644 index 0000000000..0d5c5f7ad7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxjournal.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXJournal +description: Reference for ADXJournal table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXJournal + +Azure Data Explorer journal (metadata operations). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adxjournal](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxjournal-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxquery.md b/articles/azure-monitor/reference/tables/adxquery.md new file mode 100644 index 0000000000..a36e4373c3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxquery.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXQuery +description: Reference for ADXQuery table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXQuery + +Azure Data Explorer query execution summary. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adxquery](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxquery-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxtabledetails.md b/articles/azure-monitor/reference/tables/adxtabledetails.md new file mode 100644 index 0000000000..7fec5b3505 --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxtabledetails.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXTableDetails +description: Reference for ADXTableDetails table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXTableDetails + +Azure Data Explorer table details. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [adxtabledetails](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxtabledetails-include.md)] diff --git a/articles/azure-monitor/reference/tables/adxtableusagestatistics.md b/articles/azure-monitor/reference/tables/adxtableusagestatistics.md new file mode 100644 index 0000000000..a5832f173f --- /dev/null +++ b/articles/azure-monitor/reference/tables/adxtableusagestatistics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ADXTableUsageStatistics +description: Reference for ADXTableUsageStatistics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ADXTableUsageStatistics + +Azure Data Explorer table usage statistics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/adxtableusagestatistics)| + + + +## Columns + +[!INCLUDE [adxtableusagestatistics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/adxtableusagestatistics-include.md)] diff --git a/articles/azure-monitor/reference/tables/aegdataplanerequests.md b/articles/azure-monitor/reference/tables/aegdataplanerequests.md new file mode 100644 index 0000000000..b99ae33432 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aegdataplanerequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AegDataPlaneRequests +description: Reference for AegDataPlaneRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AegDataPlaneRequests + +Logs for Event Grid data plane requests (publish and options) against a topic/domain/partnernamespace. It can be used for auditing purposes. Logs are aggregated over a minute and displays the total number of requests with specific request properties. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/topics,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnernamespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aegdataplanerequests)| + + + +## Columns + +[!INCLUDE [aegdataplanerequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aegdataplanerequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/aegdeliveryfailurelogs.md b/articles/azure-monitor/reference/tables/aegdeliveryfailurelogs.md new file mode 100644 index 0000000000..8741f8ece8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aegdeliveryfailurelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AegDeliveryFailureLogs +description: Reference for AegDeliveryFailureLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AegDeliveryFailureLogs + +Azure Event Grid - event delivery failure logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/topics,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnertopics,
microsoft.eventgrid/systemtopics| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aegdeliveryfailurelogs)| + + + +## Columns + +[!INCLUDE [aegdeliveryfailurelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aegdeliveryfailurelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aegpublishfailurelogs.md b/articles/azure-monitor/reference/tables/aegpublishfailurelogs.md new file mode 100644 index 0000000000..66eabb7f1a --- /dev/null +++ b/articles/azure-monitor/reference/tables/aegpublishfailurelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AegPublishFailureLogs +description: Reference for AegPublishFailureLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AegPublishFailureLogs + +Azure Event Grid - event publish failure logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/topics,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnernamespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aegpublishfailurelogs)| + + + +## Columns + +[!INCLUDE [aegpublishfailurelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aegpublishfailurelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aewassignmentbloblogs.md b/articles/azure-monitor/reference/tables/aewassignmentbloblogs.md new file mode 100644 index 0000000000..970b643e0d --- /dev/null +++ b/articles/azure-monitor/reference/tables/aewassignmentbloblogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AEWAssignmentBlobLogs +description: Reference for AEWAssignmentBlobLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AEWAssignmentBlobLogs + +Assignment blob upload events for the Experiment Workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.experimentation/experimentworkspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [aewassignmentbloblogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aewassignmentbloblogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aewauditlogs.md b/articles/azure-monitor/reference/tables/aewauditlogs.md new file mode 100644 index 0000000000..4f60f1240c --- /dev/null +++ b/articles/azure-monitor/reference/tables/aewauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AEWAuditLogs +description: Reference for AEWAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AEWAuditLogs + +Audit, activity and status for the Experiment Workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.experimentation/experimentworkspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [aewauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aewauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aewcomputepipelineslogs.md b/articles/azure-monitor/reference/tables/aewcomputepipelineslogs.md new file mode 100644 index 0000000000..b11ce7dd81 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aewcomputepipelineslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AEWComputePipelinesLogs +description: Reference for AEWComputePipelinesLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AEWComputePipelinesLogs + +AEWComputePipelines Events for the Experiment Workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.experimentation/experimentworkspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aewcomputepipelineslogs)| + + + +## Columns + +[!INCLUDE [aewcomputepipelineslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aewcomputepipelineslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/afsauditlogs.md b/articles/azure-monitor/reference/tables/afsauditlogs.md new file mode 100644 index 0000000000..06ead2d08d --- /dev/null +++ b/articles/azure-monitor/reference/tables/afsauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AFSAuditLogs +description: Reference for AFSAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AFSAuditLogs + +This table contains audit logs retrieved from your Azure Managed Lustre filesystem resource. These logs capture all priviledged operations performed on each Azure Managed Lustre resource. They can be used to monitor events and configure alerts on your resource. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagecache/amlfilesytems| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/afsauditlogs)| + + + +## Columns + +[!INCLUDE [afsauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/afsauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agcaccesslogs.md b/articles/azure-monitor/reference/tables/agcaccesslogs.md new file mode 100644 index 0000000000..988b32e8cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/agcaccesslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AGCAccessLogs +description: Reference for AGCAccessLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AGCAccessLogs + +Contains details of client requests made to Application Gateway for Containers. Each client request creats a log entry that can be used to identify slow requests, determine error rates, and correlate logs with backend services. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.servicenetworking/trafficcontrollers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/agcaccesslogs)| + + + +## Columns + +[!INCLUDE [agcaccesslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agcaccesslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodapplicationauditlogs.md b/articles/azure-monitor/reference/tables/agrifoodapplicationauditlogs.md new file mode 100644 index 0000000000..a8175cc6a1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodapplicationauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodApplicationAuditLogs +description: Reference for AgriFoodApplicationAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodApplicationAuditLogs + +Logs for privileged actions such as data-plane resource create, update, delete and subscription management operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/agrifoodapplicationauditlogs)| + + + +## Columns + +[!INCLUDE [agrifoodapplicationauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodapplicationauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodfarmmanagementlogs.md b/articles/azure-monitor/reference/tables/agrifoodfarmmanagementlogs.md new file mode 100644 index 0000000000..dcbbeafcb7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodfarmmanagementlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodFarmManagementLogs +description: Reference for AgriFoodFarmManagementLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodFarmManagementLogs + +Logs for create, update, delete and get operations on FarmBeats resources such as Farmer, Farm, Field, Boundary, Seasonal Field, Crop, CropVariety, Season, Attachment, Prescription Maps, Prescriptions, Management Zones, Zones, Plant Tissue Analysis, Nutrient Analysis etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/agrifoodfarmmanagementlogs)| + + + +## Columns + +[!INCLUDE [agrifoodfarmmanagementlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodfarmmanagementlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodfarmoperationlogs.md b/articles/azure-monitor/reference/tables/agrifoodfarmoperationlogs.md new file mode 100644 index 0000000000..6e0214fcf4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodfarmoperationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodFarmOperationLogs +description: Reference for AgriFoodFarmOperationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodFarmOperationLogs + +Logs for create, update, delete and get operations for FarmOperations such as data ingestion job, ApplicationData, PlantingData, HarvestingData, TillageData etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodfarmoperationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodfarmoperationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodinsightlogs.md b/articles/azure-monitor/reference/tables/agrifoodinsightlogs.md new file mode 100644 index 0000000000..7db9ba55c1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodinsightlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodInsightLogs +description: Reference for AgriFoodInsightLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodInsightLogs + +Logs for read operations on FarmBeats resources such as inisghts and inisight-attachments. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodinsightlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodinsightlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodjobprocessedlogs.md b/articles/azure-monitor/reference/tables/agrifoodjobprocessedlogs.md new file mode 100644 index 0000000000..4c1cee3617 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodjobprocessedlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodJobProcessedLogs +description: Reference for AgriFoodJobProcessedLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodJobProcessedLogs + +Logs indicating success or failure of job runs for farmOperationDataIngestionJob, farmOperationPeriodicJob, farmOperationEventHandlingJob,satelliteDataIngestionJob, weatherDataIngestionJob etc. These logs also contain reasons for failure of these jobs if any. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/agrifoodjobprocessedlogs)| + + + +## Columns + +[!INCLUDE [agrifoodjobprocessedlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodjobprocessedlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodmodelinferencelogs.md b/articles/azure-monitor/reference/tables/agrifoodmodelinferencelogs.md new file mode 100644 index 0000000000..9b23dd334e --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodmodelinferencelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodModelInferenceLogs +description: Reference for AgriFoodModelInferenceLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodModelInferenceLogs + +Logs for create and get operations for AI/ML model inference jobs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodmodelinferencelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodmodelinferencelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodproviderauthlogs.md b/articles/azure-monitor/reference/tables/agrifoodproviderauthlogs.md new file mode 100644 index 0000000000..3ec2f91e08 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodproviderauthlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodProviderAuthLogs +description: Reference for AgriFoodProviderAuthLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodProviderAuthLogs + +Logs for create, update, delete, cascade delete get and get all for oauth providers. It also has logs for get, get all and cascade delete for oauth tokens. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodproviderauthlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodproviderauthlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodsatellitelogs.md b/articles/azure-monitor/reference/tables/agrifoodsatellitelogs.md new file mode 100644 index 0000000000..b9e0c52397 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodsatellitelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodSatelliteLogs +description: Reference for AgriFoodSatelliteLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodSatelliteLogs + +Logs for create and get operations for Satellite data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodsatellitelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodsatellitelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodsensormanagementlogs.md b/articles/azure-monitor/reference/tables/agrifoodsensormanagementlogs.md new file mode 100644 index 0000000000..37e388efb7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodsensormanagementlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodSensorManagementLogs +description: Reference for AgriFoodSensorManagementLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodSensorManagementLogs + +Logs for sensors, sensors mappings, sensors events, sensors data models, sensors partner integration, devices, device data models etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodsensormanagementlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodsensormanagementlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agrifoodweatherlogs.md b/articles/azure-monitor/reference/tables/agrifoodweatherlogs.md new file mode 100644 index 0000000000..6ce23c83b9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agrifoodweatherlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AgriFoodWeatherLogs +description: Reference for AgriFoodWeatherLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AgriFoodWeatherLogs + +Logs for create, update, delete and get operations while ingesting weather data in FarmBeats. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.agfoodplatform/farmbeats| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agrifoodweatherlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agrifoodweatherlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agsgrafanaloginevents.md b/articles/azure-monitor/reference/tables/agsgrafanaloginevents.md new file mode 100644 index 0000000000..69fca6b203 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agsgrafanaloginevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AGSGrafanaLoginEvents +description: Reference for AGSGrafanaLoginEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AGSGrafanaLoginEvents + +Login events for an instance of Azure Managed Workspace for Grafana including user identity, user Grafana role (in success) and detailed message (in failure). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.dashboard/grafana| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/agsgrafanaloginevents)| + + + +## Columns + +[!INCLUDE [agsgrafanaloginevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agsgrafanaloginevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/agwaccesslogs.md b/articles/azure-monitor/reference/tables/agwaccesslogs.md new file mode 100644 index 0000000000..35cfc2f949 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agwaccesslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AGWAccessLogs +description: Reference for AGWAccessLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AGWAccessLogs + +Contains all the log to view Application Gateway access patterns and analyze important information. This includes the caller's IP, requested URL, response latency, return code, and bytes in and out. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/applicationgateways| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agwaccesslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agwaccesslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agwfirewalllogs.md b/articles/azure-monitor/reference/tables/agwfirewalllogs.md new file mode 100644 index 0000000000..c439c8aaa5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/agwfirewalllogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AGWFirewallLogs +description: Reference for AGWFirewallLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AGWFirewallLogs + +Contains all the logs to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/applicationgateways| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agwfirewalllogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agwfirewalllogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/agwperformancelogs.md b/articles/azure-monitor/reference/tables/agwperformancelogs.md new file mode 100644 index 0000000000..6a04f0cb1f --- /dev/null +++ b/articles/azure-monitor/reference/tables/agwperformancelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AGWPerformanceLogs +description: Reference for AGWPerformanceLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AGWPerformanceLogs + +Contains all the logs to view how Application Gateway instances are performing. This log captures performance information for each instance, including total requests served, throughput in bytes, total requests served, failed request count, and healthy and unhealthy backend instance count.The Performance log is available only for the v1 SKU. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/applicationgateways| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [agwperformancelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/agwperformancelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ahdsdeidauditlogs.md b/articles/azure-monitor/reference/tables/ahdsdeidauditlogs.md new file mode 100644 index 0000000000..146774c0da --- /dev/null +++ b/articles/azure-monitor/reference/tables/ahdsdeidauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AHDSDeidAuditLogs +description: Reference for AHDSDeidAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AHDSDeidAuditLogs + +Data plane audit logs of privileged actions made against Azure Health Data Services de-identificiation service, such as initiating a de-identification job. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.healthdataaiservices/deidservices| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ahdsdeidauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ahdsdeidauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ahdsdicomauditlogs.md b/articles/azure-monitor/reference/tables/ahdsdicomauditlogs.md new file mode 100644 index 0000000000..01268f3914 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ahdsdicomauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AHDSDicomAuditLogs +description: Reference for AHDSDicomAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AHDSDicomAuditLogs + +Data plane audit logs of privileged actions made against Azure Health Data DICOM service. For example, storing a DICOM instance. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.healthcareapis/workspaces| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ahdsdicomauditlogs)| + + + +## Columns + +[!INCLUDE [ahdsdicomauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ahdsdicomauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ahdsdicomdiagnosticlogs.md b/articles/azure-monitor/reference/tables/ahdsdicomdiagnosticlogs.md new file mode 100644 index 0000000000..26425123e1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ahdsdicomdiagnosticlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AHDSDicomDiagnosticLogs +description: Reference for AHDSDicomDiagnosticLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AHDSDicomDiagnosticLogs + +Actionable logs generated from your Azure Health Data DICOM service, including events information like, warning logs per tag per DICOM instance denoting validation issues. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.healthcareapis/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ahdsdicomdiagnosticlogs)| + + + +## Columns + +[!INCLUDE [ahdsdicomdiagnosticlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ahdsdicomdiagnosticlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ahdsmedtechdiagnosticlogs.md b/articles/azure-monitor/reference/tables/ahdsmedtechdiagnosticlogs.md new file mode 100644 index 0000000000..9df3d0a037 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ahdsmedtechdiagnosticlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AHDSMedTechDiagnosticLogs +description: Reference for AHDSMedTechDiagnosticLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AHDSMedTechDiagnosticLogs + +Actionable logs generated from your MedTech application. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.healthcareapis/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ahdsmedtechdiagnosticlogs)| + + + +## Columns + +[!INCLUDE [ahdsmedtechdiagnosticlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ahdsmedtechdiagnosticlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/airflowdagprocessinglogs.md b/articles/azure-monitor/reference/tables/airflowdagprocessinglogs.md new file mode 100644 index 0000000000..f78d1bad6d --- /dev/null +++ b/articles/azure-monitor/reference/tables/airflowdagprocessinglogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AirflowDagProcessingLogs +description: Reference for AirflowDagProcessingLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AirflowDagProcessingLogs + +ADF Airflow dag processing logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [airflowdagprocessinglogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/airflowdagprocessinglogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/aksaudit.md b/articles/azure-monitor/reference/tables/aksaudit.md new file mode 100644 index 0000000000..28028ff941 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aksaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AKSAudit +description: Reference for AKSAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AKSAudit + +Contains all Kubernetes API Server audit logs including events with the get and list verbs. These events are useful for monitoring all of the interactions with the Kubernetes API. To limit the scope to modifying operations see the AKSAuditAdmin table. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerservice/managedclusters| +|**Categories**|Audit, Azure Resources, Containers| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aksaudit)| + + + +## Columns + +[!INCLUDE [aksaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aksaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/aksauditadmin.md b/articles/azure-monitor/reference/tables/aksauditadmin.md new file mode 100644 index 0000000000..f9de91b275 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aksauditadmin.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AKSAuditAdmin +description: Reference for AKSAuditAdmin table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AKSAuditAdmin + +Contains Kubernetes API Server audit logs excluding events with the get and list verbs. These events are useful for monitoring resource modification requests made to the Kubernetes API. To see all modifying and non-modifying operations see the AKSAudit table. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerservice/managedclusters| +|**Categories**|Audit, Azure Resources, Containers| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aksauditadmin)| + + + +## Columns + +[!INCLUDE [aksauditadmin](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aksauditadmin-include.md)] diff --git a/articles/azure-monitor/reference/tables/akscontrolplane.md b/articles/azure-monitor/reference/tables/akscontrolplane.md new file mode 100644 index 0000000000..a6fffda4b4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/akscontrolplane.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AKSControlPlane +description: Reference for AKSControlPlane table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AKSControlPlane + +Contains diagnostic logs for the Kubernetes API Server, Controller Manager, Scheduler, Cluster Autoscaler, Cloud Controller Manager, Guard, and the Azure CSI storage drivers. These diagnostic logs have distinct Category entries corresponding their diagnostic log setting (e.g. kube-apiserver, kube-audit-admin). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerservice/managedclusters| +|**Categories**|Azure Resources, Containers| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/akscontrolplane)| + + + +## Columns + +[!INCLUDE [akscontrolplane](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/akscontrolplane-include.md)] diff --git a/articles/azure-monitor/reference/tables/albhealthevent.md b/articles/azure-monitor/reference/tables/albhealthevent.md new file mode 100644 index 0000000000..efbfa85e57 --- /dev/null +++ b/articles/azure-monitor/reference/tables/albhealthevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ALBHealthEvent +description: Reference for ALBHealthEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ALBHealthEvent + +Table of events related to the availability and health of a load balancer resource. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/loadbalancers| +|**Categories**|Azure Resources, Azure Monitor| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/albhealthevent)| + + + +## Columns + +[!INCLUDE [albhealthevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/albhealthevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/alert.md b/articles/azure-monitor/reference/tables/alert.md new file mode 100644 index 0000000000..12b1d916b1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/alert.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Alert +description: Reference for Alert table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Alert + +Alerts created by log alerts rules and SCOM alerts collected through Alert Management solution. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Monitor| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [alert](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/alert-include.md)] diff --git a/articles/azure-monitor/reference/tables/alertevidence.md b/articles/azure-monitor/reference/tables/alertevidence.md new file mode 100644 index 0000000000..1acc818c9d --- /dev/null +++ b/articles/azure-monitor/reference/tables/alertevidence.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AlertEvidence +description: Reference for AlertEvidence table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AlertEvidence + +Includes files, IP addresses, URLs, users, or devices associated with alerts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/alertevidence)| + + + +## Columns + +[!INCLUDE [alertevidence](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/alertevidence-include.md)] diff --git a/articles/azure-monitor/reference/tables/alerthistory.md b/articles/azure-monitor/reference/tables/alerthistory.md new file mode 100644 index 0000000000..a1ba51474f --- /dev/null +++ b/articles/azure-monitor/reference/tables/alerthistory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AlertHistory +description: Reference for AlertHistory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AlertHistory + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Monitor| +|**Solutions**| AlertManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [alerthistory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/alerthistory-include.md)] diff --git a/articles/azure-monitor/reference/tables/alertinfo.md b/articles/azure-monitor/reference/tables/alertinfo.md new file mode 100644 index 0000000000..21f23540ef --- /dev/null +++ b/articles/azure-monitor/reference/tables/alertinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AlertInfo +description: Reference for AlertInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AlertInfo + +Alerts from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, and Microsoft Defender for Identity, including severity information and threat categorization. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/alertinfo)| + + + +## Columns + +[!INCLUDE [alertinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/alertinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlcomputeclusterevent.md b/articles/azure-monitor/reference/tables/amlcomputeclusterevent.md new file mode 100644 index 0000000000..c1413977c9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlcomputeclusterevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlComputeClusterEvent +description: Reference for AmlComputeClusterEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlComputeClusterEvent + +AmlCompute Cluster events + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlcomputeclusterevent)| + + + +## Columns + +[!INCLUDE [amlcomputeclusterevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlcomputeclusterevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlcomputeclusternodeevent.md b/articles/azure-monitor/reference/tables/amlcomputeclusternodeevent.md new file mode 100644 index 0000000000..2aa019602f --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlcomputeclusternodeevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlComputeClusterNodeEvent +description: Reference for AmlComputeClusterNodeEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlComputeClusterNodeEvent + +AmlCompute Cluster Node events + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlcomputeclusternodeevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlcomputeclusternodeevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlcomputecpugpuutilization.md b/articles/azure-monitor/reference/tables/amlcomputecpugpuutilization.md new file mode 100644 index 0000000000..4a395f5d08 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlcomputecpugpuutilization.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlComputeCpuGpuUtilization +description: Reference for AmlComputeCpuGpuUtilization table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlComputeCpuGpuUtilization + +Azure Machine Learning services CPU and GPU utilizaion logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlcomputecpugpuutilization)| + + + +## Columns + +[!INCLUDE [amlcomputecpugpuutilization](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlcomputecpugpuutilization-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlcomputeinstanceevent.md b/articles/azure-monitor/reference/tables/amlcomputeinstanceevent.md new file mode 100644 index 0000000000..ac4d6e1f08 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlcomputeinstanceevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlComputeInstanceEvent +description: Reference for AmlComputeInstanceEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlComputeInstanceEvent + +Events when ML Compute Instance is accessed (read/write). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlcomputeinstanceevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlcomputeinstanceevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlcomputejobevent.md b/articles/azure-monitor/reference/tables/amlcomputejobevent.md new file mode 100644 index 0000000000..f366b23499 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlcomputejobevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlComputeJobEvent +description: Reference for AmlComputeJobEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlComputeJobEvent + +AmlCompute Job events + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlcomputejobevent)| + + + +## Columns + +[!INCLUDE [amlcomputejobevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlcomputejobevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amldatalabelevent.md b/articles/azure-monitor/reference/tables/amldatalabelevent.md new file mode 100644 index 0000000000..3be52d7382 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amldatalabelevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlDataLabelEvent +description: Reference for AmlDataLabelEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlDataLabelEvent + +Events when data label(s) or its projects is accessed (read, created, or deleted). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amldatalabelevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amldatalabelevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amldatasetevent.md b/articles/azure-monitor/reference/tables/amldatasetevent.md new file mode 100644 index 0000000000..76375af00e --- /dev/null +++ b/articles/azure-monitor/reference/tables/amldatasetevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlDataSetEvent +description: Reference for AmlDataSetEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlDataSetEvent + +Events when a registered or unregistered ML datastore is accessed (read, created, or deleted). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amldatasetevent)| + + + +## Columns + +[!INCLUDE [amldatasetevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amldatasetevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amldatastoreevent.md b/articles/azure-monitor/reference/tables/amldatastoreevent.md new file mode 100644 index 0000000000..6ff673a305 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amldatastoreevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlDataStoreEvent +description: Reference for AmlDataStoreEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlDataStoreEvent + +Events when ML datastore is accessed (read, created, or deleted). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amldatastoreevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amldatastoreevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amldeploymentevent.md b/articles/azure-monitor/reference/tables/amldeploymentevent.md new file mode 100644 index 0000000000..e3a622dadb --- /dev/null +++ b/articles/azure-monitor/reference/tables/amldeploymentevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlDeploymentEvent +description: Reference for AmlDeploymentEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlDeploymentEvent + +Events when a model deployment happens on ACI or AKS. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amldeploymentevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amldeploymentevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlenvironmentevent.md b/articles/azure-monitor/reference/tables/amlenvironmentevent.md new file mode 100644 index 0000000000..eb0247eb39 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlenvironmentevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlEnvironmentEvent +description: Reference for AmlEnvironmentEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlEnvironmentEvent + +Events when ML environments are accessed (read, created, or deleted). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlenvironmentevent)| + + + +## Columns + +[!INCLUDE [amlenvironmentevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlenvironmentevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlinferencingevent.md b/articles/azure-monitor/reference/tables/amlinferencingevent.md new file mode 100644 index 0000000000..e9cdb57068 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlinferencingevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlInferencingEvent +description: Reference for AmlInferencingEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlInferencingEvent + +Events for inference or related operation on AKS or ACI compute type. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlinferencingevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlinferencingevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlmodelsevent.md b/articles/azure-monitor/reference/tables/amlmodelsevent.md new file mode 100644 index 0000000000..ca760186eb --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlmodelsevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlModelsEvent +description: Reference for AmlModelsEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlModelsEvent + +Events when ML model is accessed (read, created, or deleted). Incudes events when packaging of models and assets happen into a ready-to-build packages. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlmodelsevent)| + + + +## Columns + +[!INCLUDE [amlmodelsevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlmodelsevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlonlineendpointconsolelog.md b/articles/azure-monitor/reference/tables/amlonlineendpointconsolelog.md new file mode 100644 index 0000000000..b9c0e3d46d --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlonlineendpointconsolelog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlOnlineEndpointConsoleLog +description: Reference for AmlOnlineEndpointConsoleLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlOnlineEndpointConsoleLog + +Azure ML online endpoints console logs. It provides console logs output from user containers. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlonlineendpointconsolelog)| + + + +## Columns + +[!INCLUDE [amlonlineendpointconsolelog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlonlineendpointconsolelog-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlonlineendpointeventlog.md b/articles/azure-monitor/reference/tables/amlonlineendpointeventlog.md new file mode 100644 index 0000000000..8f681efccb --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlonlineendpointeventlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlOnlineEndpointEventLog +description: Reference for AmlOnlineEndpointEventLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlOnlineEndpointEventLog + +Azure ML online endpoints event logs. It provides event logs regarding the inference-server container's life cycle. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlonlineendpointeventlog)| + + + +## Columns + +[!INCLUDE [amlonlineendpointeventlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlonlineendpointeventlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlonlineendpointtrafficlog.md b/articles/azure-monitor/reference/tables/amlonlineendpointtrafficlog.md new file mode 100644 index 0000000000..8df13c831c --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlonlineendpointtrafficlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlOnlineEndpointTrafficLog +description: Reference for AmlOnlineEndpointTrafficLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlOnlineEndpointTrafficLog + +Traffic logs for AzureML (machine learning) online endpoints. The table could be used to check the detailed information of the request to an online endpoint. For example, you could use it to check the request duration, the request failure reason, etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlonlineendpointtrafficlog)| + + + +## Columns + +[!INCLUDE [amlonlineendpointtrafficlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlonlineendpointtrafficlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlpipelineevent.md b/articles/azure-monitor/reference/tables/amlpipelineevent.md new file mode 100644 index 0000000000..49291791e5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlpipelineevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlPipelineEvent +description: Reference for AmlPipelineEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlPipelineEvent + +Events when ML pipeline draft or endpoint or module are accessed (read, created, or deleted). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlpipelineevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlpipelineevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlregistryreadeventslog.md b/articles/azure-monitor/reference/tables/amlregistryreadeventslog.md new file mode 100644 index 0000000000..8d5a01d120 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlregistryreadeventslog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlRegistryReadEventsLog +description: Reference for AmlRegistryReadEventsLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlRegistryReadEventsLog + +Azure ML Registry Read events log. It keeps records of Read operations with registries data access (data plane), including user identity, asset name and version for each access event. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/registries| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlregistryreadeventslog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlregistryreadeventslog-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlregistrywriteeventslog.md b/articles/azure-monitor/reference/tables/amlregistrywriteeventslog.md new file mode 100644 index 0000000000..f40970f350 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlregistrywriteeventslog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlRegistryWriteEventsLog +description: Reference for AmlRegistryWriteEventsLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlRegistryWriteEventsLog + +Azure ML Registry Write events log. It keeps records of Write operations with registries data access (data plane), including user identity, asset name and version for each access event. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/registries| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amlregistrywriteeventslog)| + + + +## Columns + +[!INCLUDE [amlregistrywriteeventslog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlregistrywriteeventslog-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlrunevent.md b/articles/azure-monitor/reference/tables/amlrunevent.md new file mode 100644 index 0000000000..3a3b97cf7a --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlrunevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlRunEvent +description: Reference for AmlRunEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlRunEvent + +Events when ML experiments are accessed (read, created, or deleted). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlrunevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlrunevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amlrunstatuschangedevent.md b/articles/azure-monitor/reference/tables/amlrunstatuschangedevent.md new file mode 100644 index 0000000000..3ed20e7345 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amlrunstatuschangedevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AmlRunStatusChangedEvent +description: Reference for AmlRunStatusChangedEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AmlRunStatusChangedEvent + +Azure Machine Learning services run status event logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.machinelearningservices/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amlrunstatuschangedevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amlrunstatuschangedevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/amskeydeliveryrequests.md b/articles/azure-monitor/reference/tables/amskeydeliveryrequests.md new file mode 100644 index 0000000000..167b53be7f --- /dev/null +++ b/articles/azure-monitor/reference/tables/amskeydeliveryrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AMSKeyDeliveryRequests +description: Reference for AMSKeyDeliveryRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AMSKeyDeliveryRequests + +Key delivery requests logs from Azure Media Services. This table captures details for every HTTP request for key or license acquisition sent to Azure Media Services. It can be used to monitor encrypted content playback, and to diagnose issues with DRM license acquisition or Clear Key acquisition. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.media/mediaservices| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amskeydeliveryrequests)| + + + +## Columns + +[!INCLUDE [amskeydeliveryrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amskeydeliveryrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/amsliveeventoperations.md b/articles/azure-monitor/reference/tables/amsliveeventoperations.md new file mode 100644 index 0000000000..be3624a397 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amsliveeventoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AMSLiveEventOperations +description: Reference for AMSLiveEventOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AMSLiveEventOperations + +Contains logs related to a Live Event. Logs are sent when an encoder connects, disconnects, or if there is a discontinuity in the media data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.media/mediaservices| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amsliveeventoperations)| + + + +## Columns + +[!INCLUDE [amsliveeventoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amsliveeventoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/amsmediaaccounthealth.md b/articles/azure-monitor/reference/tables/amsmediaaccounthealth.md new file mode 100644 index 0000000000..1d41cd72c7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amsmediaaccounthealth.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AMSMediaAccountHealth +description: Reference for AMSMediaAccountHealth table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AMSMediaAccountHealth + +Media Account Health Status. This table captures the Azure Media Services account health status. It can be used to monitor account health status and diagnose issues for unhealthy accounts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.media/mediaservices| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amsmediaaccounthealth)| + + + +## Columns + +[!INCLUDE [amsmediaaccounthealth](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amsmediaaccounthealth-include.md)] diff --git a/articles/azure-monitor/reference/tables/amsstreamingendpointrequests.md b/articles/azure-monitor/reference/tables/amsstreamingendpointrequests.md new file mode 100644 index 0000000000..b08ee82757 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amsstreamingendpointrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AMSStreamingEndpointRequests +description: Reference for AMSStreamingEndpointRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AMSStreamingEndpointRequests + +Contains information about requests to streaming endpoints. A streaming endpoint receives HTTP requests needed to stream video content. These requests usually come from video players or from the CDN. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.media/mediaservices| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/amsstreamingendpointrequests)| + + + +## Columns + +[!INCLUDE [amsstreamingendpointrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amsstreamingendpointrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/amwmetricsusagedetails.md b/articles/azure-monitor/reference/tables/amwmetricsusagedetails.md new file mode 100644 index 0000000000..f781d82a86 --- /dev/null +++ b/articles/azure-monitor/reference/tables/amwmetricsusagedetails.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AMWMetricsUsageDetails +description: Reference for AMWMetricsUsageDetails table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AMWMetricsUsageDetails + +Table that breaks down data quantities and query usage of metrics sent to an Azure Monitor Workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.monitor/accounts| +|**Categories**|Azure Resources, Azure Monitor| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [amwmetricsusagedetails](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/amwmetricsusagedetails-include.md)] diff --git a/articles/azure-monitor/reference/tables/anomalies.md b/articles/azure-monitor/reference/tables/anomalies.md new file mode 100644 index 0000000000..d550084216 --- /dev/null +++ b/articles/azure-monitor/reference/tables/anomalies.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Anomalies +description: Reference for Anomalies table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Anomalies + +This table contains anomalies generated by the active Anomaly analytics rules in Azure Sentinel. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/anomalies)| + + + +## Columns + +[!INCLUDE [anomalies](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/anomalies-include.md)] diff --git a/articles/azure-monitor/reference/tables/aoidatabasequery.md b/articles/azure-monitor/reference/tables/aoidatabasequery.md new file mode 100644 index 0000000000..315b14146f --- /dev/null +++ b/articles/azure-monitor/reference/tables/aoidatabasequery.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AOIDatabaseQuery +description: Reference for AOIDatabaseQuery table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AOIDatabaseQuery + +Audit logs related to queries run on database, in dataproduct environment. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkanalytics/dataproducts| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aoidatabasequery)| + + + +## Columns + +[!INCLUDE [aoidatabasequery](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aoidatabasequery-include.md)] diff --git a/articles/azure-monitor/reference/tables/aoidigestion.md b/articles/azure-monitor/reference/tables/aoidigestion.md new file mode 100644 index 0000000000..c550c51c8d --- /dev/null +++ b/articles/azure-monitor/reference/tables/aoidigestion.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AOIDigestion +description: Reference for AOIDigestion table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AOIDigestion + +Logs related to digestion of files added to the input storage account. These can be used to verify that data is being successfully passed through to enrichment, or to troubleshoot issues with processing the raw data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkanalytics/dataproducts| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aoidigestion)| + + + +## Columns + +[!INCLUDE [aoidigestion](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aoidigestion-include.md)] diff --git a/articles/azure-monitor/reference/tables/aoistorage.md b/articles/azure-monitor/reference/tables/aoistorage.md new file mode 100644 index 0000000000..8c055d9d25 --- /dev/null +++ b/articles/azure-monitor/reference/tables/aoistorage.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AOIStorage +description: Reference for AOIStorage table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AOIStorage + +These are Audit logs related to ingestion of files on the input storage account. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkanalytics/dataproducts| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/aoistorage)| + + + +## Columns + +[!INCLUDE [aoistorage](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/aoistorage-include.md)] diff --git a/articles/azure-monitor/reference/tables/apimanagementgatewaylogs.md b/articles/azure-monitor/reference/tables/apimanagementgatewaylogs.md new file mode 100644 index 0000000000..3a28364bb1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/apimanagementgatewaylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ApiManagementGatewayLogs +description: Reference for ApiManagementGatewayLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ApiManagementGatewayLogs + +Azure ApiManagement gateway logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.apimanagement/service| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/apimanagementgatewaylogs)| + + + +## Columns + +[!INCLUDE [apimanagementgatewaylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/apimanagementgatewaylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/apimanagementwebsocketconnectionlogs.md b/articles/azure-monitor/reference/tables/apimanagementwebsocketconnectionlogs.md new file mode 100644 index 0000000000..2eb604a2bd --- /dev/null +++ b/articles/azure-monitor/reference/tables/apimanagementwebsocketconnectionlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ApiManagementWebSocketConnectionLogs +description: Reference for ApiManagementWebSocketConnectionLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ApiManagementWebSocketConnectionLogs + +Websocket connection logs provides logs on websocket connection events for API Management Gateway. Logging starts when the request arrives to API Management Gateway for handshake and till the request gets terminated. Every request log can be uniquely identified with CorrelationId. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.apimanagement/service| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [apimanagementwebsocketconnectionlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/apimanagementwebsocketconnectionlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/apimdevportalauditdiagnosticlog.md b/articles/azure-monitor/reference/tables/apimdevportalauditdiagnosticlog.md new file mode 100644 index 0000000000..39d43e508a --- /dev/null +++ b/articles/azure-monitor/reference/tables/apimdevportalauditdiagnosticlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - APIMDevPortalAuditDiagnosticLog +description: Reference for APIMDevPortalAuditDiagnosticLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# APIMDevPortalAuditDiagnosticLog + +Diagnostic Logs for API Management Developer Portal API. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.apimanagement/service| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [apimdevportalauditdiagnosticlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/apimdevportalauditdiagnosticlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/appavailabilityresults.md b/articles/azure-monitor/reference/tables/appavailabilityresults.md new file mode 100644 index 0000000000..7f013bcb57 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appavailabilityresults.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppAvailabilityResults +description: Reference for AppAvailabilityResults table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppAvailabilityResults + +Application Insights availability test results. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appavailabilityresults](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appavailabilityresults-include.md)] diff --git a/articles/azure-monitor/reference/tables/appbrowsertimings.md b/articles/azure-monitor/reference/tables/appbrowsertimings.md new file mode 100644 index 0000000000..3c5d12f81c --- /dev/null +++ b/articles/azure-monitor/reference/tables/appbrowsertimings.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppBrowserTimings +description: Reference for AppBrowserTimings table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppBrowserTimings + +Application Insights browser timings. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appbrowsertimings](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appbrowsertimings-include.md)] diff --git a/articles/azure-monitor/reference/tables/appcentererror.md b/articles/azure-monitor/reference/tables/appcentererror.md new file mode 100644 index 0000000000..6b752fd3cb --- /dev/null +++ b/articles/azure-monitor/reference/tables/appcentererror.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppCenterError +description: Reference for AppCenterError table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppCenterError + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appcentererror](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appcentererror-include.md)] diff --git a/articles/azure-monitor/reference/tables/appdependencies.md b/articles/azure-monitor/reference/tables/appdependencies.md new file mode 100644 index 0000000000..c13b65aad4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appdependencies.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppDependencies +description: Reference for AppDependencies table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppDependencies + +Application Insights dependencies. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appdependencies)| + + + +## Columns + +[!INCLUDE [appdependencies](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appdependencies-include.md)] diff --git a/articles/azure-monitor/reference/tables/appenvspringappconsolelogs.md b/articles/azure-monitor/reference/tables/appenvspringappconsolelogs.md new file mode 100644 index 0000000000..edc191e92b --- /dev/null +++ b/articles/azure-monitor/reference/tables/appenvspringappconsolelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppEnvSpringAppConsoleLogs +description: Reference for AppEnvSpringAppConsoleLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppEnvSpringAppConsoleLogs + +Logs generated by Spring Apps(Container Apps with managedBy annotation) within a Container App Environment. This includes logs generated on the stdout or stderr streams by all containers in the app. It also includes all Dapr sidecar container logs but does not include any system or platform level logs produced by the Container App Environment itself. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.app/managedenvironments| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appenvspringappconsolelogs)| + + + +## Columns + +[!INCLUDE [appenvspringappconsolelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appenvspringappconsolelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appevents.md b/articles/azure-monitor/reference/tables/appevents.md new file mode 100644 index 0000000000..b84a56b53e --- /dev/null +++ b/articles/azure-monitor/reference/tables/appevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppEvents +description: Reference for AppEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppEvents + +Application Insights events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/appexceptions.md b/articles/azure-monitor/reference/tables/appexceptions.md new file mode 100644 index 0000000000..c2eaf31e87 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appexceptions.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppExceptions +description: Reference for AppExceptions table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppExceptions + +Application Insights exceptions. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appexceptions)| + + + +## Columns + +[!INCLUDE [appexceptions](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appexceptions-include.md)] diff --git a/articles/azure-monitor/reference/tables/applicationinsights.md b/articles/azure-monitor/reference/tables/applicationinsights.md new file mode 100644 index 0000000000..00f32baee4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/applicationinsights.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ApplicationInsights +description: Reference for ApplicationInsights table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ApplicationInsights + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| ApplicationInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [applicationinsights](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/applicationinsights-include.md)] diff --git a/articles/azure-monitor/reference/tables/appmetrics.md b/articles/azure-monitor/reference/tables/appmetrics.md new file mode 100644 index 0000000000..f0b21cb2c4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppMetrics +description: Reference for AppMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppMetrics + +Application Insights metrics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/apppageviews.md b/articles/azure-monitor/reference/tables/apppageviews.md new file mode 100644 index 0000000000..a3a87a6a04 --- /dev/null +++ b/articles/azure-monitor/reference/tables/apppageviews.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPageViews +description: Reference for AppPageViews table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPageViews + +Application Insights page views. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/apppageviews)| + + + +## Columns + +[!INCLUDE [apppageviews](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/apppageviews-include.md)] diff --git a/articles/azure-monitor/reference/tables/appperformancecounters.md b/articles/azure-monitor/reference/tables/appperformancecounters.md new file mode 100644 index 0000000000..dd295b8911 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appperformancecounters.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPerformanceCounters +description: Reference for AppPerformanceCounters table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPerformanceCounters + +Application Insights performance counters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appperformancecounters](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appperformancecounters-include.md)] diff --git a/articles/azure-monitor/reference/tables/appplatformbuildlogs.md b/articles/azure-monitor/reference/tables/appplatformbuildlogs.md new file mode 100644 index 0000000000..526ffb9104 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appplatformbuildlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPlatformBuildLogs +description: Reference for AppPlatformBuildLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPlatformBuildLogs + +Azure Spring Cloud build logs of user source codes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appplatform/spring| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appplatformbuildlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appplatformbuildlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appplatformcontainereventlogs.md b/articles/azure-monitor/reference/tables/appplatformcontainereventlogs.md new file mode 100644 index 0000000000..613660eae9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appplatformcontainereventlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPlatformContainerEventLogs +description: Reference for AppPlatformContainerEventLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPlatformContainerEventLogs + +Azure Spring Cloud container event logs of user applications. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appplatform/spring| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appplatformcontainereventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appplatformcontainereventlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appplatformingresslogs.md b/articles/azure-monitor/reference/tables/appplatformingresslogs.md new file mode 100644 index 0000000000..ff6d2ea372 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appplatformingresslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPlatformIngressLogs +description: Reference for AppPlatformIngressLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPlatformIngressLogs + +Azure Spring Cloud ingress logs, currently it is nginx access logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appplatform/spring| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appplatformingresslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appplatformingresslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appplatformlogsforspring.md b/articles/azure-monitor/reference/tables/appplatformlogsforspring.md new file mode 100644 index 0000000000..5d0c3d77d4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appplatformlogsforspring.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPlatformLogsforSpring +description: Reference for AppPlatformLogsforSpring table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPlatformLogsforSpring + +App Platform Logs for Spring. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appplatform/spring| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appplatformlogsforspring)| + + + +## Columns + +[!INCLUDE [appplatformlogsforspring](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appplatformlogsforspring-include.md)] diff --git a/articles/azure-monitor/reference/tables/appplatformsystemlogs.md b/articles/azure-monitor/reference/tables/appplatformsystemlogs.md new file mode 100644 index 0000000000..3c584d4845 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appplatformsystemlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppPlatformSystemLogs +description: Reference for AppPlatformSystemLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppPlatformSystemLogs + +Azure Spring Cloud System Logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.appplatform/spring| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appplatformsystemlogs)| + + + +## Columns + +[!INCLUDE [appplatformsystemlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appplatformsystemlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/apprequests.md b/articles/azure-monitor/reference/tables/apprequests.md new file mode 100644 index 0000000000..ee5c56e0cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/apprequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppRequests +description: Reference for AppRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppRequests + +Application Insights requests. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/apprequests)| + + + +## Columns + +[!INCLUDE [apprequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/apprequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceantivirusscanauditlogs.md b/articles/azure-monitor/reference/tables/appserviceantivirusscanauditlogs.md new file mode 100644 index 0000000000..a24696efb3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceantivirusscanauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceAntivirusScanAuditLogs +description: Reference for AppServiceAntivirusScanAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceAntivirusScanAuditLogs + +Report on any discovered virus or infected files that have been uploaded to their site. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appserviceantivirusscanauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceantivirusscanauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceapplogs.md b/articles/azure-monitor/reference/tables/appserviceapplogs.md new file mode 100644 index 0000000000..7a8e42035a --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceapplogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceAppLogs +description: Reference for AppServiceAppLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceAppLogs + +Logs generated through your application. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appserviceapplogs)| + + + +## Columns + +[!INCLUDE [appserviceapplogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceapplogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceauditlogs.md b/articles/azure-monitor/reference/tables/appserviceauditlogs.md new file mode 100644 index 0000000000..d85239e2da --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceAuditLogs +description: Reference for AppServiceAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceAuditLogs + +Logs generated when publishing users successfully log on via one of the App Service publishing protocols. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appserviceauditlogs)| + + + +## Columns + +[!INCLUDE [appserviceauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceauthenticationlogs.md b/articles/azure-monitor/reference/tables/appserviceauthenticationlogs.md new file mode 100644 index 0000000000..91ab92eccf --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceauthenticationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceAuthenticationLogs +description: Reference for AppServiceAuthenticationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceAuthenticationLogs + +Logs generated through App Service Authentication for your application. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appserviceauthenticationlogs)| + + + +## Columns + +[!INCLUDE [appserviceauthenticationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceauthenticationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceconsolelogs.md b/articles/azure-monitor/reference/tables/appserviceconsolelogs.md new file mode 100644 index 0000000000..bda57ecbf3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceconsolelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceConsoleLogs +description: Reference for AppServiceConsoleLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceConsoleLogs + +Console logs generated from application or container. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources, Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appserviceconsolelogs)| + + + +## Columns + +[!INCLUDE [appserviceconsolelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceconsolelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceenvironmentplatformlogs.md b/articles/azure-monitor/reference/tables/appserviceenvironmentplatformlogs.md new file mode 100644 index 0000000000..c5833150cb --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceenvironmentplatformlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceEnvironmentPlatformLogs +description: Reference for AppServiceEnvironmentPlatformLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceEnvironmentPlatformLogs + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appserviceenvironmentplatformlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceenvironmentplatformlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appservicefileauditlogs.md b/articles/azure-monitor/reference/tables/appservicefileauditlogs.md new file mode 100644 index 0000000000..122a3c17d3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appservicefileauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceFileAuditLogs +description: Reference for AppServiceFileAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceFileAuditLogs + +Logs generated when app service content is modified. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appservicefileauditlogs)| + + + +## Columns + +[!INCLUDE [appservicefileauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appservicefileauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appservicehttplogs.md b/articles/azure-monitor/reference/tables/appservicehttplogs.md new file mode 100644 index 0000000000..c97ee94524 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appservicehttplogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceHTTPLogs +description: Reference for AppServiceHTTPLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceHTTPLogs + +Incoming HTTP requests on App Service. Use these logs to monitor application health, performance and usage patterns. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/appservicehttplogs)| + + + +## Columns + +[!INCLUDE [appservicehttplogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appservicehttplogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceipsecauditlogs.md b/articles/azure-monitor/reference/tables/appserviceipsecauditlogs.md new file mode 100644 index 0000000000..d708552e76 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceipsecauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceIPSecAuditLogs +description: Reference for AppServiceIPSecAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceIPSecAuditLogs + +Logs generated through your application and pushed to Azure Monitoring. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appserviceipsecauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceipsecauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceplatformlogs.md b/articles/azure-monitor/reference/tables/appserviceplatformlogs.md new file mode 100644 index 0000000000..794c657aea --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceplatformlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServicePlatformLogs +description: Reference for AppServicePlatformLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServicePlatformLogs + +Logs generated through AppService platform for your application. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appserviceplatformlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceplatformlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/appserviceserverlesssecurityplugindata.md b/articles/azure-monitor/reference/tables/appserviceserverlesssecurityplugindata.md new file mode 100644 index 0000000000..3c41c2a207 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appserviceserverlesssecurityplugindata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppServiceServerlessSecurityPluginData +description: Reference for AppServiceServerlessSecurityPluginData table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppServiceServerlessSecurityPluginData + +Logs from the data collection services of the defender for serverless apps. Used to detect security issues and provide alerts and recommendations on how to mitigate/fix them. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appserviceserverlesssecurityplugindata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appserviceserverlesssecurityplugindata-include.md)] diff --git a/articles/azure-monitor/reference/tables/appsystemevents.md b/articles/azure-monitor/reference/tables/appsystemevents.md new file mode 100644 index 0000000000..55d9aac609 --- /dev/null +++ b/articles/azure-monitor/reference/tables/appsystemevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppSystemEvents +description: Reference for AppSystemEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppSystemEvents + +Application Insights system events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [appsystemevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/appsystemevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/apptraces.md b/articles/azure-monitor/reference/tables/apptraces.md new file mode 100644 index 0000000000..a6cb47be33 --- /dev/null +++ b/articles/azure-monitor/reference/tables/apptraces.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AppTraces +description: Reference for AppTraces table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AppTraces + +Application Insights traces. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/components| +|**Categories**|Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [apptraces](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/apptraces-include.md)] diff --git a/articles/azure-monitor/reference/tables/arck8saudit.md b/articles/azure-monitor/reference/tables/arck8saudit.md new file mode 100644 index 0000000000..37b1017e58 --- /dev/null +++ b/articles/azure-monitor/reference/tables/arck8saudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ArcK8sAudit +description: Reference for ArcK8sAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ArcK8sAudit + +Contains all Kubernetes API Server audit logs including events with the get and list verbs. These events are useful for monitoring all of the interactions with the Kubernetes API. To limit the scope to modifying operations see the ArcK8sAuditAdmin table. Requires Diagnostic Settings to use the Resource Specific destination table. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters| +|**Categories**|Audit, Azure Resources, Containers| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [arck8saudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/arck8saudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/arck8sauditadmin.md b/articles/azure-monitor/reference/tables/arck8sauditadmin.md new file mode 100644 index 0000000000..93f0896d8c --- /dev/null +++ b/articles/azure-monitor/reference/tables/arck8sauditadmin.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ArcK8sAuditAdmin +description: Reference for ArcK8sAuditAdmin table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ArcK8sAuditAdmin + +Contains Kubernetes API Server audit logs excluding events with the get and list verbs. These events are useful for monitoring resource modification requests made to the Kubernetes API. To see all modifying and non-modifying operations see the ArcK8sAudit table. Requires Diagnostic Settings to use the Resource Specific destination table. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters| +|**Categories**|Audit, Azure Resources, Containers| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [arck8sauditadmin](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/arck8sauditadmin-include.md)] diff --git a/articles/azure-monitor/reference/tables/arck8scontrolplane.md b/articles/azure-monitor/reference/tables/arck8scontrolplane.md new file mode 100644 index 0000000000..0b76374f5e --- /dev/null +++ b/articles/azure-monitor/reference/tables/arck8scontrolplane.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ArcK8sControlPlane +description: Reference for ArcK8sControlPlane table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ArcK8sControlPlane + +Contains diagnostic logs for the Kubernetes API Server, Controller Manager, Scheduler, Cluster Autoscaler, Cloud Controller Manager, Guard, and the Azure CSI storage drivers. These diagnostic logs have distinct Category entries corresponding their diagnostic log setting (e.g. kube-apiserver, kube-audit-admin). Requires Diagnostic Settings to use the Resource Specific destination table. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters| +|**Categories**|Azure Resources, Containers| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [arck8scontrolplane](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/arck8scontrolplane-include.md)] diff --git a/articles/azure-monitor/reference/tables/ascauditlogs.md b/articles/azure-monitor/reference/tables/ascauditlogs.md new file mode 100644 index 0000000000..dcf410c237 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ascauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ASCAuditLogs +description: Reference for ASCAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ASCAuditLogs + +Contains audit logs generated by Azure Sphere service and devices. Logs can be used for audit and troubleshooting. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.azuresphere/catalogs| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ascauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ascauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ascdeviceevents.md b/articles/azure-monitor/reference/tables/ascdeviceevents.md new file mode 100644 index 0000000000..7b22274162 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ascdeviceevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ASCDeviceEvents +description: Reference for ASCDeviceEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ASCDeviceEvents + +Contains event details for operations generated by Azure Sphere devices. These logs contain information about event types, event categories, event classes, event descriptions etc. that can be used for monitoring and troubleshooting app crashes on devices. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.azuresphere/catalogs| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ascdeviceevents)| + + + +## Columns + +[!INCLUDE [ascdeviceevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ascdeviceevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/asrjobs.md b/articles/azure-monitor/reference/tables/asrjobs.md new file mode 100644 index 0000000000..be5ffa4e44 --- /dev/null +++ b/articles/azure-monitor/reference/tables/asrjobs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ASRJobs +description: Reference for ASRJobs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ASRJobs + +This table contains records of Azure Site Recovery (ASR) jobs such as failover, test failover, reprotection etc., with key details for monitoring and diagnostics, such as the replicated item information, duration, status, description and so on. Whenever an ASR job is completed (i.e., succeeded or failed), a corresponding record for the job is sent to this table. You can view history of ASR jobs by querying this table over a larger time range, provided your workspace has the required retention configured. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/asrjobs)| + + + +## Columns + +[!INCLUDE [asrjobs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asrjobs-include.md)] diff --git a/articles/azure-monitor/reference/tables/asrreplicateditems.md b/articles/azure-monitor/reference/tables/asrreplicateditems.md new file mode 100644 index 0000000000..fa717ec545 --- /dev/null +++ b/articles/azure-monitor/reference/tables/asrreplicateditems.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ASRReplicatedItems +description: Reference for ASRReplicatedItems table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ASRReplicatedItems + +This table contains details of Azure Site Recovery (ASR) replicated items, such as associated vault, policy, replication health, failover readiness. etc. Data is pushed once a day to this table for all replicated items, to provide the latest information for each item. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/asrreplicateditems)| + + + +## Columns + +[!INCLUDE [asrreplicateditems](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asrreplicateditems-include.md)] diff --git a/articles/azure-monitor/reference/tables/atcexpressroutecircuitipfix.md b/articles/azure-monitor/reference/tables/atcexpressroutecircuitipfix.md new file mode 100644 index 0000000000..4af88e5a5d --- /dev/null +++ b/articles/azure-monitor/reference/tables/atcexpressroutecircuitipfix.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ATCExpressRouteCircuitIpfix +description: Reference for ATCExpressRouteCircuitIpfix table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ATCExpressRouteCircuitIpfix + +This table has Express Route Circuit IPFIX flow records. Flow records are captured and emitted by Azure Traffic Collector (ATC). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkfunction/azuretrafficcollectors| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [atcexpressroutecircuitipfix](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/atcexpressroutecircuitipfix-include.md)] diff --git a/articles/azure-monitor/reference/tables/atcprivatepeeringmetadata.md b/articles/azure-monitor/reference/tables/atcprivatepeeringmetadata.md new file mode 100644 index 0000000000..4d53bf2e85 --- /dev/null +++ b/articles/azure-monitor/reference/tables/atcprivatepeeringmetadata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ATCPrivatePeeringMetadata +description: Reference for ATCPrivatePeeringMetadata table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ATCPrivatePeeringMetadata + +This table has Private Peering Vnet metadata. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkfunction/azuretrafficcollectors| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [atcprivatepeeringmetadata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/atcprivatepeeringmetadata-include.md)] diff --git a/articles/azure-monitor/reference/tables/auditlogs.md b/articles/azure-monitor/reference/tables/auditlogs.md new file mode 100644 index 0000000000..bea4beef2d --- /dev/null +++ b/articles/azure-monitor/reference/tables/auditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AuditLogs +description: Reference for AuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AuditLogs + +Audit log for Azure Active Directory. Includes system activity information about user and group management managed applications and directory activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.graph/tenants| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [auditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/auditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/auieventsaudit.md b/articles/azure-monitor/reference/tables/auieventsaudit.md new file mode 100644 index 0000000000..eef00567f9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/auieventsaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AUIEventsAudit +description: Reference for AUIEventsAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AUIEventsAudit + +All API requests in the context of the Customer Insights (AUI) instance, for example all user actions while configuring and using the instance. POST|PUT|DELETE|PATCH operations go into this category. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [auieventsaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/auieventsaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/auieventsoperational.md b/articles/azure-monitor/reference/tables/auieventsoperational.md new file mode 100644 index 0000000000..64f170ca85 --- /dev/null +++ b/articles/azure-monitor/reference/tables/auieventsoperational.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AUIEventsOperational +description: Reference for AUIEventsOperational table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AUIEventsOperational + +Events generated using the service, for example GET requests or the execution events of a workflow. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [auieventsoperational](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/auieventsoperational-include.md)] diff --git a/articles/azure-monitor/reference/tables/autoscaleevaluationslog.md b/articles/azure-monitor/reference/tables/autoscaleevaluationslog.md new file mode 100644 index 0000000000..41a64f610c --- /dev/null +++ b/articles/azure-monitor/reference/tables/autoscaleevaluationslog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AutoscaleEvaluationsLog +description: Reference for AutoscaleEvaluationsLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AutoscaleEvaluationsLog + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/autoscalesettings| +|**Categories**|Azure Monitor, Virtual Machines, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/autoscaleevaluationslog)| + + + +## Columns + +[!INCLUDE [autoscaleevaluationslog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/autoscaleevaluationslog-include.md)] diff --git a/articles/azure-monitor/reference/tables/autoscalescaleactionslog.md b/articles/azure-monitor/reference/tables/autoscalescaleactionslog.md new file mode 100644 index 0000000000..3340905310 --- /dev/null +++ b/articles/azure-monitor/reference/tables/autoscalescaleactionslog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AutoscaleScaleActionsLog +description: Reference for AutoscaleScaleActionsLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AutoscaleScaleActionsLog + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/autoscalesettings| +|**Categories**|Azure Monitor, Virtual Machines, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/autoscalescaleactionslog)| + + + +## Columns + +[!INCLUDE [autoscalescaleactionslog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/autoscalescaleactionslog-include.md)] diff --git a/articles/azure-monitor/reference/tables/avnmconnectivityconfigurationchange.md b/articles/azure-monitor/reference/tables/avnmconnectivityconfigurationchange.md new file mode 100644 index 0000000000..8bf8e1cd1a --- /dev/null +++ b/articles/azure-monitor/reference/tables/avnmconnectivityconfigurationchange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AVNMConnectivityConfigurationChange +description: Reference for AVNMConnectivityConfigurationChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AVNMConnectivityConfigurationChange + +Includes logs related to application or removal of connectivity configuration, on network resources like a virtual network. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkmanagers| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/avnmconnectivityconfigurationchange)| + + + +## Columns + +[!INCLUDE [avnmconnectivityconfigurationchange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/avnmconnectivityconfigurationchange-include.md)] diff --git a/articles/azure-monitor/reference/tables/avnmipampoolallocationchange.md b/articles/azure-monitor/reference/tables/avnmipampoolallocationchange.md new file mode 100644 index 0000000000..723db55fed --- /dev/null +++ b/articles/azure-monitor/reference/tables/avnmipampoolallocationchange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AVNMIPAMPoolAllocationChange +description: Reference for AVNMIPAMPoolAllocationChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AVNMIPAMPoolAllocationChange + +Includes changes to allocations of an IPAM Pool such as Virtual Networks, static CIDRs, or child pools. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkmanagers| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/avnmipampoolallocationchange)| + + + +## Columns + +[!INCLUDE [avnmipampoolallocationchange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/avnmipampoolallocationchange-include.md)] diff --git a/articles/azure-monitor/reference/tables/avnmnetworkgroupmembershipchange.md b/articles/azure-monitor/reference/tables/avnmnetworkgroupmembershipchange.md new file mode 100644 index 0000000000..fe04e091a1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/avnmnetworkgroupmembershipchange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AVNMNetworkGroupMembershipChange +description: Reference for AVNMNetworkGroupMembershipChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AVNMNetworkGroupMembershipChange + +Includes changes to network group membership of network resources like a virtual network. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkmanagers| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/avnmnetworkgroupmembershipchange)| + + + +## Columns + +[!INCLUDE [avnmnetworkgroupmembershipchange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/avnmnetworkgroupmembershipchange-include.md)] diff --git a/articles/azure-monitor/reference/tables/avnmrulecollectionchange.md b/articles/azure-monitor/reference/tables/avnmrulecollectionchange.md new file mode 100644 index 0000000000..6c48e14a87 --- /dev/null +++ b/articles/azure-monitor/reference/tables/avnmrulecollectionchange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AVNMRuleCollectionChange +description: Reference for AVNMRuleCollectionChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AVNMRuleCollectionChange + +Include logs related to application or removal of rule collections, on network resources like a virtual network or a subnet. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkmanagers| +|**Categories**|Azure Resources, Network, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/avnmrulecollectionchange)| + + + +## Columns + +[!INCLUDE [avnmrulecollectionchange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/avnmrulecollectionchange-include.md)] diff --git a/articles/azure-monitor/reference/tables/avssyslog.md b/articles/azure-monitor/reference/tables/avssyslog.md new file mode 100644 index 0000000000..bc931891f0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/avssyslog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AVSSyslog +description: Reference for AVSSyslog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AVSSyslog + +Contains all system logs generated by VMWare applications, including (but not limited to) VCenter, NSX, and more. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.avs/privateclouds| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/avssyslog)| + + + +## Columns + +[!INCLUDE [avssyslog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/avssyslog-include.md)] diff --git a/articles/azure-monitor/reference/tables/awscloudtrail.md b/articles/azure-monitor/reference/tables/awscloudtrail.md new file mode 100644 index 0000000000..1ef37d01cf --- /dev/null +++ b/articles/azure-monitor/reference/tables/awscloudtrail.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AWSCloudTrail +description: Reference for AWSCloudTrail table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AWSCloudTrail + +CloudTrail logs, which ingested from Sentinel's connector, holds all your data and management events of your Amazon Wev Services account. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/awscloudtrail)| + + + +## Columns + +[!INCLUDE [awscloudtrail](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/awscloudtrail-include.md)] diff --git a/articles/azure-monitor/reference/tables/awscloudwatch.md b/articles/azure-monitor/reference/tables/awscloudwatch.md new file mode 100644 index 0000000000..0f42406398 --- /dev/null +++ b/articles/azure-monitor/reference/tables/awscloudwatch.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AWSCloudWatch +description: Reference for AWSCloudWatch table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AWSCloudWatch + +The CloudWatch Logs provide performance and billing data from the AWS CloudWatch service which helps the user better understand and operate the AWS system and application. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [awscloudwatch](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/awscloudwatch-include.md)] diff --git a/articles/azure-monitor/reference/tables/awsguardduty.md b/articles/azure-monitor/reference/tables/awsguardduty.md new file mode 100644 index 0000000000..9aed35b8c6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/awsguardduty.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AWSGuardDuty +description: Reference for AWSGuardDuty table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AWSGuardDuty + +Guard Duty Findings, which ingested from Sentinel's connector, represents a potential security issue detected within your network. GuardDuty generates a finding whenever it detects unexpected and potentially malicious activity in your AWS environment. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/awsguardduty)| + + + +## Columns + +[!INCLUDE [awsguardduty](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/awsguardduty-include.md)] diff --git a/articles/azure-monitor/reference/tables/awsvpcflow.md b/articles/azure-monitor/reference/tables/awsvpcflow.md new file mode 100644 index 0000000000..d737225347 --- /dev/null +++ b/articles/azure-monitor/reference/tables/awsvpcflow.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AWSVPCFlow +description: Reference for AWSVPCFlow table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AWSVPCFlow + +VPC Flow Logs, which ingested from Sentinel's connector, enables you to capture IP traffic going to and from your AWS VPC network interfaces. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/awsvpcflow)| + + + +## Columns + +[!INCLUDE [awsvpcflow](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/awsvpcflow-include.md)] diff --git a/articles/azure-monitor/reference/tables/awswaf.md b/articles/azure-monitor/reference/tables/awswaf.md new file mode 100644 index 0000000000..20e16d0388 --- /dev/null +++ b/articles/azure-monitor/reference/tables/awswaf.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AWSWAF +description: Reference for AWSWAF table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AWSWAF + +AWS WAF logs, collected in AWS S3 buckets, to Microsoft Sentinel. AWS WAF logs are detailed records of traffic that web access control lists (ACLs) analyze, which are essential for maintaining the security and performance of web applications. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [awswaf](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/awswaf-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwapplicationrule.md b/articles/azure-monitor/reference/tables/azfwapplicationrule.md new file mode 100644 index 0000000000..c8635c2a3f --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwapplicationrule.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWApplicationRule +description: Reference for AZFWApplicationRule table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWApplicationRule + +Contains all Application rule log data. Each match between data plane and Application rule creates a log entry with the data plane packet and the matched rule's attributes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwapplicationrule)| + + + +## Columns + +[!INCLUDE [azfwapplicationrule](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwapplicationrule-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwapplicationruleaggregation.md b/articles/azure-monitor/reference/tables/azfwapplicationruleaggregation.md new file mode 100644 index 0000000000..6e1ec7e37e --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwapplicationruleaggregation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWApplicationRuleAggregation +description: Reference for AZFWApplicationRuleAggregation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWApplicationRuleAggregation + +Contains aggregated Application rule log data for Policy Analytics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azfwapplicationruleaggregation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwapplicationruleaggregation-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwdnsquery.md b/articles/azure-monitor/reference/tables/azfwdnsquery.md new file mode 100644 index 0000000000..058343402c --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwdnsquery.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWDnsQuery +description: Reference for AZFWDnsQuery table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWDnsQuery + +Contains all DNS Proxy events log data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwdnsquery)| + + + +## Columns + +[!INCLUDE [azfwdnsquery](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwdnsquery-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwfatflow.md b/articles/azure-monitor/reference/tables/azfwfatflow.md new file mode 100644 index 0000000000..d01e218ea6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwfatflow.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWFatFlow +description: Reference for AZFWFatFlow table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWFatFlow + +This query returns the top flows across Azure Firewall instances. Log contains flow information, date transmission rate (in Megabits per second units) and the time period when the flows were recorded. Please follow the documentation to enable Top flow logging and details on how it is recorded. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwfatflow)| + + + +## Columns + +[!INCLUDE [azfwfatflow](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwfatflow-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwflowtrace.md b/articles/azure-monitor/reference/tables/azfwflowtrace.md new file mode 100644 index 0000000000..e2b45653a1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwflowtrace.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWFlowTrace +description: Reference for AZFWFlowTrace table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWFlowTrace + +Flow logs across Azure Firewall instances. Log contains flow information, flags and the time period when the flows were recorded. Please follow the documentation to enable flow trace logging and details on how it is recorded. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwflowtrace)| + + + +## Columns + +[!INCLUDE [azfwflowtrace](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwflowtrace-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwidpssignature.md b/articles/azure-monitor/reference/tables/azfwidpssignature.md new file mode 100644 index 0000000000..01e4229102 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwidpssignature.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWIdpsSignature +description: Reference for AZFWIdpsSignature table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWIdpsSignature + +Contains all data plane packets that were matched with one or more IDPS signatures. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwidpssignature)| + + + +## Columns + +[!INCLUDE [azfwidpssignature](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwidpssignature-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwinternalfqdnresolutionfailure.md b/articles/azure-monitor/reference/tables/azfwinternalfqdnresolutionfailure.md new file mode 100644 index 0000000000..5e85a7b23e --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwinternalfqdnresolutionfailure.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWInternalFqdnResolutionFailure +description: Reference for AZFWInternalFqdnResolutionFailure table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWInternalFqdnResolutionFailure + +Contains all internal Firewall FQDN resolution requests that resulted in failure. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwinternalfqdnresolutionfailure)| + + + +## Columns + +[!INCLUDE [azfwinternalfqdnresolutionfailure](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwinternalfqdnresolutionfailure-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwnatrule.md b/articles/azure-monitor/reference/tables/azfwnatrule.md new file mode 100644 index 0000000000..426e9f8465 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwnatrule.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWNatRule +description: Reference for AZFWNatRule table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWNatRule + +Contains all DNAT (Destination Network Address Translation) events log data. Each match between data plane and DNAT rule creates a log entry with the data plane packet and the matched rule's attributes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwnatrule)| + + + +## Columns + +[!INCLUDE [azfwnatrule](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwnatrule-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwnatruleaggregation.md b/articles/azure-monitor/reference/tables/azfwnatruleaggregation.md new file mode 100644 index 0000000000..acebb5261a --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwnatruleaggregation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWNatRuleAggregation +description: Reference for AZFWNatRuleAggregation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWNatRuleAggregation + +Contains aggregated NAT Rule log data for Policy Analytics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azfwnatruleaggregation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwnatruleaggregation-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwnetworkrule.md b/articles/azure-monitor/reference/tables/azfwnetworkrule.md new file mode 100644 index 0000000000..582963aaa9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwnetworkrule.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWNetworkRule +description: Reference for AZFWNetworkRule table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWNetworkRule + +Contains all Network Rule log data. Each match between data plane and network rule creates a log entry with the data plane packet and the matched rule's attributes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwnetworkrule)| + + + +## Columns + +[!INCLUDE [azfwnetworkrule](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwnetworkrule-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwnetworkruleaggregation.md b/articles/azure-monitor/reference/tables/azfwnetworkruleaggregation.md new file mode 100644 index 0000000000..5373369cf3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwnetworkruleaggregation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWNetworkRuleAggregation +description: Reference for AZFWNetworkRuleAggregation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWNetworkRuleAggregation + +Contains aggregated Network rule log data for Policy Analytics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azfwnetworkruleaggregation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwnetworkruleaggregation-include.md)] diff --git a/articles/azure-monitor/reference/tables/azfwthreatintel.md b/articles/azure-monitor/reference/tables/azfwthreatintel.md new file mode 100644 index 0000000000..e6d4f5be63 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azfwthreatintel.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZFWThreatIntel +description: Reference for AZFWThreatIntel table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZFWThreatIntel + +Contains all Threat Intelligence events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/azurefirewalls| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azfwthreatintel)| + + + +## Columns + +[!INCLUDE [azfwthreatintel](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azfwthreatintel-include.md)] diff --git a/articles/azure-monitor/reference/tables/azkvauditlogs.md b/articles/azure-monitor/reference/tables/azkvauditlogs.md new file mode 100644 index 0000000000..2c3fbff255 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azkvauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZKVAuditLogs +description: Reference for AZKVAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZKVAuditLogs + +Audit logs can be used to monitor how and when your key vaults are accessed, and by whom. Customers will be able to log all authentication api requests. Operations on the key vault itself, including creation, deletion, setting key vault access policies, and updating key vault attributes such as tags.Operation on keys and secrets in keyvault including creating, deleting, signing. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.keyvault/vaults| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azkvauditlogs)| + + + +## Columns + +[!INCLUDE [azkvauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azkvauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azkvpolicyevaluationdetailslogs.md b/articles/azure-monitor/reference/tables/azkvpolicyevaluationdetailslogs.md new file mode 100644 index 0000000000..54c7bcfc88 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azkvpolicyevaluationdetailslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZKVPolicyEvaluationDetailsLogs +description: Reference for AZKVPolicyEvaluationDetailsLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZKVPolicyEvaluationDetailsLogs + +Contains details of Azure Policy Evaluation including the outcome and details of what checks were performed. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.keyvault/vaults| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azkvpolicyevaluationdetailslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azkvpolicyevaluationdetailslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsapplicationmetriclogs.md b/articles/azure-monitor/reference/tables/azmsapplicationmetriclogs.md new file mode 100644 index 0000000000..ff2829d8a7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsapplicationmetriclogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSApplicationMetricLogs +description: Reference for AZMSApplicationMetricLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSApplicationMetricLogs + +Captures application metrics(incoming/outgoing, successful/failed, etc. message delivery) for Azure Event Hubs and Azure Service Bus. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.servicebus/namespaces,
microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azmsapplicationmetriclogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsapplicationmetriclogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsarchivelogs.md b/articles/azure-monitor/reference/tables/azmsarchivelogs.md new file mode 100644 index 0000000000..24e9b35ac0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsarchivelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSArchiveLogs +description: Reference for AZMSArchiveLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSArchiveLogs + +Captures information about Event Hubs capture operations, specifically, logs related to capture errors. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azmsarchivelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsarchivelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsautoscalelogs.md b/articles/azure-monitor/reference/tables/azmsautoscalelogs.md new file mode 100644 index 0000000000..3e3ab6604a --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsautoscalelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSAutoscaleLogs +description: Reference for AZMSAutoscaleLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSAutoscaleLogs + +Captures auto-inflate operations done on an Event Hubs namespace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azmsautoscalelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsautoscalelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmscustomermanagedkeyuserlogs.md b/articles/azure-monitor/reference/tables/azmscustomermanagedkeyuserlogs.md new file mode 100644 index 0000000000..123acfcede --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmscustomermanagedkeyuserlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSCustomerManagedKeyUserLogs +description: Reference for AZMSCustomerManagedKeyUserLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSCustomerManagedKeyUserLogs + +Captures operations related to customer-managed key. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azmscustomermanagedkeyuserlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmscustomermanagedkeyuserlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsdiagnosticerrorlogs.md b/articles/azure-monitor/reference/tables/azmsdiagnosticerrorlogs.md new file mode 100644 index 0000000000..64b8354e7c --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsdiagnosticerrorlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSDiagnosticErrorLogs +description: Reference for AZMSDiagnosticErrorLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSDiagnosticErrorLogs + +Captures aggregated diagnostic information such as client errors , server busy errors and quota exceeded errors for various data plane access operations (such as send or receive messages) in Azure Event Hubs and Azure Service Bus. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.servicebus/namespaces,
microsoft.eventhub/namespaces| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azmsdiagnosticerrorlogs)| + + + +## Columns + +[!INCLUDE [azmsdiagnosticerrorlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsdiagnosticerrorlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmshybridconnectionsevents.md b/articles/azure-monitor/reference/tables/azmshybridconnectionsevents.md new file mode 100644 index 0000000000..db112a40d3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmshybridconnectionsevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSHybridConnectionsEvents +description: Reference for AZMSHybridConnectionsEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSHybridConnectionsEvents + +Captures all hybrid connection events that are performed on the Azure Relay namespace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.relay/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azmshybridconnectionsevents)| + + + +## Columns + +[!INCLUDE [azmshybridconnectionsevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmshybridconnectionsevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmskafkacoordinatorlogs.md b/articles/azure-monitor/reference/tables/azmskafkacoordinatorlogs.md new file mode 100644 index 0000000000..c8a3966507 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmskafkacoordinatorlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSKafkaCoordinatorLogs +description: Reference for AZMSKafkaCoordinatorLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSKafkaCoordinatorLogs + +Captures kafka coordinator operations related to Event Hubs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azmskafkacoordinatorlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmskafkacoordinatorlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmskafkausererrorlogs.md b/articles/azure-monitor/reference/tables/azmskafkausererrorlogs.md new file mode 100644 index 0000000000..10ec6a88a9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmskafkausererrorlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSKafkaUserErrorLogs +description: Reference for AZMSKafkaUserErrorLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSKafkaUserErrorLogs + +Captures information about kafka APIs called on Event Hubs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azmskafkausererrorlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmskafkausererrorlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsoperationallogs.md b/articles/azure-monitor/reference/tables/azmsoperationallogs.md new file mode 100644 index 0000000000..087a336132 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsoperationallogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSOperationalLogs +description: Reference for AZMSOperationalLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSOperationalLogs + +Captures all management operations that are performed on the Azure Event Hubs/Azure Service Bus namespace and its entities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.servicebus/namespaces,
microsoft.eventhub/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azmsoperationallogs)| + + + +## Columns + +[!INCLUDE [azmsoperationallogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsoperationallogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsruntimeauditlogs.md b/articles/azure-monitor/reference/tables/azmsruntimeauditlogs.md new file mode 100644 index 0000000000..4053606f62 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsruntimeauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSRunTimeAuditLogs +description: Reference for AZMSRunTimeAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSRunTimeAuditLogs + +Captures aggregated diagnostic information for various data plane access operations (such as send or receive messages) in Azure Event Hubs and Azure Service Bus. Runtime audit logs are currently available only in premium tier. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.servicebus/namespaces,
microsoft.eventhub/namespaces| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azmsruntimeauditlogs)| + + + +## Columns + +[!INCLUDE [azmsruntimeauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsruntimeauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/azmsvnetconnectionevents.md b/articles/azure-monitor/reference/tables/azmsvnetconnectionevents.md new file mode 100644 index 0000000000..678ff7f9dc --- /dev/null +++ b/articles/azure-monitor/reference/tables/azmsvnetconnectionevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AZMSVnetConnectionEvents +description: Reference for AZMSVnetConnectionEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AZMSVnetConnectionEvents + +Captures all virtual network and IP filtering logs for Azure Event Hubs and Azure Service Bus. These would only be emitted if namespace allows access from selected networks or from specific IP address (IP Filter rules). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventhub/namespaces,
microsoft.servicebus/namespaces,
microsoft.relay/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azmsvnetconnectionevents)| + + + +## Columns + +[!INCLUDE [azmsvnetconnectionevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azmsvnetconnectionevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/azureactivity.md b/articles/azure-monitor/reference/tables/azureactivity.md new file mode 100644 index 0000000000..b3b325d1bc --- /dev/null +++ b/articles/azure-monitor/reference/tables/azureactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureActivity +description: Reference for AzureActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureActivity + +Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices,
microsoft.apimanagement/service,
microsoft.appconfiguration/configurationstores,
microsoft.network/applicationgateways,
microsoft.servicenetworking/trafficcontrollers,
microsoft.web/sites,
microsoft.autonomousdevelopmentplatform/workspaces,
microsoft.kubernetes/connectedclusters,
microsoft.attestation/attestationproviders,
microsoft.cache/redis,
microsoft.cdn/profiles,
microsoft.hardwaresecuritymodules/cloudhsmclusters,
microsoft.communication/communicationservices,
microsoft.documentdb/databaseaccounts,
microsoft.datacollaboration/workspaces,
microsoft.digitaltwins/digitaltwinsinstances,
microsoft.network/dnsresolverpolicies,
microsoft.eventgrid/namespaces,
microsoft.eventgrid/topics,
microsoft.eventhub/namespaces,
microsoft.network/azurefirewalls,
microsoft.dashboard/grafana,
microsoft.keyvault/vaults,
microsoft.containerservice/managedclusters,
microsoft.loadtestservice/loadtests,
microsoft.managednetworkfabric/networkdevices,
microsoft.documentdb/cassandraclusters,
microsoft.network/loadbalancers,
microsoft.networkcloud/baremetalmachines,
microsoft.networkcloud/clustermanagers,
microsoft.networkcloud/clusters,
microsoft.networkcloud/storageappliances,
microsoft.purview/accounts,
microsoft.recoveryservices/vaults,
microsoft.relay/namespaces,
microsoft.servicebus/namespaces,
microsoft.networkfunction/azuretrafficcollectors,
microsoft.network/networkmanagers,
microsoft.botservice/botservices,
microsoft.chaos/experiments,
microsoft.cognitiveservices/accounts,
microsoft.connectedcache/cachenodes,
microsoft.connectedvehicle/platformaccounts,
microsoft.network/networkwatchers/connectionmonitors,
microsoft.app/managedenvironments,
microsoft.d365customerinsights/instances,
microsoft.databricks/workspaces,
microsoft.dbformysql/flexibleservers,
microsoft.dbforpostgresql/flexibleservers,
microsoft.dbforpostgresql/servergroupsv2,
microsoft.devcenter/devcenters,
microsoft.experimentation/experimentworkspaces,
microsoft.hdinsight/clusters,
microsoft.compute/virtualmachines,
microsoft.logic/integrationaccounts,
microsoft.machinelearningservices/workspaces,
microsoft.machinelearningservices/registries,
microsoft.media/mediaservices,
microsoft.azureplaywrightservice/accounts,
microsoft.graph/tenants,
microsoft.networkanalytics/dataproducts,
microsoft.storage/storageaccounts,
microsoft.storagecache/amlfilesytems,
microsoft.storagemover/storagemovers,
microsoft.synapse/workspaces,
microsoft.desktopvirtualization/hostpools,
default,
subscription,
resourcegroup,
microsoft.signalrservice/webpubsub,
microsoft.insights/components,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces,
microsoft.timeseriesinsights/environments,
microsoft.workloadmonitor/monitors,
microsoft.analysisservices/servers,
microsoft.batch/batchaccounts,
microsoft.appplatform/spring,
microsoft.signalrservice/signalr,
microsoft.containerregistry/registries,
microsoft.kusto/clusters,
microsoft.blockchain/blockchainmembers,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnernamespaces,
microsoft.eventgrid/partnertopics,
microsoft.eventgrid/systemtopics,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters,
microsoft.insights/autoscalesettings,
microsoft.devices/iothubs,
microsoft.servicefabric/clusters,
microsoft.logic/workflows,
microsoft.automation/automationaccounts,
microsoft.datafactory/factories,
microsoft.datalakestore/accounts,
microsoft.datalakeanalytics/accounts,
microsoft.powerbidedicated/capacities,
microsoft.datashare/accounts,
microsoft.sql/managedinstances,
microsoft.sql/servers,
microsoft.sql/servers/databases,
microsoft.dbformysql/servers,
microsoft.dbforpostgresql/servers,
microsoft.dbforpostgresql/serversv2,
microsoft.dbformariadb/servers,
microsoft.devices/provisioningservices,
microsoft.network/expressroutecircuits,
microsoft.network/frontdoors,
microsoft.network/networkinterfaces,
microsoft.network/networksecuritygroups,
microsoft.network/publicipaddresses,
microsoft.network/trafficmanagerprofiles,
microsoft.network/virtualnetworkgateways,
microsoft.network/vpngateways,
microsoft.network/virtualnetworks,
microsoft.search/searchservices,
microsoft.streamanalytics/streamingjobs,
microsoft.network/bastionhosts,
microsoft.healthcareapis/services| +|**Categories**|Azure Resources, Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azureactivity)| + + + +## Columns + +[!INCLUDE [azureactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azureactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/azureassessmentrecommendation.md b/articles/azure-monitor/reference/tables/azureassessmentrecommendation.md new file mode 100644 index 0000000000..0963b20e8e --- /dev/null +++ b/articles/azure-monitor/reference/tables/azureassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureAssessmentRecommendation +description: Reference for AzureAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureAssessmentRecommendation + +Recommendations generated by Azure assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureAssessment, AzureResources| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azureassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azureassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/azureattestationdiagnostics.md b/articles/azure-monitor/reference/tables/azureattestationdiagnostics.md new file mode 100644 index 0000000000..9ff1519663 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azureattestationdiagnostics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureAttestationDiagnostics +description: Reference for AzureAttestationDiagnostics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureAttestationDiagnostics + +Logs from attestation requests. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.attestation/attestationproviders| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azureattestationdiagnostics)| + + + +## Columns + +[!INCLUDE [azureattestationdiagnostics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azureattestationdiagnostics-include.md)] diff --git a/articles/azure-monitor/reference/tables/azurebackupoperations.md b/articles/azure-monitor/reference/tables/azurebackupoperations.md new file mode 100644 index 0000000000..88e34764c3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azurebackupoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureBackupOperations +description: Reference for AzureBackupOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureBackupOperations + +This table contains details of Azure Backup operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azurebackupoperations)| + + + +## Columns + +[!INCLUDE [azurebackupoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azurebackupoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/azuredevopsauditing.md b/articles/azure-monitor/reference/tables/azuredevopsauditing.md new file mode 100644 index 0000000000..4229d4198c --- /dev/null +++ b/articles/azure-monitor/reference/tables/azuredevopsauditing.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureDevOpsAuditing +description: Reference for AzureDevOpsAuditing table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureDevOpsAuditing + +Schema for Azure DevOps audit logs, which can be used to track the many changes that occur within your Azure DevOps organization(s). Some examples include changes to security policies, pipelines, billing, and projects. For a full list of events, see aka.ms/azdev-audit-events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [azuredevopsauditing](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azuredevopsauditing-include.md)] diff --git a/articles/azure-monitor/reference/tables/azurediagnostics.md b/articles/azure-monitor/reference/tables/azurediagnostics.md new file mode 100644 index 0000000000..3455f16ce2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azurediagnostics.md @@ -0,0 +1,371 @@ +--- +title: Azure Monitor Logs reference - AzureDiagnostics +description: Reference for AzureDiagnostics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT +ms.date: 09/16/2024 +custom: Hardcoded description from azurediagnostics-stub.md. +--- + +# AzureDiagnostics + +Stores resource logs for Azure services that use Azure Diagnostics mode. Resource logs describe the internal operation of Azure resources. + +The resource log for each Azure service has a unique set of columns. The AzureDiagnostics table includes the most common columns used by Azure services. If a resource log includes a column that doesn't already exist in the AzureDiagnostics table, that column is added the first time that data is collected. If the maximum number of 500 columns is reached, data for any additional columns is added to a dynamic column. + +Azure services that use resource-specific mode store data in a table specific to that service and do not use the AzureDiagnostics table. See [Resource Types](#resource-types) below for the services that use each method. See [Azure resource logs](/azure/azure-monitor/platform/resource-logs#send-to-log-analytics-workspace) for details on the differences. + +> [!NOTE] +> The AzureDiagnostics table is a custom log table created exclusively by the Azure Monitor pipeline the first time an Azure resource begins sending logs in Azure Diagnostics mode. Unlike other tables, the AzureDiagnostics table can't be created via an ARM template or tables API. Consequently, it's not possible to modifying the table's default retention values before its creation. + +## AdditionalFields column + +Unlike other tables, **AzureDiagnostics** is much more susceptible to exceeding the 500 column limit imposed for any table in a Log Analytics workspace due to the wide assortment of Azure Resources capable of sending data to this table. To ensure that no data is lost due to the number of active columns exceeding this 500 column limit, AzureDiagnostics column creation is handled in a different manner to other tables. + +The AzureDiagnostics table in every workspace contains at a minimum, the same [200 columns](#columns). For workspaces created before January 19, 2021, the table also contain any columns that were already in place prior to this date. When data is sent to a column not already in place: + +- If the total number of columns in **AzureDiagnostics** in the current workspace does not exceed 500, a new column is created just like with any other table. +- If the total number of columns is at or above 500, the excess data is added to a dynamic property bag column called **AdditionalFields** as a property. + +### Example + +To illustrate this behavior, imagine that as of (deployment date) the AzureDiagnostics table in our workpsace looks as follows: + +| Column 1 | Column 2 | Column 3 | ... | Column 498 | +|:---|:---|:---|:---|:---| +| abc | def | 123 | ... | 456 | +| ... | ... | ... | ... | ... | + +A resource that sends data to **AzureDiagnostics** then adds a new dimension to their data that they call **NewInfo1**. Since the table still has less than 500 columns, the first time an event occurs that contains data for this new dimension adds a new column to the table: + +| Column 1 | Column 2 | Column 3 | ... | Column 498 | NewInfo1_s | +|:---|:---|:---|:---|:---|:---| +| abc | def | 123 | ... | 456 | xyz | +| ... | ... | ... | ... | ... | ... | + +You can return this new data in a simple query: + +```kusto +AzureDiagnostics | where NewInfo1_s == "xyz" +``` + +At a later date, another resource sends data to **AzureDiagnostics** that adds new dimensions called **NewInfo2** and **NewInfo3**. Because the table has reached 500 columns in this workspace, the new data goes into the **AdditionalFields** column: + +| Column 1 | Column 2 | Column 3 | ... | Column 498 | NewInfo1_s | AdditionalFields | +|:---|:---|:---|:---|:---|:---|:---| +| abc | def | 123 | ... | 456 | xyz | {"NewInfo2":"789","NewInfo3":"qwerty"} | +| ... | ... | ... | ... | ... | ... | ... | + +You can still query for this data,but you must extract it from the property bag using any of the dynamic property operators in KQL: + +```kusto +AzureDiagnostics +| where AdditionalFields.NewInfo2 == "789" and AdditionalFields.NewInfo3 == "qwerty" +``` + +### Tips on using the `AdditionalFields` column + +While general query best practices such as always filtering by time as the first clause in the query should be followed, there are some other recommendations you should consider when working with AdditionalFields: + +- You must to typecast data prior to performing further operations on it. For example, if a column exists called **Perf1Sec_i** as well as a property in **AdditionalFields** called **Perf2Sec**, and you want to calculate total perf by adding both values, use something like: `AzureDiagnostics | extend TotalPerfSec = Perf1Sec_i + toint(AdditionalFields.Perf2Sec) | ....`. +- Use [where](/azure/data-explorer/kusto/query/whereoperator) clauses to reduce the data volume to the smallest possible prior to writing any complex logic to significantly improve performance. **TimeGenerated** is one column that should always be reduced to the smallest possible window. In the case of **AzureDiagnostics**, an additional filter should also always be included at the top of the query around the resource types that are being queried using the **ResourceType** column. +- When querying very large volumes of data, it is sometimes more efficient to do a filter on **AdditionalFields** as a whole rather than parsing it. For example, for large volumes of data `AzureDiagnostics | where AdditionalFields has "Perf2Sec"` is often more efficient than `AzureDiagnostics | where isnotnull(toint(AdditionalFields.Perf2Sec))`. + +### Azure Diagnostics mode + +The following services use Azure diagnostics mode for their resource logs and send data to the Azure Diagnostics table. + +- Analysis Services +- Application Gateways +- Automation Accounts +- Azure Database for MariaDB servers +- Azure Database for MySQL servers +- Azure Database for PostgreSQL servers +- Azure Database for PostgreSQL servers v2 +- Batch accounts +- CDN profiles +- Cognitive Services +- Data Lake Analytics +- DataLake Storage Gen1 +- Device Provisioning Services +- Digital Twins +- Event Grid Topics +- Event Hubs +- ExpressRoute circuits +- Front Doors +- Integration accounts +- Key Vault +- Kubernetes services +- Load balancers +- Logic Apps +- Media services +- Network interfaces +- Network Security Groups +- P2S VPN Gateways +- Power BI Embedded +- Public IP addresses +- Recovery Services vaults(Site Recovery) +- Search services +- Service Bus +- SQL databases +- SQL managed Instances +- SQL servers +- Stream Analytics jobs +- Traffic Manager profiles +- Virtual networks +- Virtual network gateways +- VPN Gateways + +### Azure Diagnostics mode or resource-specific mode + +The following services use either Azure diagnostics mode or resource-specific mode for their resource logs depending on their configuration. When they use resource-specific mode, they do not send data to the AzureDiagnostics table. See [Azure resource logs](/azure/azure-monitor/platform/resource-logs) for details on this configuration. + +- API Management Services +- Azure Cosmos DB +- Data factories (V2) +- IoT Hub +- Recovery Services vaults(Backup) +- Firewalls + +## Categories + +- Azure Resources +- Security +- Network + +## Solutions + +- LogManagement + +## Resource types + +- Application Gateways +- CDN Profiles +- Azure Cosmos DB +- Event Grid Topics +- Event Hubs +- Firewalls +- Key Vaults +- Kubernetes Services +- Recovery Services Vaults +- Service Bus +- Azure Database for MySQL Flexible Servers +- Azure Database for PostgreSQL Flexible Servers +- Media Services +- Analysis Services +- Batch Accounts +- Cognitive Services +- Event Grid Partner Namespaces +- Event Grid Partner Topics +- Event Grid System Topics +- Azure Arc Enabled Kubernetes +- Azure Arc Provisioned Clusters +- IoT Hub +- Logic Apps +- API Management services +- Automation account +- Data factories +- Data Lake Storage Gen1 +- Data Lake Analytics +- Power BI Embedded +- SQL Managed Instances +- SQL Servers +- SQL Databases +- Azure Database for MySQL Servers +- Azure Database for PostgreSQL Servers +- Azure Database for PostgreSQL Servers V2 +- Azure Database for MariaDB Servers +- Device Provisioning Services +- ExpressRoute Circuits +- Front Doors +- Network Interfaces +- Network Security Groups +- Public IP Addresses +- Traffic Manager Profiles +- Virtual Network Gateways +- Virtual Private Network Gateways +- Virtual Networks +- Search Services +- Stream Analytics jobs + +## Columns + +|Column|Type|Description| +|---|---|---| +|action_id_s|String|| +|action_name_s|String|| +|action_s|String|| +|ActivityId_g|Guid|| +|AdditionalFields||| +|AdHocOrScheduledJob_s|String|| +|application_name_s|String|| +|audit_schema_version_d|Double|| +|avg_cpu_percent_s|String|| +|avg_mean_time_s|String|| +|backendHostname_s|String|| +|Caller_s|String|| +|callerId_s|String|| +|CallerIPAddress|String|| +|calls_s|String|| +|Category|String|| +|client_ip_s|String|| +|clientInfo_s|String|| +|clientIP_s|String|| +|clientIp_s|String|| +|clientIpAddress_s|String|| +|clientPort_d|Double|| +|code_s|String|| +|collectionName_s|String|| +|conditions_destinationIP_s|String|| +|conditions_destinationPortRange_s|String|| +|conditions_None_s|String|| +|conditions_protocols_s|String|| +|conditions_sourceIP_s|String|| +|conditions_sourcePortRange_s|String|| +|CorrelationId|String|| +|count_executions_d|Double|| +|cpu_time_d|Double|| +|database_name_s|String|| +|database_principal_name_s|String|| +|DatabaseName_s|String|| +|db_id_s|String|| +|direction_s|String|| +|dop_d|Double|| +|duration_d|Double|| +|duration_milliseconds_d|Double|| +|DurationMs|BigInt|| +|ElasticPoolName_s|String|| +|endTime_t|DateTime|| +|Environment_s|String|| +|error_code_s|String|| +|error_message_s|String|| +|errorLevel_s|String|| +|event_class_s|String|| +|event_s|String|| +|event_subclass_s|String|| +|event_time_t|DateTime|| +|EventName_s|String|| +|execution_type_d|Double|| +|executionInfo_endTime_t|DateTime|| +|executionInfo_exitCode_d|Double|| +|executionInfo_startTime_t|DateTime|| +|host_s|String|| +|httpMethod_s|String|| +|httpStatus_d|Double|| +|httpStatusCode_d|Double|| +|httpStatusCode_s|String|| +|httpVersion_s|String|| +|id_s|String|| +|identity_claim_appid_g|Guid|| +|identity_claim_ipaddr_s|String|| +|instanceId_s|String|| +|interval_end_time_d|Double|| +|interval_start_time_d|Double|| +|ip_s|String|| +|is_column_permission_s|String|| +|isAccessPolicyMatch_b|Bool|| +|JobDurationInSecs_s|String|| +|JobFailureCode_s|String|| +|JobId_g|Guid|| +|jobId_s|String|| +|JobOperation_s|String|| +|JobOperationSubType_s|String|| +|JobStartDateTime_s|String|| +|JobStatus_s|String|| +|JobUniqueId_g|Guid|| +|Level|String|| +|log_bytes_used_d|Double|| +|logical_io_reads_d|Double|| +|logical_io_writes_d|Double|| +|LogicalServerName_s|String|| +|macAddress_s|String|| +|matchedConnections_d|Double|| +|max_cpu_time_d|Double|| +|max_dop_d|Double|| +|max_duration_d|Double|| +|max_log_bytes_used_d|Double|| +|max_logical_io_reads_d|Double|| +|max_logical_io_writes_d|Double|| +|max_num_physical_io_reads_d|Double|| +|max_physical_io_reads_d|Double|| +|max_query_max_used_memory_d|Double|| +|max_rowcount_d|Double|| +|max_time_s|String|| +|mean_time_s|String|| +|Message|String|| +|min_time_s|String|| +|msg_s|String|| +|num_physical_io_reads_d|Double|| +|object_id_d|Double|| +|object_name_s|String|| +|OperationName|String|| +|OperationVersion|String|| +|partitionKey_s|String|| +|physical_io_reads_d|Double|| +|plan_id_d|Double|| +|policy_s|String|| +|policyMode_s|String|| +|primaryIPv4Address_s|String|| +|priority_d|Double|| +|properties_enabledForDeployment_b|Bool|| +|properties_enabledForDiskEncryption_b|Bool|| +|properties_enabledForTemplateDeployment_b|Bool|| +|properties_s|String|| +|properties_sku_Family_s|String|| +|properties_sku_Name_s|String|| +|properties_tenantId_g|Guid|| +|query_hash_s|String|| +|query_id_d|Double|| +|query_max_used_memory_d|Double|| +|query_plan_hash_s|String|| +|query_time_d|Double|| +|querytext_s|String|| +|receivedBytes_d|Double|| +|Region_s|String|| +|requestCharge_s|String|| +|requestQuery_s|String|| +|requestResourceId_s|String|| +|requestResourceType_s|String|| +|requestUri_s|String|| +|reserved_storage_mb_s|String|| +|Resource|String|| +|resource_actionName_s|String|| +|resource_location_s|String|| +|resource_originRunId_s|String|| +|resource_resourceGroupName_s|String|| +|resource_runId_s|String|| +|resource_subscriptionId_g|Guid|| +|resource_triggerName_s|String|| +|resource_workflowId_g|Guid|| +|resource_workflowName_s|String|| +|ResourceGroup|String|| +|_ResourceId|String|A unique identifier for the resource that the record is associated with| +|ResourceProvider|String|| +|ResourceProvider|String|| +|ResourceType|String|| +|ResourceType|String|| +|response_rows_d|Double|| +|resultCode_s|String|| +|ResultDescription|String|| +|ResultDescription|String|| +|resultDescription_ChildJobs_s|String|| +|resultDescription_ErrorJobs_s|String|| +|resultMessage_s|String|| +|ResultSignature|String|| +|ResultType|String|| +|ResultType|String|| +|rootCauseAnalysis_s|String|| +|routingRuleName_s|String|| +|rowcount_d|Double|| +|ruleName_s|String|| +|RunbookName_s|String|| +|RunOn_s|String|| +|schema_name_s|String|| +|sentBytes_d|Double|| +|sequence_group_id_g|Guid|| +|sequence_number_d|Double|| +|server_principal_sid_s|String|| +|session_id_d|Double|| diff --git a/articles/azure-monitor/reference/tables/azureloadtestingoperation.md b/articles/azure-monitor/reference/tables/azureloadtestingoperation.md new file mode 100644 index 0000000000..5e17dcd1a4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azureloadtestingoperation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureLoadTestingOperation +description: Reference for AzureLoadTestingOperation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureLoadTestingOperation + +Details about the operations which are performed on the Azure Load Testing resource. For example, operations like creation of a Test, Test run etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.loadtestservice/loadtests| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azureloadtestingoperation)| + + + +## Columns + +[!INCLUDE [azureloadtestingoperation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azureloadtestingoperation-include.md)] diff --git a/articles/azure-monitor/reference/tables/azuremetrics.md b/articles/azure-monitor/reference/tables/azuremetrics.md new file mode 100644 index 0000000000..93fef80e81 --- /dev/null +++ b/articles/azure-monitor/reference/tables/azuremetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - AzureMetrics +description: Reference for AzureMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# AzureMetrics + +Metric data emitted by Azure services that measure their health and performance. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.aad/domainservices,
microsoft.apimanagement/service,
microsoft.network/applicationgateways,
microsoft.servicenetworking/trafficcontrollers,
microsoft.web/sites,
microsoft.kubernetes/connectedclusters,
microsoft.cache/redis,
microsoft.hardwaresecuritymodules/cloudhsmclusters,
microsoft.communication/communicationservices,
microsoft.documentdb/databaseaccounts,
microsoft.datacollaboration/workspaces,
microsoft.eventgrid/namespaces,
microsoft.eventgrid/topics,
microsoft.eventhub/namespaces,
microsoft.network/azurefirewalls,
microsoft.keyvault/vaults,
microsoft.containerservice/managedclusters,
microsoft.managednetworkfabric/networkdevices,
microsoft.networkcloud/baremetalmachines,
microsoft.networkcloud/clustermanagers,
microsoft.networkcloud/clusters,
microsoft.networkcloud/storageappliances,
microsoft.relay/namespaces,
microsoft.servicebus/namespaces,
microsoft.networkfunction/azuretrafficcollectors,
microsoft.network/networkmanagers,
microsoft.cognitiveservices/accounts,
microsoft.connectedcache/cachenodes,
microsoft.connectedvehicle/platformaccounts,
microsoft.databricks/workspaces,
microsoft.dbformysql/flexibleservers,
microsoft.dbforpostgresql/flexibleservers,
microsoft.dbforpostgresql/servergroupsv2,
microsoft.devcenter/devcenters,
microsoft.compute/virtualmachines,
microsoft.machinelearningservices/workspaces,
microsoft.media/mediaservices,
microsoft.azureplaywrightservice/accounts,
microsoft.networkanalytics/dataproducts,
microsoft.storage/storageaccounts,
microsoft.storagecache/amlfilesytems,
microsoft.storagemover/storagemovers,
microsoft.synapse/workspaces,
microsoft.desktopvirtualization/hostpools,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces,
microsoft.timeseriesinsights/environments,
microsoft.workloadmonitor/monitors,
microsoft.analysisservices/servers,
microsoft.batch/batchaccounts,
microsoft.appplatform/spring,
microsoft.signalrservice/signalr,
microsoft.containerregistry/registries,
microsoft.kusto/clusters,
microsoft.blockchain/blockchainmembers,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnernamespaces,
microsoft.eventgrid/partnertopics,
microsoft.eventgrid/systemtopics,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters,
microsoft.insights/autoscalesettings,
microsoft.devices/iothubs,
microsoft.servicefabric/clusters,
microsoft.logic/workflows,
microsoft.automation/automationaccounts,
microsoft.datafactory/factories,
microsoft.datalakestore/accounts,
microsoft.datalakeanalytics/accounts,
microsoft.powerbidedicated/capacities,
microsoft.datashare/accounts,
microsoft.sql/managedinstances,
microsoft.sql/servers,
microsoft.sql/servers/databases,
microsoft.dbformysql/servers,
microsoft.dbforpostgresql/servers,
microsoft.dbforpostgresql/serversv2,
microsoft.dbformariadb/servers,
microsoft.devices/provisioningservices,
microsoft.network/expressroutecircuits,
microsoft.network/frontdoors,
microsoft.network/networkinterfaces,
microsoft.network/networksecuritygroups,
microsoft.network/publicipaddresses,
microsoft.network/trafficmanagerprofiles,
microsoft.network/virtualnetworkgateways,
microsoft.network/vpngateways,
microsoft.network/virtualnetworks,
microsoft.search/searchservices,
microsoft.streamanalytics/streamingjobs,
microsoft.network/bastionhosts,
microsoft.healthcareapis/services| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/azuremetrics)| + + + +## Columns + +[!INCLUDE [azuremetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azuremetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/behavioranalytics.md b/articles/azure-monitor/reference/tables/behavioranalytics.md new file mode 100644 index 0000000000..fa1e1e494e --- /dev/null +++ b/articles/azure-monitor/reference/tables/behavioranalytics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - BehaviorAnalytics +description: Reference for BehaviorAnalytics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# BehaviorAnalytics + +This table stores the enriched events for Sentinel UEBA, providing behavior analytics over raw data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| BehaviorAnalyticsInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [behavioranalytics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/behavioranalytics-include.md)] diff --git a/articles/azure-monitor/reference/tables/blockchainapplicationlog.md b/articles/azure-monitor/reference/tables/blockchainapplicationlog.md new file mode 100644 index 0000000000..d8399c7dc4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/blockchainapplicationlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - BlockchainApplicationLog +description: Reference for BlockchainApplicationLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# BlockchainApplicationLog + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.blockchain/blockchainmembers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [blockchainapplicationlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/blockchainapplicationlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/blockchainproxylog.md b/articles/azure-monitor/reference/tables/blockchainproxylog.md new file mode 100644 index 0000000000..3d68b9f0af --- /dev/null +++ b/articles/azure-monitor/reference/tables/blockchainproxylog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - BlockchainProxyLog +description: Reference for BlockchainProxyLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# BlockchainProxyLog + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.blockchain/blockchainmembers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [blockchainproxylog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/blockchainproxylog-include.md)] diff --git a/articles/azure-monitor/reference/tables/cassandraaudit.md b/articles/azure-monitor/reference/tables/cassandraaudit.md new file mode 100644 index 0000000000..0a353d0adf --- /dev/null +++ b/articles/azure-monitor/reference/tables/cassandraaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CassandraAudit +description: Reference for CassandraAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CassandraAudit + +Detailed audit records for CQL operations and login attempts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/cassandraclusters| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cassandraaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cassandraaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/cassandralogs.md b/articles/azure-monitor/reference/tables/cassandralogs.md new file mode 100644 index 0000000000..84d67552de --- /dev/null +++ b/articles/azure-monitor/reference/tables/cassandralogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CassandraLogs +description: Reference for CassandraLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CassandraLogs + +Cassandra general logging messages (system.log). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/cassandraclusters| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/cassandralogs)| + + + +## Columns + +[!INCLUDE [cassandralogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cassandralogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ccfapplicationlogs.md b/articles/azure-monitor/reference/tables/ccfapplicationlogs.md new file mode 100644 index 0000000000..6ebf427447 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ccfapplicationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CCFApplicationLogs +description: Reference for CCFApplicationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CCFApplicationLogs + +Contains the logs generated in the CCF application. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.confidentialledger/managedccfs| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ccfapplicationlogs)| + + + +## Columns + +[!INCLUDE [ccfapplicationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ccfapplicationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbcassandrarequests.md b/articles/azure-monitor/reference/tables/cdbcassandrarequests.md new file mode 100644 index 0000000000..dbfa6925e7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbcassandrarequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBCassandraRequests +description: Reference for CDBCassandraRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBCassandraRequests + +This table details data plane operations, specifically for Cassandra API accounts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbcassandrarequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbcassandrarequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbcontrolplanerequests.md b/articles/azure-monitor/reference/tables/cdbcontrolplanerequests.md new file mode 100644 index 0000000000..f7ec1f1bde --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbcontrolplanerequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBControlPlaneRequests +description: Reference for CDBControlPlaneRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBControlPlaneRequests + +This table details all control plane operations executed on the account, which include modifications to the regional failover policy, indexing policy, IAM role assignments, backup/restore policies, VNet and firewall rules, private links as well as updates and deletes of the account. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbcontrolplanerequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbcontrolplanerequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbdataplanerequests.md b/articles/azure-monitor/reference/tables/cdbdataplanerequests.md new file mode 100644 index 0000000000..c8279abe2a --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbdataplanerequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBDataPlaneRequests +description: Reference for CDBDataPlaneRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBDataPlaneRequests + +The DataPlaneRequests table captures every data plane operation for the Cosmos DB account. Data Plane requests are operations executed to create, update, delete or retrieve data within the account. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbdataplanerequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbdataplanerequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbgremlinrequests.md b/articles/azure-monitor/reference/tables/cdbgremlinrequests.md new file mode 100644 index 0000000000..7c3fd92c0a --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbgremlinrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBGremlinRequests +description: Reference for CDBGremlinRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBGremlinRequests + +This table details data plane operations, specifically for Graph API accounts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbgremlinrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbgremlinrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbmongorequests.md b/articles/azure-monitor/reference/tables/cdbmongorequests.md new file mode 100644 index 0000000000..1d3313e8f1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbmongorequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBMongoRequests +description: Reference for CDBMongoRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBMongoRequests + +This table details data plane operations, specifically for Mongo API accounts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbmongorequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbmongorequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbpartitionkeyruconsumption.md b/articles/azure-monitor/reference/tables/cdbpartitionkeyruconsumption.md new file mode 100644 index 0000000000..a3cbb4675a --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbpartitionkeyruconsumption.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBPartitionKeyRUConsumption +description: Reference for CDBPartitionKeyRUConsumption table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBPartitionKeyRUConsumption + +This table details the RU (Request Unit) consumption for logical partition keys in each region, within each of their physical partitions. This data can be used to identify hot partitions from a request volume perspective. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbpartitionkeyruconsumption](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbpartitionkeyruconsumption-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbpartitionkeystatistics.md b/articles/azure-monitor/reference/tables/cdbpartitionkeystatistics.md new file mode 100644 index 0000000000..ec1ef44fe7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbpartitionkeystatistics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBPartitionKeyStatistics +description: Reference for CDBPartitionKeyStatistics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBPartitionKeyStatistics + +This table provides outlier logical partition keys that have consumed more storage space than others. Statistics are based on a sub-sampling of partition keys within the collection and hence these are approximate. Partition keys that are below 1GB of storage may not show up in the reported statistics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbpartitionkeystatistics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbpartitionkeystatistics-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbqueryruntimestatistics.md b/articles/azure-monitor/reference/tables/cdbqueryruntimestatistics.md new file mode 100644 index 0000000000..3a46079c11 --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbqueryruntimestatistics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBQueryRuntimeStatistics +description: Reference for CDBQueryRuntimeStatistics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBQueryRuntimeStatistics + +This table details query operations executed against a SQL API account. By default, the query text and its parameters are obfuscated to avoid logging PII data with full text query logging available by request. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbqueryruntimestatistics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbqueryruntimestatistics-include.md)] diff --git a/articles/azure-monitor/reference/tables/cdbtableapirequests.md b/articles/azure-monitor/reference/tables/cdbtableapirequests.md new file mode 100644 index 0000000000..4113672aed --- /dev/null +++ b/articles/azure-monitor/reference/tables/cdbtableapirequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CDBTableApiRequests +description: Reference for CDBTableApiRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CDBTableApiRequests + +This table details data plane operations, specifically for Table API accounts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/databaseaccounts| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [cdbtableapirequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cdbtableapirequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/chaosstudioexperimenteventlogs.md b/articles/azure-monitor/reference/tables/chaosstudioexperimenteventlogs.md new file mode 100644 index 0000000000..9c920502ea --- /dev/null +++ b/articles/azure-monitor/reference/tables/chaosstudioexperimenteventlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ChaosStudioExperimentEventLogs +description: Reference for ChaosStudioExperimentEventLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ChaosStudioExperimentEventLogs + +Chao Studio Experiment Orchestration events. Displays Start/Stop events of each Step/Branch/Action in experiment runs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.chaos/experiments| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/chaosstudioexperimenteventlogs)| + + + +## Columns + +[!INCLUDE [chaosstudioexperimenteventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/chaosstudioexperimenteventlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md b/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md new file mode 100644 index 0000000000..a4694c5311 --- /dev/null +++ b/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CHSMManagementAuditLogs +description: Reference for CHSMManagementAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CHSMManagementAuditLogs + +This table contains audit logs retrieved from your Azure CloudHsm resource's HSM partitions. These logs captures all management operations performed by Customer over E2E channel on each HSM partition of that CloudHsm resource. They can be used to monitor events and configure necessary alerts on your CloudHsm resource. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hardwaresecuritymodules/cloudhsmclusters| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/chsmmanagementauditlogs)| + + + +## Columns + +[!INCLUDE [chsmmanagementauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/chsmmanagementauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md b/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md new file mode 100644 index 0000000000..38c3c60e4d --- /dev/null +++ b/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CHSMServiceOperationAuditLogs +description: Reference for CHSMServiceOperationAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CHSMServiceOperationAuditLogs + +This table contains HSM Commands send to your Azure Cloud HSM resource's HSM partitions. These logs captures all service operations performed by Customer over E2E channel on each HSM partition of that Cloud HSM resource. They can be used to monitor events and configure necessary alerts on your Cloud HSM resource. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hardwaresecuritymodules/cloudhsmclusters| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/chsmserviceoperationauditlogs)| + + + +## Columns + +[!INCLUDE [chsmserviceoperationauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/chsmserviceoperationauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/cieventsaudit.md b/articles/azure-monitor/reference/tables/cieventsaudit.md new file mode 100644 index 0000000000..1adb10476d --- /dev/null +++ b/articles/azure-monitor/reference/tables/cieventsaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CIEventsAudit +description: Reference for CIEventsAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CIEventsAudit + +All API requests in the context of the Customer Insights instance, for example all user actions while configuring and using the instance. POST|PUT|DELETE|PATCH operations go into this category. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.d365customerinsights/instances| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/cieventsaudit)| + + + +## Columns + +[!INCLUDE [cieventsaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cieventsaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/cieventsoperational.md b/articles/azure-monitor/reference/tables/cieventsoperational.md new file mode 100644 index 0000000000..fbf65ed4b6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/cieventsoperational.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CIEventsOperational +description: Reference for CIEventsOperational table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CIEventsOperational + +Events generated using the service, for example GET requests or the execution events of a workflow. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.d365customerinsights/instances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/cieventsoperational)| + + + +## Columns + +[!INCLUDE [cieventsoperational](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cieventsoperational-include.md)] diff --git a/articles/azure-monitor/reference/tables/cloudappevents.md b/articles/azure-monitor/reference/tables/cloudappevents.md new file mode 100644 index 0000000000..6771cf7c0a --- /dev/null +++ b/articles/azure-monitor/reference/tables/cloudappevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CloudAppEvents +description: Reference for CloudAppEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CloudAppEvents + +Information about activities in various cloud apps and services covered by Microsoft Cloud App Security. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/cloudappevents)| + + + +## Columns + +[!INCLUDE [cloudappevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/cloudappevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/commonsecuritylog.md b/articles/azure-monitor/reference/tables/commonsecuritylog.md new file mode 100644 index 0000000000..17b1179e7f --- /dev/null +++ b/articles/azure-monitor/reference/tables/commonsecuritylog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CommonSecurityLog +description: Reference for CommonSecurityLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CommonSecurityLog + +This table is for collecting events in the Common Event Format, that are most often sent from different security appliances such as Check Point, Palo Alto and more. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.securityinsights/cef,
microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Security| +|**Solutions**| Security, SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/commonsecuritylog)| + + + +## Columns + +[!INCLUDE [commonsecuritylog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/commonsecuritylog-include.md)] diff --git a/articles/azure-monitor/reference/tables/computergroup.md b/articles/azure-monitor/reference/tables/computergroup.md new file mode 100644 index 0000000000..7a5796fd5a --- /dev/null +++ b/articles/azure-monitor/reference/tables/computergroup.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ComputerGroup +description: Reference for ComputerGroup table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ComputerGroup + +Computer groups that can be used to scope log queries to a set of computers. Includes the computers in each group. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Azure Monitor, Virtual Machines, IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [computergroup](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/computergroup-include.md)] diff --git a/articles/azure-monitor/reference/tables/confidentialwatchlist.md b/articles/azure-monitor/reference/tables/confidentialwatchlist.md new file mode 100644 index 0000000000..0067007624 --- /dev/null +++ b/articles/azure-monitor/reference/tables/confidentialwatchlist.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ConfidentialWatchlist +description: Reference for ConfidentialWatchlist table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ConfidentialWatchlist + +Azure Sentinel confidential Watchlist contains imported data from CSV files that can be used to join or filter as an alert/incident condition. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/confidentialwatchlist)| + + + +## Columns + +[!INCLUDE [confidentialwatchlist](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/confidentialwatchlist-include.md)] diff --git a/articles/azure-monitor/reference/tables/configurationchange.md b/articles/azure-monitor/reference/tables/configurationchange.md new file mode 100644 index 0000000000..88a03eff82 --- /dev/null +++ b/articles/azure-monitor/reference/tables/configurationchange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ConfigurationChange +description: Reference for ConfigurationChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ConfigurationChange + +View changes to in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|IT & Management Tools| +|**Solutions**| ChangeTracking| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/configurationchange)| + + + +## Columns + +[!INCLUDE [configurationchange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/configurationchange-include.md)] diff --git a/articles/azure-monitor/reference/tables/configurationdata.md b/articles/azure-monitor/reference/tables/configurationdata.md new file mode 100644 index 0000000000..1ac08cc6c0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/configurationdata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ConfigurationData +description: Reference for ConfigurationData table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ConfigurationData + +View the last reported state for in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|IT & Management Tools| +|**Solutions**| ChangeTracking| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/configurationdata)| + + + +## Columns + +[!INCLUDE [configurationdata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/configurationdata-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerappconsolelogs.md b/articles/azure-monitor/reference/tables/containerappconsolelogs.md new file mode 100644 index 0000000000..67b22b392b --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerappconsolelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerAppConsoleLogs +description: Reference for ContainerAppConsoleLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerAppConsoleLogs + +Logs generated by Container Apps within a Container App Environment. This includes logs generated on the stdout or stderr streams by all containers in the app. It also includes all Dapr sidecar container logs but does not include any system or platform level logs produced by the Container App Environment itself. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.app/managedenvironments| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerappconsolelogs)| + + + +## Columns + +[!INCLUDE [containerappconsolelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerappconsolelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerappsystemlogs.md b/articles/azure-monitor/reference/tables/containerappsystemlogs.md new file mode 100644 index 0000000000..fbd19435cf --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerappsystemlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerAppSystemLogs +description: Reference for ContainerAppSystemLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerAppSystemLogs + +Platform Logs generated by a Container App Environment. These logs are generated by system components and any underlying infrastructure. Events related to revision management, Dapr, Keda and Envoy can be found here. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.app/managedenvironments| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [containerappsystemlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerappsystemlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerevent.md b/articles/azure-monitor/reference/tables/containerevent.md new file mode 100644 index 0000000000..608aa17298 --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerEvent +description: Reference for ContainerEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerEvent + +Container Event Customer Logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerinstance/containergroups| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [containerevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerimageinventory.md b/articles/azure-monitor/reference/tables/containerimageinventory.md new file mode 100644 index 0000000000..5ceb38ff1f --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerimageinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerImageInventory +description: Reference for ContainerImageInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerImageInventory + +Inventory of container images and their attributes that were discovered by the agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights, Containers| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerimageinventory)| + + + +## Columns + +[!INCLUDE [containerimageinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerimageinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerinstancelog.md b/articles/azure-monitor/reference/tables/containerinstancelog.md new file mode 100644 index 0000000000..4d31af94ae --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerinstancelog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerInstanceLog +description: Reference for ContainerInstanceLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerInstanceLog + +Container Instance Customer Logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerinstance/containergroups| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [containerinstancelog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerinstancelog-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerinventory.md b/articles/azure-monitor/reference/tables/containerinventory.md new file mode 100644 index 0000000000..987192dedd --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerInventory +description: Reference for ContainerInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerInventory + +Inventory of containers and their attributes that are monitored by the agent + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights, Containers| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerinventory)| + + + +## Columns + +[!INCLUDE [containerinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerlog.md b/articles/azure-monitor/reference/tables/containerlog.md new file mode 100644 index 0000000000..e35f75fb8a --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerLog +description: Reference for ContainerLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerLog + +Log lines collected from stdout and stderr streams for containers. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers, Applications| +|**Solutions**| AzureResources, ContainerInsights, Containers| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerlog)| + + + +## Columns + +[!INCLUDE [containerlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerlogv2.md b/articles/azure-monitor/reference/tables/containerlogv2.md new file mode 100644 index 0000000000..a596c32f0d --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerlogv2.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerLogV2 +description: Reference for ContainerLogV2 table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerLogV2 + +Kubernetes Container logs in V2 schema. This is the successor of ContainerLog. This has a friendlier schema, specifically for Kubernetes orchestrated containers in pods. With this feature enabled, previously split container logs are stitched together and sent as single entries to the ContainerLogV2 table. The schema now supports container log lines of up to to 64 KB. The schema also supports .NET and Go stack traces, which appear as single entries. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerservice/managedclusters,
microsoft.kubernetes/connectedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerlogv2)| + + + +## Columns + +[!INCLUDE [containerlogv2](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerlogv2-include.md)] diff --git a/articles/azure-monitor/reference/tables/containernodeinventory.md b/articles/azure-monitor/reference/tables/containernodeinventory.md new file mode 100644 index 0000000000..26f8920a7f --- /dev/null +++ b/articles/azure-monitor/reference/tables/containernodeinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerNodeInventory +description: Reference for ContainerNodeInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerNodeInventory + +Table that stores Container host/node information + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containernodeinventory)| + + + +## Columns + +[!INCLUDE [containernodeinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containernodeinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerregistryloginevents.md b/articles/azure-monitor/reference/tables/containerregistryloginevents.md new file mode 100644 index 0000000000..647c6caa7d --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerregistryloginevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerRegistryLoginEvents +description: Reference for ContainerRegistryLoginEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerRegistryLoginEvents + +Azure Container Registry Login Auditing Logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerregistry/registries| +|**Categories**|Containers| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerregistryloginevents)| + + + +## Columns + +[!INCLUDE [containerregistryloginevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerregistryloginevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerregistryrepositoryevents.md b/articles/azure-monitor/reference/tables/containerregistryrepositoryevents.md new file mode 100644 index 0000000000..9a77fd7c6e --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerregistryrepositoryevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerRegistryRepositoryEvents +description: Reference for ContainerRegistryRepositoryEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerRegistryRepositoryEvents + +Azure Container Registry Repository Auditing Logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.containerregistry/registries| +|**Categories**|Containers| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerregistryrepositoryevents)| + + + +## Columns + +[!INCLUDE [containerregistryrepositoryevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerregistryrepositoryevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/containerservicelog.md b/articles/azure-monitor/reference/tables/containerservicelog.md new file mode 100644 index 0000000000..b6bad9dba4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/containerservicelog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ContainerServiceLog +description: Reference for ContainerServiceLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ContainerServiceLog + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights, Containers| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/containerservicelog)| + + + +## Columns + +[!INCLUDE [containerservicelog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/containerservicelog-include.md)] diff --git a/articles/azure-monitor/reference/tables/coreazurebackup.md b/articles/azure-monitor/reference/tables/coreazurebackup.md new file mode 100644 index 0000000000..c9c82c1864 --- /dev/null +++ b/articles/azure-monitor/reference/tables/coreazurebackup.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - CoreAzureBackup +description: Reference for CoreAzureBackup table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# CoreAzureBackup + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.recoveryservices/vaults| +|**Categories**|IT & Management Tools, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/coreazurebackup)| + + + +## Columns + +[!INCLUDE [coreazurebackup](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/coreazurebackup-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksaccounts.md b/articles/azure-monitor/reference/tables/databricksaccounts.md new file mode 100644 index 0000000000..ed3f32fe87 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksaccounts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksAccounts +description: Reference for DatabricksAccounts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksAccounts + +Databricks Accounts audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksaccounts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksaccounts-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksbrickstorehttpgateway.md b/articles/azure-monitor/reference/tables/databricksbrickstorehttpgateway.md new file mode 100644 index 0000000000..94f268c89d --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksbrickstorehttpgateway.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksBrickStoreHttpGateway +description: Reference for DatabricksBrickStoreHttpGateway table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksBrickStoreHttpGateway + +Contains Databricks Brick Store Http Gateway logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksbrickstorehttpgateway](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksbrickstorehttpgateway-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickscapsule8dataplane.md b/articles/azure-monitor/reference/tables/databrickscapsule8dataplane.md new file mode 100644 index 0000000000..e8423742ee --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickscapsule8dataplane.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksCapsule8Dataplane +description: Reference for DatabricksCapsule8Dataplane table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksCapsule8Dataplane + +Audit logs for Databricks service capsule8-alerts-dataplane. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickscapsule8dataplane](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickscapsule8dataplane-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksclamavscan.md b/articles/azure-monitor/reference/tables/databricksclamavscan.md new file mode 100644 index 0000000000..a52db52f83 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksclamavscan.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksClamAVScan +description: Reference for DatabricksClamAVScan table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksClamAVScan + +Audit logs for Databricks clamav scan service + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksclamavscan](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksclamavscan-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickscloudstoragemetadata.md b/articles/azure-monitor/reference/tables/databrickscloudstoragemetadata.md new file mode 100644 index 0000000000..d8f40f826d --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickscloudstoragemetadata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksCloudStorageMetadata +description: Reference for DatabricksCloudStorageMetadata table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksCloudStorageMetadata + +Contains Databricks Cloud Storage Metadata logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickscloudstoragemetadata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickscloudstoragemetadata-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksclusterlibraries.md b/articles/azure-monitor/reference/tables/databricksclusterlibraries.md new file mode 100644 index 0000000000..0cf1a93783 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksclusterlibraries.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksClusterLibraries +description: Reference for DatabricksClusterLibraries table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksClusterLibraries + +Audit logs for actions taken on cluster libraries in Databricks. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksclusterlibraries](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksclusterlibraries-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksclusters.md b/articles/azure-monitor/reference/tables/databricksclusters.md new file mode 100644 index 0000000000..f4e5318866 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksclusters.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksClusters +description: Reference for DatabricksClusters table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksClusters + +Databricks Clusters audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksclusters](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksclusters-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksdashboards.md b/articles/azure-monitor/reference/tables/databricksdashboards.md new file mode 100644 index 0000000000..3a88ed9abb --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksdashboards.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksDashboards +description: Reference for DatabricksDashboards table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksDashboards + +Contains Databricks Dashboards logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksdashboards](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksdashboards-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksdatabrickssql.md b/articles/azure-monitor/reference/tables/databricksdatabrickssql.md new file mode 100644 index 0000000000..352072796c --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksdatabrickssql.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksDatabricksSQL +description: Reference for DatabricksDatabricksSQL table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksDatabricksSQL + +Databricks databrickssql audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksdatabrickssql](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksdatabrickssql-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksdatamonitoring.md b/articles/azure-monitor/reference/tables/databricksdatamonitoring.md new file mode 100644 index 0000000000..0f70257fe1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksdatamonitoring.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksDataMonitoring +description: Reference for DatabricksDataMonitoring table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksDataMonitoring + +Contains Databricks Data Monitoring logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksdatamonitoring](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksdatamonitoring-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksdbfs.md b/articles/azure-monitor/reference/tables/databricksdbfs.md new file mode 100644 index 0000000000..7351ed489f --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksdbfs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksDBFS +description: Reference for DatabricksDBFS table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksDBFS + +Databricks DBFS audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksdbfs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksdbfs-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksdeltapipelines.md b/articles/azure-monitor/reference/tables/databricksdeltapipelines.md new file mode 100644 index 0000000000..2ff8d61360 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksdeltapipelines.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksDeltaPipelines +description: Reference for DatabricksDeltaPipelines table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksDeltaPipelines + +Databricks delta pipelines audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksdeltapipelines](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksdeltapipelines-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksfeaturestore.md b/articles/azure-monitor/reference/tables/databricksfeaturestore.md new file mode 100644 index 0000000000..5bf0707dc4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksfeaturestore.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksFeatureStore +description: Reference for DatabricksFeatureStore table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksFeatureStore + +Audit logs for events related to Databricks ML Feature Store operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksfeaturestore](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksfeaturestore-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksfilesystem.md b/articles/azure-monitor/reference/tables/databricksfilesystem.md new file mode 100644 index 0000000000..8a9f66c01b --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksfilesystem.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksFilesystem +description: Reference for DatabricksFilesystem table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksFilesystem + +Contains Databricks Filesystem logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksfilesystem](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksfilesystem-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksgenie.md b/articles/azure-monitor/reference/tables/databricksgenie.md new file mode 100644 index 0000000000..b0fcf387b8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksgenie.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksGenie +description: Reference for DatabricksGenie table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksGenie + +Audit logs for Databricks workspaces customer support access events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksgenie](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksgenie-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksgitcredentials.md b/articles/azure-monitor/reference/tables/databricksgitcredentials.md new file mode 100644 index 0000000000..786be406d5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksgitcredentials.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksGitCredentials +description: Reference for DatabricksGitCredentials table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksGitCredentials + +Databricks Git credentials audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksgitcredentials](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksgitcredentials-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksglobalinitscripts.md b/articles/azure-monitor/reference/tables/databricksglobalinitscripts.md new file mode 100644 index 0000000000..1dbbe93f40 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksglobalinitscripts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksGlobalInitScripts +description: Reference for DatabricksGlobalInitScripts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksGlobalInitScripts + +Audit logs for events related to creation, modification etc. of Databricks cluster global init scripts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksglobalinitscripts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksglobalinitscripts-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksiamrole.md b/articles/azure-monitor/reference/tables/databricksiamrole.md new file mode 100644 index 0000000000..d12202ba45 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksiamrole.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksIAMRole +description: Reference for DatabricksIAMRole table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksIAMRole + +Audit logs for events of changing IAM role ACLs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksiamrole](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksiamrole-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksingestion.md b/articles/azure-monitor/reference/tables/databricksingestion.md new file mode 100644 index 0000000000..721b42ca31 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksingestion.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksIngestion +description: Reference for DatabricksIngestion table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksIngestion + +Contains Databricks Ingestion logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksingestion](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksingestion-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksinstancepools.md b/articles/azure-monitor/reference/tables/databricksinstancepools.md new file mode 100644 index 0000000000..6f339c2074 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksinstancepools.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksInstancePools +description: Reference for DatabricksInstancePools table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksInstancePools + +Databricks Instance Pools audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksinstancepools](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksinstancepools-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksjobs.md b/articles/azure-monitor/reference/tables/databricksjobs.md new file mode 100644 index 0000000000..6015a17239 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksjobs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksJobs +description: Reference for DatabricksJobs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksJobs + +Databricks Jobs audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksjobs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksjobs-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickslineagetracking.md b/articles/azure-monitor/reference/tables/databrickslineagetracking.md new file mode 100644 index 0000000000..5f85ef27d6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickslineagetracking.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksLineageTracking +description: Reference for DatabricksLineageTracking table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksLineageTracking + +Contains Databricks Lineage Tracking logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickslineagetracking](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickslineagetracking-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksmarketplaceconsumer.md b/articles/azure-monitor/reference/tables/databricksmarketplaceconsumer.md new file mode 100644 index 0000000000..efdd16b41f --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksmarketplaceconsumer.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksMarketplaceConsumer +description: Reference for DatabricksMarketplaceConsumer table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksMarketplaceConsumer + +Contains Databricks Marketplace Consumer logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksmarketplaceconsumer](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksmarketplaceconsumer-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksmlflowacledartifact.md b/articles/azure-monitor/reference/tables/databricksmlflowacledartifact.md new file mode 100644 index 0000000000..55b4def4df --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksmlflowacledartifact.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksMLflowAcledArtifact +description: Reference for DatabricksMLflowAcledArtifact table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksMLflowAcledArtifact + +Audit logs for events of reading and writing Databricks MLflow ACLed artifacts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksmlflowacledartifact](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksmlflowacledartifact-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksmlflowexperiment.md b/articles/azure-monitor/reference/tables/databricksmlflowexperiment.md new file mode 100644 index 0000000000..5d4c449cb3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksmlflowexperiment.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksMLflowExperiment +description: Reference for DatabricksMLflowExperiment table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksMLflowExperiment + +Audit logs for events related to manipulation of Databricks MLflow experiments. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksmlflowexperiment](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksmlflowexperiment-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksmodelregistry.md b/articles/azure-monitor/reference/tables/databricksmodelregistry.md new file mode 100644 index 0000000000..ade44fb7db --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksmodelregistry.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksModelRegistry +description: Reference for DatabricksModelRegistry table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksModelRegistry + +Databricks model registry audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksmodelregistry](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksmodelregistry-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksnotebook.md b/articles/azure-monitor/reference/tables/databricksnotebook.md new file mode 100644 index 0000000000..77eda7ec8f --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksnotebook.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksNotebook +description: Reference for DatabricksNotebook table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksNotebook + +Databricks Notebook audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksnotebook](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksnotebook-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickspartnerhub.md b/articles/azure-monitor/reference/tables/databrickspartnerhub.md new file mode 100644 index 0000000000..1a48939f4f --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickspartnerhub.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksPartnerHub +description: Reference for DatabricksPartnerHub table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksPartnerHub + +Audit logs for Databricks partner hub service. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickspartnerhub](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickspartnerhub-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickspredictiveoptimization.md b/articles/azure-monitor/reference/tables/databrickspredictiveoptimization.md new file mode 100644 index 0000000000..89637119c9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickspredictiveoptimization.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksPredictiveOptimization +description: Reference for DatabricksPredictiveOptimization table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksPredictiveOptimization + +Contains Databricks Predictive Optimization logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickspredictiveoptimization](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickspredictiveoptimization-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksremotehistoryservice.md b/articles/azure-monitor/reference/tables/databricksremotehistoryservice.md new file mode 100644 index 0000000000..01e878ad5d --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksremotehistoryservice.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksRemoteHistoryService +description: Reference for DatabricksRemoteHistoryService table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksRemoteHistoryService + +Audit logs for events adding and deleting credentials for Databricks remote history service. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksremotehistoryservice](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksremotehistoryservice-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksrepos.md b/articles/azure-monitor/reference/tables/databricksrepos.md new file mode 100644 index 0000000000..a8ecca5829 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksrepos.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksRepos +description: Reference for DatabricksRepos table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksRepos + +Databricks repos audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksrepos](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksrepos-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickssecrets.md b/articles/azure-monitor/reference/tables/databrickssecrets.md new file mode 100644 index 0000000000..1eeaa86778 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickssecrets.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksSecrets +description: Reference for DatabricksSecrets table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksSecrets + +Databricks Secrets audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickssecrets](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickssecrets-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksserverlessrealtimeinference.md b/articles/azure-monitor/reference/tables/databricksserverlessrealtimeinference.md new file mode 100644 index 0000000000..40fb3d88a7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksserverlessrealtimeinference.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksServerlessRealTimeInference +description: Reference for DatabricksServerlessRealTimeInference table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksServerlessRealTimeInference + +Audit logs from Databricks model serving v2 API service. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksserverlessrealtimeinference](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksserverlessrealtimeinference-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickssql.md b/articles/azure-monitor/reference/tables/databrickssql.md new file mode 100644 index 0000000000..fbc3e6c273 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickssql.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksSQL +description: Reference for DatabricksSQL table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksSQL + +Audit logs for events related to creation, modification etc. of Databricks SQL endpoints. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickssql](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickssql-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickssqlpermissions.md b/articles/azure-monitor/reference/tables/databrickssqlpermissions.md new file mode 100644 index 0000000000..71e81bcd9c --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickssqlpermissions.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksSQLPermissions +description: Reference for DatabricksSQLPermissions table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksSQLPermissions + +Databricks SQL Permissions audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickssqlpermissions](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickssqlpermissions-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksssh.md b/articles/azure-monitor/reference/tables/databricksssh.md new file mode 100644 index 0000000000..a9d5a73d20 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksssh.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksSSH +description: Reference for DatabricksSSH table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksSSH + +Databricks SSH audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksssh](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksssh-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksunitycatalog.md b/articles/azure-monitor/reference/tables/databricksunitycatalog.md new file mode 100644 index 0000000000..78fe45025a --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksunitycatalog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksUnityCatalog +description: Reference for DatabricksUnityCatalog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksUnityCatalog + +Databricks unity catalog audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksunitycatalog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksunitycatalog-include.md)] diff --git a/articles/azure-monitor/reference/tables/databrickswebterminal.md b/articles/azure-monitor/reference/tables/databrickswebterminal.md new file mode 100644 index 0000000000..afb615b078 --- /dev/null +++ b/articles/azure-monitor/reference/tables/databrickswebterminal.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksWebTerminal +description: Reference for DatabricksWebTerminal table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksWebTerminal + +Databricks web terminal audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databrickswebterminal](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databrickswebterminal-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksworkspace.md b/articles/azure-monitor/reference/tables/databricksworkspace.md new file mode 100644 index 0000000000..18f9e24f5b --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksworkspace.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksWorkspace +description: Reference for DatabricksWorkspace table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksWorkspace + +Databricks Workspace audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.databricks/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [databricksworkspace](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksworkspace-include.md)] diff --git a/articles/azure-monitor/reference/tables/databricksworkspacelogs.md b/articles/azure-monitor/reference/tables/databricksworkspacelogs.md new file mode 100644 index 0000000000..4f3c86a4bd --- /dev/null +++ b/articles/azure-monitor/reference/tables/databricksworkspacelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DatabricksWorkspaceLogs +description: Reference for DatabricksWorkspaceLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DatabricksWorkspaceLogs + +Schema for Databricks workspaces related categories, this is an umbrella schema to hold all new Databricks Audit Logs categories that happened in the workspace beginning from 2024. Legacy categories before 2024 are held in their own schemas. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/databricksworkspacelogs)| + + + +## Columns + +[!INCLUDE [databricksworkspacelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/databricksworkspacelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/datatransferoperations.md b/articles/azure-monitor/reference/tables/datatransferoperations.md new file mode 100644 index 0000000000..3bc8d40647 --- /dev/null +++ b/articles/azure-monitor/reference/tables/datatransferoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DataTransferOperations +description: Reference for DataTransferOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DataTransferOperations + +Logs generated by Azure Data Transfer as objects are transferred. These logs can be used to determine if an object has successfully transferred, failed to transfer, or is in the process of transferring. A typical use case would be an objects latest status of 'InTransit' indicating that the object is still transferring and no action needs to be taken. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.azuredatatransfer/connections| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/datatransferoperations)| + + + +## Columns + +[!INCLUDE [datatransferoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/datatransferoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/dataverseactivity.md b/articles/azure-monitor/reference/tables/dataverseactivity.md new file mode 100644 index 0000000000..07852db45c --- /dev/null +++ b/articles/azure-monitor/reference/tables/dataverseactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DataverseActivity +description: Reference for DataverseActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DataverseActivity + +Contains Microsoft Dataverse audit logs. It's typically used to track Dataverse and Dynamics 365 activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/dataverseactivity)| + + + +## Columns + +[!INCLUDE [dataverseactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dataverseactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/dcrlogerrors.md b/articles/azure-monitor/reference/tables/dcrlogerrors.md new file mode 100644 index 0000000000..44d5179310 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dcrlogerrors.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DCRLogErrors +description: Reference for DCRLogErrors table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DCRLogErrors + +Errors registered during DCR-based data collection and transformation. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.insights/datacollectionrules| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/dcrlogerrors)| + + + +## Columns + +[!INCLUDE [dcrlogerrors](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dcrlogerrors-include.md)] diff --git a/articles/azure-monitor/reference/tables/dcrlogtroubleshooting.md b/articles/azure-monitor/reference/tables/dcrlogtroubleshooting.md new file mode 100644 index 0000000000..a39be79034 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dcrlogtroubleshooting.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DCRLogTroubleshooting +description: Reference for DCRLogTroubleshooting table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DCRLogTroubleshooting + +Logs from DCR-based data collection and transformation to help with troubleshooting of DCR configuration and flow. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dcrlogtroubleshooting](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dcrlogtroubleshooting-include.md)] diff --git a/articles/azure-monitor/reference/tables/defenderiotrawevent.md b/articles/azure-monitor/reference/tables/defenderiotrawevent.md new file mode 100644 index 0000000000..286ab699e5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/defenderiotrawevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DefenderIoTRawEvent +description: Reference for DefenderIoTRawEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DefenderIoTRawEvent + +Table is part of Microsoft Defender for IoT. It contains IoT security raw event properties of new and future events. These logs can be used to monitor your new operational, diagnostic and security raw events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| AzureSecurityOfThings| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [defenderiotrawevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/defenderiotrawevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/devcenterbillingeventlogs.md b/articles/azure-monitor/reference/tables/devcenterbillingeventlogs.md new file mode 100644 index 0000000000..c22c72ef86 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devcenterbillingeventlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DevCenterBillingEventLogs +description: Reference for DevCenterBillingEventLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DevCenterBillingEventLogs + +Billing event related to DevCenter resources. Logs contains information about the quantity and unit charged per meter. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.devcenter/devcenters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devcenterbillingeventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devcenterbillingeventlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/devcenterdiagnosticlogs.md b/articles/azure-monitor/reference/tables/devcenterdiagnosticlogs.md new file mode 100644 index 0000000000..43178dd01b --- /dev/null +++ b/articles/azure-monitor/reference/tables/devcenterdiagnosticlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DevCenterDiagnosticLogs +description: Reference for DevCenterDiagnosticLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DevCenterDiagnosticLogs + +Data plane audit logs related to your dev center resources. Will display information concerning stop/start/deletes on dev boxes and environments. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.devcenter/devcenters| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devcenterdiagnosticlogs)| + + + +## Columns + +[!INCLUDE [devcenterdiagnosticlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devcenterdiagnosticlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/devcenterresourceoperationlogs.md b/articles/azure-monitor/reference/tables/devcenterresourceoperationlogs.md new file mode 100644 index 0000000000..01627d9af1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devcenterresourceoperationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DevCenterResourceOperationLogs +description: Reference for DevCenterResourceOperationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DevCenterResourceOperationLogs + +Operation logs pertaining to DevCenter resources, including information around resource health status changes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.devcenter/devcenters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devcenterresourceoperationlogs)| + + + +## Columns + +[!INCLUDE [devcenterresourceoperationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devcenterresourceoperationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceappcrash.md b/articles/azure-monitor/reference/tables/deviceappcrash.md new file mode 100644 index 0000000000..bd14f9e237 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceappcrash.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceAppCrash +description: Reference for DeviceAppCrash table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceAppCrash + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceappcrash](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceappcrash-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceapplaunch.md b/articles/azure-monitor/reference/tables/deviceapplaunch.md new file mode 100644 index 0000000000..baa5972909 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceapplaunch.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceAppLaunch +description: Reference for DeviceAppLaunch table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceAppLaunch + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceapplaunch](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceapplaunch-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicecalendar.md b/articles/azure-monitor/reference/tables/devicecalendar.md new file mode 100644 index 0000000000..0321acf077 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicecalendar.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceCalendar +description: Reference for DeviceCalendar table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceCalendar + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicecalendar)| + + + +## Columns + +[!INCLUDE [devicecalendar](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicecalendar-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicecleanup.md b/articles/azure-monitor/reference/tables/devicecleanup.md new file mode 100644 index 0000000000..4981a64015 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicecleanup.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceCleanup +description: Reference for DeviceCleanup table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceCleanup + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicecleanup)| + + + +## Columns + +[!INCLUDE [devicecleanup](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicecleanup-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceconnectsession.md b/articles/azure-monitor/reference/tables/deviceconnectsession.md new file mode 100644 index 0000000000..afabae635a --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceconnectsession.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceConnectSession +description: Reference for DeviceConnectSession table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceConnectSession + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceconnectsession](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceconnectsession-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceetw.md b/articles/azure-monitor/reference/tables/deviceetw.md new file mode 100644 index 0000000000..3e23521350 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceetw.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceEtw +description: Reference for DeviceEtw table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceEtw + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceetw](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceetw-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceevents.md b/articles/azure-monitor/reference/tables/deviceevents.md new file mode 100644 index 0000000000..010225653c --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceEvents +description: Reference for DeviceEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceEvents + +This table is part of Microsoft Defender for Endpoints with Azure Sentinel. This table contains Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicefilecertificateinfo.md b/articles/azure-monitor/reference/tables/devicefilecertificateinfo.md new file mode 100644 index 0000000000..ecc5ea58f0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicefilecertificateinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceFileCertificateInfo +description: Reference for DeviceFileCertificateInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceFileCertificateInfo + +Certificate information of signed files obtained from certificate verification events on endpoints. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicefilecertificateinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicefilecertificateinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicefileevents.md b/articles/azure-monitor/reference/tables/devicefileevents.md new file mode 100644 index 0000000000..2c5b89b993 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicefileevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceFileEvents +description: Reference for DeviceFileEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceFileEvents + +This table is part of Microsoft Defender for Endpoints with Azure Sentinel. This table contains file creation, modification, and other file system events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicefileevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicefileevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicehardwarehealth.md b/articles/azure-monitor/reference/tables/devicehardwarehealth.md new file mode 100644 index 0000000000..99c0f442ca --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicehardwarehealth.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceHardwareHealth +description: Reference for DeviceHardwareHealth table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceHardwareHealth + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicehardwarehealth)| + + + +## Columns + +[!INCLUDE [devicehardwarehealth](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicehardwarehealth-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicehealth.md b/articles/azure-monitor/reference/tables/devicehealth.md new file mode 100644 index 0000000000..0e1f5640d7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicehealth.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceHealth +description: Reference for DeviceHealth table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceHealth + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicehealth)| + + + +## Columns + +[!INCLUDE [devicehealth](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicehealth-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceheartbeat.md b/articles/azure-monitor/reference/tables/deviceheartbeat.md new file mode 100644 index 0000000000..de01aaf1d4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceheartbeat.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceHeartbeat +description: Reference for DeviceHeartbeat table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceHeartbeat + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceheartbeat](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceheartbeat-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceimageloadevents.md b/articles/azure-monitor/reference/tables/deviceimageloadevents.md new file mode 100644 index 0000000000..1806737bfa --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceimageloadevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceImageLoadEvents +description: Reference for DeviceImageLoadEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceImageLoadEvents + +This table is part of Microsoft Defender for Endpoints with Azure Sentinel. This table contains DLL loading events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceimageloadevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceimageloadevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceinfo.md b/articles/azure-monitor/reference/tables/deviceinfo.md new file mode 100644 index 0000000000..3b27f0e0b3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceInfo +description: Reference for DeviceInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceInfo + +This table is part of Microsoft Defender for Endpoints with Azure Sentinel. This table contains Machine information, including OS information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicelogonevents.md b/articles/azure-monitor/reference/tables/devicelogonevents.md new file mode 100644 index 0000000000..4925f0edc7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicelogonevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceLogonEvents +description: Reference for DeviceLogonEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceLogonEvents + +This table is part of Microsoft Defender for Endpoints with Azure Sentinel. This table contains Sign-ins and other authentication events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicelogonevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicelogonevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicenetworkevents.md b/articles/azure-monitor/reference/tables/devicenetworkevents.md new file mode 100644 index 0000000000..a2a538b6df --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicenetworkevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceNetworkEvents +description: Reference for DeviceNetworkEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceNetworkEvents + +Microsoft Defender for Endpoints (MDE) device network events table. This table contains contains information about network connections and related events initiated by processes running on the endpoint. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicenetworkevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicenetworkevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicenetworkinfo.md b/articles/azure-monitor/reference/tables/devicenetworkinfo.md new file mode 100644 index 0000000000..946391e6db --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicenetworkinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceNetworkInfo +description: Reference for DeviceNetworkInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceNetworkInfo + +Microsoft Defender for Endpoints (MDE) device network information table. This table contains Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicenetworkinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicenetworkinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceprocessevents.md b/articles/azure-monitor/reference/tables/deviceprocessevents.md new file mode 100644 index 0000000000..b0abb75ac2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceprocessevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceProcessEvents +description: Reference for DeviceProcessEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceProcessEvents + +Microsoft Defender for Endpoints (MDE) device process events table. This table contains contains information about process creation and related events on the endpoint. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceprocessevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceprocessevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceregistryevents.md b/articles/azure-monitor/reference/tables/deviceregistryevents.md new file mode 100644 index 0000000000..49ea54a051 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceregistryevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceRegistryEvents +description: Reference for DeviceRegistryEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceRegistryEvents + +Microsoft Defender for Endpoints (MDE) device registry events table. This table contains contains creation and modification of registry entries on the endpoint, and information about the processes initiating such events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceregistryevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceregistryevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceskypeheartbeat.md b/articles/azure-monitor/reference/tables/deviceskypeheartbeat.md new file mode 100644 index 0000000000..8365ad9121 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceskypeheartbeat.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceSkypeHeartbeat +description: Reference for DeviceSkypeHeartbeat table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceSkypeHeartbeat + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/deviceskypeheartbeat)| + + + +## Columns + +[!INCLUDE [deviceskypeheartbeat](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceskypeheartbeat-include.md)] diff --git a/articles/azure-monitor/reference/tables/deviceskypesignin.md b/articles/azure-monitor/reference/tables/deviceskypesignin.md new file mode 100644 index 0000000000..723ecb7a89 --- /dev/null +++ b/articles/azure-monitor/reference/tables/deviceskypesignin.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceSkypeSignIn +description: Reference for DeviceSkypeSignIn table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceSkypeSignIn + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SurfaceHub| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [deviceskypesignin](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/deviceskypesignin-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicetvmsecureconfigurationassessment.md b/articles/azure-monitor/reference/tables/devicetvmsecureconfigurationassessment.md new file mode 100644 index 0000000000..515626d898 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicetvmsecureconfigurationassessment.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceTvmSecureConfigurationAssessment +description: Reference for DeviceTvmSecureConfigurationAssessment table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceTvmSecureConfigurationAssessment + +Threat & vulnerability management assessment events, indicating the status of various security configurations on devices. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicetvmsecureconfigurationassessment)| + + + +## Columns + +[!INCLUDE [devicetvmsecureconfigurationassessment](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicetvmsecureconfigurationassessment-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicetvmsecureconfigurationassessmentkb.md b/articles/azure-monitor/reference/tables/devicetvmsecureconfigurationassessmentkb.md new file mode 100644 index 0000000000..a4e62e25af --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicetvmsecureconfigurationassessmentkb.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceTvmSecureConfigurationAssessmentKB +description: Reference for DeviceTvmSecureConfigurationAssessmentKB table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceTvmSecureConfigurationAssessmentKB + +Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices and includes mappings to various standards and benchmarks. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicetvmsecureconfigurationassessmentkb](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicetvmsecureconfigurationassessmentkb-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicetvmsoftwareinventory.md b/articles/azure-monitor/reference/tables/devicetvmsoftwareinventory.md new file mode 100644 index 0000000000..a4126c6356 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicetvmsoftwareinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceTvmSoftwareInventory +description: Reference for DeviceTvmSoftwareInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceTvmSoftwareInventory + +Inventory of software installed on devices, including their version information and end-of-support status. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicetvmsoftwareinventory)| + + + +## Columns + +[!INCLUDE [devicetvmsoftwareinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicetvmsoftwareinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilities.md b/articles/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilities.md new file mode 100644 index 0000000000..b1625a05a7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilities.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceTvmSoftwareVulnerabilities +description: Reference for DeviceTvmSoftwareVulnerabilities table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceTvmSoftwareVulnerabilities + +Captures various identity-related events, like password changes, password expiration, and user principal name (UPN) changes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/devicetvmsoftwarevulnerabilities)| + + + +## Columns + +[!INCLUDE [devicetvmsoftwarevulnerabilities](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilities-include.md)] diff --git a/articles/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilitieskb.md b/articles/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilitieskb.md new file mode 100644 index 0000000000..b6f7529ccb --- /dev/null +++ b/articles/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilitieskb.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DeviceTvmSoftwareVulnerabilitiesKB +description: Reference for DeviceTvmSoftwareVulnerabilitiesKB table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DeviceTvmSoftwareVulnerabilitiesKB + +Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [devicetvmsoftwarevulnerabilitieskb](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilitieskb-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhappreliability.md b/articles/azure-monitor/reference/tables/dhappreliability.md new file mode 100644 index 0000000000..8dc4d0f552 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhappreliability.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHAppReliability +description: Reference for DHAppReliability table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHAppReliability + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhappreliability](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhappreliability-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhdriverreliability.md b/articles/azure-monitor/reference/tables/dhdriverreliability.md new file mode 100644 index 0000000000..230554b257 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhdriverreliability.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHDriverReliability +description: Reference for DHDriverReliability table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHDriverReliability + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhdriverreliability](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhdriverreliability-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhlogonfailures.md b/articles/azure-monitor/reference/tables/dhlogonfailures.md new file mode 100644 index 0000000000..e5f5ab9882 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhlogonfailures.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHLogonFailures +description: Reference for DHLogonFailures table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHLogonFailures + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhlogonfailures](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhlogonfailures-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhlogonmetrics.md b/articles/azure-monitor/reference/tables/dhlogonmetrics.md new file mode 100644 index 0000000000..b92ac33c4f --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhlogonmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHLogonMetrics +description: Reference for DHLogonMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHLogonMetrics + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhlogonmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhlogonmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhoscrashdata.md b/articles/azure-monitor/reference/tables/dhoscrashdata.md new file mode 100644 index 0000000000..25340ccc39 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhoscrashdata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHOSCrashData +description: Reference for DHOSCrashData table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHOSCrashData + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhoscrashdata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhoscrashdata-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhosreliability.md b/articles/azure-monitor/reference/tables/dhosreliability.md new file mode 100644 index 0000000000..58d600dc58 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhosreliability.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHOSReliability +description: Reference for DHOSReliability table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHOSReliability + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhosreliability](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhosreliability-include.md)] diff --git a/articles/azure-monitor/reference/tables/dhwipapplearning.md b/articles/azure-monitor/reference/tables/dhwipapplearning.md new file mode 100644 index 0000000000..e0c5bcb04c --- /dev/null +++ b/articles/azure-monitor/reference/tables/dhwipapplearning.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DHWipAppLearning +description: Reference for DHWipAppLearning table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DHWipAppLearning + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| DeviceHealthProd| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dhwipapplearning](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dhwipapplearning-include.md)] diff --git a/articles/azure-monitor/reference/tables/dnsevents.md b/articles/azure-monitor/reference/tables/dnsevents.md new file mode 100644 index 0000000000..829206ae0f --- /dev/null +++ b/articles/azure-monitor/reference/tables/dnsevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DnsEvents +description: Reference for DnsEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DnsEvents + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Network| +|**Solutions**| DnsAnalytics, SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/dnsevents)| + + + +## Columns + +[!INCLUDE [dnsevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dnsevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/dnsinventory.md b/articles/azure-monitor/reference/tables/dnsinventory.md new file mode 100644 index 0000000000..6a9dd32489 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dnsinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DnsInventory +description: Reference for DnsInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DnsInventory + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Network| +|**Solutions**| DnsAnalytics, SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dnsinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dnsinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/dnsquerylogs.md b/articles/azure-monitor/reference/tables/dnsquerylogs.md new file mode 100644 index 0000000000..81e0e098cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/dnsquerylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DNSQueryLogs +description: Reference for DNSQueryLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DNSQueryLogs + +DNS query logs enable customers to monitor the DNS traffic in their virtual networks and help securing their DNS infrastructure. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/dnsresolverpolicies| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/dnsquerylogs)| + + + +## Columns + +[!INCLUDE [dnsquerylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dnsquerylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/dsmazureblobstoragelogs.md b/articles/azure-monitor/reference/tables/dsmazureblobstoragelogs.md new file mode 100644 index 0000000000..8cc7badb6f --- /dev/null +++ b/articles/azure-monitor/reference/tables/dsmazureblobstoragelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DSMAzureBlobStorageLogs +description: Reference for DSMAzureBlobStorageLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DSMAzureBlobStorageLogs + +Azure Blob Storage resource logs enriched with data sensitivity context provided by Azure Purview. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dsmazureblobstoragelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dsmazureblobstoragelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/dsmdataclassificationlogs.md b/articles/azure-monitor/reference/tables/dsmdataclassificationlogs.md new file mode 100644 index 0000000000..7cefdef233 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dsmdataclassificationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DSMDataClassificationLogs +description: Reference for DSMDataClassificationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DSMDataClassificationLogs + +Contains data classification information provided by Azure Purview and is used to correlate storage resource logs with data sensitivity information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dsmdataclassificationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dsmdataclassificationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/dsmdatalabelinglogs.md b/articles/azure-monitor/reference/tables/dsmdatalabelinglogs.md new file mode 100644 index 0000000000..558274943d --- /dev/null +++ b/articles/azure-monitor/reference/tables/dsmdatalabelinglogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DSMDataLabelingLogs +description: Reference for DSMDataLabelingLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DSMDataLabelingLogs + +Contains data sensitivity labeling information provided by Azure Purview and is used to correlate storage resource logs with data sensitivity information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dsmdatalabelinglogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dsmdatalabelinglogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/dynamiceventcollection.md b/articles/azure-monitor/reference/tables/dynamiceventcollection.md new file mode 100644 index 0000000000..967d41ef77 --- /dev/null +++ b/articles/azure-monitor/reference/tables/dynamiceventcollection.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DynamicEventCollection +description: Reference for DynamicEventCollection table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DynamicEventCollection + +A generic windows events table for data collected by the Defender for Endpoint agent + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| AzureSentinelDSRE| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dynamiceventcollection](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dynamiceventcollection-include.md)] diff --git a/articles/azure-monitor/reference/tables/dynamics365activity.md b/articles/azure-monitor/reference/tables/dynamics365activity.md new file mode 100644 index 0000000000..23e21d93cc --- /dev/null +++ b/articles/azure-monitor/reference/tables/dynamics365activity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Dynamics365Activity +description: Reference for Dynamics365Activity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Dynamics365Activity + +Audit logs for Dynamics 365 tenants collected by Azure Sentinel. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dynamics365activity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dynamics365activity-include.md)] diff --git a/articles/azure-monitor/reference/tables/dynamicsummary.md b/articles/azure-monitor/reference/tables/dynamicsummary.md new file mode 100644 index 0000000000..645022846f --- /dev/null +++ b/articles/azure-monitor/reference/tables/dynamicsummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - DynamicSummary +description: Reference for DynamicSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# DynamicSummary + +Azure Sentinel Dynamic Summary provides a security data storage to persist concentrated findings and summaries for hunting, investigation, search, detection. Summary description and detailed observables can be stored in Log Analytics for further analysis and report generation. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [dynamicsummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dynamicsummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnfailedhttpdataplaneoperations.md b/articles/azure-monitor/reference/tables/egnfailedhttpdataplaneoperations.md new file mode 100644 index 0000000000..9ca6708c92 --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnfailedhttpdataplaneoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNFailedHttpDataPlaneOperations +description: Reference for EGNFailedHttpDataPlaneOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNFailedHttpDataPlaneOperations + +Log for failed HTTP data plane requests to an Event Grid namespace. It can be used for auditing purposes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/egnfailedhttpdataplaneoperations)| + + + +## Columns + +[!INCLUDE [egnfailedhttpdataplaneoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnfailedhttpdataplaneoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnfailedmqttconnections.md b/articles/azure-monitor/reference/tables/egnfailedmqttconnections.md new file mode 100644 index 0000000000..81e60bedb6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnfailedmqttconnections.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNFailedMqttConnections +description: Reference for EGNFailedMqttConnections table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNFailedMqttConnections + +Log for failed MQTT connections to an Event Grid namespace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/egnfailedmqttconnections)| + + + +## Columns + +[!INCLUDE [egnfailedmqttconnections](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnfailedmqttconnections-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnfailedmqttpublishedmessages.md b/articles/azure-monitor/reference/tables/egnfailedmqttpublishedmessages.md new file mode 100644 index 0000000000..1661fb7e08 --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnfailedmqttpublishedmessages.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNFailedMqttPublishedMessages +description: Reference for EGNFailedMqttPublishedMessages table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNFailedMqttPublishedMessages + +Log for failed MQTT published messages to an Event Grid namespace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [egnfailedmqttpublishedmessages](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnfailedmqttpublishedmessages-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnfailedmqttsubscriptions.md b/articles/azure-monitor/reference/tables/egnfailedmqttsubscriptions.md new file mode 100644 index 0000000000..45088b21cf --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnfailedmqttsubscriptions.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNFailedMqttSubscriptions +description: Reference for EGNFailedMqttSubscriptions table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNFailedMqttSubscriptions + +Log for failed MQTT subscriptions to an Event Grid namespace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [egnfailedmqttsubscriptions](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnfailedmqttsubscriptions-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnmqttdisconnections.md b/articles/azure-monitor/reference/tables/egnmqttdisconnections.md new file mode 100644 index 0000000000..9993d5d2aa --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnmqttdisconnections.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNMqttDisconnections +description: Reference for EGNMqttDisconnections table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNMqttDisconnections + +Log for disconnected MQTT connections from an Event Grid namespace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/egnmqttdisconnections)| + + + +## Columns + +[!INCLUDE [egnmqttdisconnections](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnmqttdisconnections-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnsuccessfulhttpdataplaneoperations.md b/articles/azure-monitor/reference/tables/egnsuccessfulhttpdataplaneoperations.md new file mode 100644 index 0000000000..bd767bb869 --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnsuccessfulhttpdataplaneoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNSuccessfulHttpDataPlaneOperations +description: Reference for EGNSuccessfulHttpDataPlaneOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNSuccessfulHttpDataPlaneOperations + +Log for successful HTTP data plane requests to an Event Grid namespace. It can be used for auditing purposes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/egnsuccessfulhttpdataplaneoperations)| + + + +## Columns + +[!INCLUDE [egnsuccessfulhttpdataplaneoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnsuccessfulhttpdataplaneoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/egnsuccessfulmqttconnections.md b/articles/azure-monitor/reference/tables/egnsuccessfulmqttconnections.md new file mode 100644 index 0000000000..18831cd9af --- /dev/null +++ b/articles/azure-monitor/reference/tables/egnsuccessfulmqttconnections.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EGNSuccessfulMqttConnections +description: Reference for EGNSuccessfulMqttConnections table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EGNSuccessfulMqttConnections + +Log for successful MQTT connections to an Event Grid namesapce. This log can be used for auditing purposes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.eventgrid/namespaces| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/egnsuccessfulmqttconnections)| + + + +## Columns + +[!INCLUDE [egnsuccessfulmqttconnections](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/egnsuccessfulmqttconnections-include.md)] diff --git a/articles/azure-monitor/reference/tables/emailattachmentinfo.md b/articles/azure-monitor/reference/tables/emailattachmentinfo.md new file mode 100644 index 0000000000..3fcb00b855 --- /dev/null +++ b/articles/azure-monitor/reference/tables/emailattachmentinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EmailAttachmentInfo +description: Reference for EmailAttachmentInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EmailAttachmentInfo + +Office 365 attached emails information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/emailattachmentinfo)| + + + +## Columns + +[!INCLUDE [emailattachmentinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/emailattachmentinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/emailevents.md b/articles/azure-monitor/reference/tables/emailevents.md new file mode 100644 index 0000000000..4aa9cf575c --- /dev/null +++ b/articles/azure-monitor/reference/tables/emailevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EmailEvents +description: Reference for EmailEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EmailEvents + +Office 365 email events, including email delivery and blocking events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/emailevents)| + + + +## Columns + +[!INCLUDE [emailevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/emailevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/emailpostdeliveryevents.md b/articles/azure-monitor/reference/tables/emailpostdeliveryevents.md new file mode 100644 index 0000000000..27fc9f2b39 --- /dev/null +++ b/articles/azure-monitor/reference/tables/emailpostdeliveryevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EmailPostDeliveryEvents +description: Reference for EmailPostDeliveryEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EmailPostDeliveryEvents + +Office 365 security events occurred post email delivery to recipient mailbox. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/emailpostdeliveryevents)| + + + +## Columns + +[!INCLUDE [emailpostdeliveryevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/emailpostdeliveryevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/emailurlinfo.md b/articles/azure-monitor/reference/tables/emailurlinfo.md new file mode 100644 index 0000000000..e2e0c9c362 --- /dev/null +++ b/articles/azure-monitor/reference/tables/emailurlinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EmailUrlInfo +description: Reference for EmailUrlInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EmailUrlInfo + +Office 365 emails URLs information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/emailurlinfo)| + + + +## Columns + +[!INCLUDE [emailurlinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/emailurlinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/enrichedmicrosoft365auditlogs.md b/articles/azure-monitor/reference/tables/enrichedmicrosoft365auditlogs.md new file mode 100644 index 0000000000..00cd0462b6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/enrichedmicrosoft365auditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - EnrichedMicrosoft365AuditLogs +description: Reference for EnrichedMicrosoft365AuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# EnrichedMicrosoft365AuditLogs + +This table is part of Identity and Network Access, which contains Enriched Microsoft 365 Audit logs. These logs can be leveraged for policy, risk, and traffic management, as well as to monitor users experience. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Network, IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [enrichedmicrosoft365auditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/enrichedmicrosoft365auditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/etwevent.md b/articles/azure-monitor/reference/tables/etwevent.md new file mode 100644 index 0000000000..1742c78509 --- /dev/null +++ b/articles/azure-monitor/reference/tables/etwevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ETWEvent +description: Reference for ETWEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ETWEvent + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Virtual Machines| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [etwevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/etwevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/event.md b/articles/azure-monitor/reference/tables/event.md new file mode 100644 index 0000000000..56c08b313f --- /dev/null +++ b/articles/azure-monitor/reference/tables/event.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Event +description: Reference for Event table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Event + +Events from Windows Event Log on Windows computers using the Log Analytics agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.azurestackhci/clusters| +|**Categories**|Virtual Machines| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/event)| + + + +## Columns + +[!INCLUDE [event](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/event-include.md)] diff --git a/articles/azure-monitor/reference/tables/exchangeassessmentrecommendation.md b/articles/azure-monitor/reference/tables/exchangeassessmentrecommendation.md new file mode 100644 index 0000000000..129ac1540f --- /dev/null +++ b/articles/azure-monitor/reference/tables/exchangeassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ExchangeAssessmentRecommendation +description: Reference for ExchangeAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ExchangeAssessmentRecommendation + +Recommendations generated by Exchange assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, ExchangeAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [exchangeassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/exchangeassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/exchangeonlineassessmentrecommendation.md b/articles/azure-monitor/reference/tables/exchangeonlineassessmentrecommendation.md new file mode 100644 index 0000000000..f6ec933a75 --- /dev/null +++ b/articles/azure-monitor/reference/tables/exchangeonlineassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ExchangeOnlineAssessmentRecommendation +description: Reference for ExchangeOnlineAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ExchangeOnlineAssessmentRecommendation + +Recommendations generated by Exchange Online assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, ExchangeOnlineAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [exchangeonlineassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/exchangeonlineassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/failedingestion.md b/articles/azure-monitor/reference/tables/failedingestion.md new file mode 100644 index 0000000000..50d8504f57 --- /dev/null +++ b/articles/azure-monitor/reference/tables/failedingestion.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - FailedIngestion +description: Reference for FailedIngestion table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# FailedIngestion + +Failed ingestion operations logs provide detailed information about failed ingest operations. Logs include data source details, as well as error code and failure status (transient or permanent), that can be used for tracking the process of data source ingestion. Users can identify usage errors (permanent bad requests) and handle retries of transient failures. Ingestion logs are supported for queued ingestion to the ingestion endpoint using SDKs, data connections, and connectors. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/failedingestion)| + + + +## Columns + +[!INCLUDE [failedingestion](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/failedingestion-include.md)] diff --git a/articles/azure-monitor/reference/tables/functionapplogs.md b/articles/azure-monitor/reference/tables/functionapplogs.md new file mode 100644 index 0000000000..9b84f11c74 --- /dev/null +++ b/articles/azure-monitor/reference/tables/functionapplogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - FunctionAppLogs +description: Reference for FunctionAppLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# FunctionAppLogs + +Log generated by Function Apps. It includes logs emitted by the Functions host and logs emitted by customer code. Use these logs to monitor application health, performance, and behavior. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites| +|**Categories**|Azure Resources, Applications| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/functionapplogs)| + + + +## Columns + +[!INCLUDE [functionapplogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/functionapplogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/gcpauditlogs.md b/articles/azure-monitor/reference/tables/gcpauditlogs.md new file mode 100644 index 0000000000..f7c390bcba --- /dev/null +++ b/articles/azure-monitor/reference/tables/gcpauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - GCPAuditLogs +description: Reference for GCPAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# GCPAuditLogs + +The Google Cloud Platform (GCP) audit logs, ingested from Sentinel's connector, enable you to capture three types of audit logs: admin activity logs, data access logs, and access transparency logs. Google cloud audit Logs record a trail that practitioners can use to monitor access and detect potential threats across Google Cloud Platform (GCP) resources. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/gcpauditlogs)| + + + +## Columns + +[!INCLUDE [gcpauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/gcpauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/googlecloudscc.md b/articles/azure-monitor/reference/tables/googlecloudscc.md new file mode 100644 index 0000000000..793b02a16a --- /dev/null +++ b/articles/azure-monitor/reference/tables/googlecloudscc.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - GoogleCloudSCC +description: Reference for GoogleCloudSCC table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# GoogleCloudSCC + +Security Command Center is a comprehensive security and risk management platform for Google Cloud. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [googlecloudscc](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/googlecloudscc-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightambariclusteralerts.md b/articles/azure-monitor/reference/tables/hdinsightambariclusteralerts.md new file mode 100644 index 0000000000..338fac9bcc --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightambariclusteralerts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightAmbariClusterAlerts +description: Reference for HDInsightAmbariClusterAlerts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightAmbariClusterAlerts + +Cluster Alerts generated by Ambari. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightambariclusteralerts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightambariclusteralerts-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightambarisystemmetrics.md b/articles/azure-monitor/reference/tables/hdinsightambarisystemmetrics.md new file mode 100644 index 0000000000..425c33a5d0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightambarisystemmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightAmbariSystemMetrics +description: Reference for HDInsightAmbariSystemMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightAmbariSystemMetrics + +System metrics from each individual node generated by Ambari. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightambarisystemmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightambarisystemmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightgatewayauditlogs.md b/articles/azure-monitor/reference/tables/hdinsightgatewayauditlogs.md new file mode 100644 index 0000000000..21a28648e2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightgatewayauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightGatewayAuditLogs +description: Reference for HDInsightGatewayAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightGatewayAuditLogs + +Authentication audit logs from HDInsight Gateway nodes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightgatewayauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightgatewayauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthadoopandyarnlogs.md b/articles/azure-monitor/reference/tables/hdinsighthadoopandyarnlogs.md new file mode 100644 index 0000000000..359661f454 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthadoopandyarnlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHadoopAndYarnLogs +description: Reference for HDInsightHadoopAndYarnLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHadoopAndYarnLogs + +Logs from HDInsight Hadoop Clusters and YARN-related logs such as ResourceManager, NodeManager, and TimelineServer logs from all cluster types that use YARN. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthadoopandyarnlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthadoopandyarnlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthadoopandyarnmetrics.md b/articles/azure-monitor/reference/tables/hdinsighthadoopandyarnmetrics.md new file mode 100644 index 0000000000..18a501a993 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthadoopandyarnmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHadoopAndYarnMetrics +description: Reference for HDInsightHadoopAndYarnMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHadoopAndYarnMetrics + +JMX metrics from Hadoop clusters and Yarn JMX metrics from any YARN-based cluster type. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthadoopandyarnmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthadoopandyarnmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthbaselogs.md b/articles/azure-monitor/reference/tables/hdinsighthbaselogs.md new file mode 100644 index 0000000000..3e41ab3ce8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthbaselogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHBaseLogs +description: Reference for HDInsightHBaseLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHBaseLogs + +All logs from HDInsight HBase Logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthbaselogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthbaselogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthbasemetrics.md b/articles/azure-monitor/reference/tables/hdinsighthbasemetrics.md new file mode 100644 index 0000000000..0126474c11 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthbasemetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHBaseMetrics +description: Reference for HDInsightHBaseMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHBaseMetrics + +JMX metrics from HBase clusters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthbasemetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthbasemetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthiveandllaplogs.md b/articles/azure-monitor/reference/tables/hdinsighthiveandllaplogs.md new file mode 100644 index 0000000000..2ecffa61f8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthiveandllaplogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHiveAndLLAPLogs +description: Reference for HDInsightHiveAndLLAPLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHiveAndLLAPLogs + +All logs from HDInsight Hive and LLAP Clusters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthiveandllaplogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthiveandllaplogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthiveandllapmetrics.md b/articles/azure-monitor/reference/tables/hdinsighthiveandllapmetrics.md new file mode 100644 index 0000000000..663b1b4f6b --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthiveandllapmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHiveAndLLAPMetrics +description: Reference for HDInsightHiveAndLLAPMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHiveAndLLAPMetrics + +JMX metrics from Hive and LLAP clusters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthiveandllapmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthiveandllapmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthivequeryappstats.md b/articles/azure-monitor/reference/tables/hdinsighthivequeryappstats.md new file mode 100644 index 0000000000..9d0267879f --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthivequeryappstats.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHiveQueryAppStats +description: Reference for HDInsightHiveQueryAppStats table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHiveQueryAppStats + +Hive Query Metrics emitted from the YARN Timeline Server. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthivequeryappstats](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthivequeryappstats-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsighthivetezappstats.md b/articles/azure-monitor/reference/tables/hdinsighthivetezappstats.md new file mode 100644 index 0000000000..c738c447e7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsighthivetezappstats.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightHiveTezAppStats +description: Reference for HDInsightHiveTezAppStats table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightHiveTezAppStats + +Tez Application Metrics emitted from the YARN Resource Manager. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsighthivetezappstats](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsighthivetezappstats-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightjupyternotebookevents.md b/articles/azure-monitor/reference/tables/hdinsightjupyternotebookevents.md new file mode 100644 index 0000000000..73bf9076e6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightjupyternotebookevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightJupyterNotebookEvents +description: Reference for HDInsightJupyterNotebookEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightJupyterNotebookEvents + +Spark Events Log. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightjupyternotebookevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightjupyternotebookevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightkafkalogs.md b/articles/azure-monitor/reference/tables/hdinsightkafkalogs.md new file mode 100644 index 0000000000..9db743883a --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightkafkalogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightKafkaLogs +description: Reference for HDInsightKafkaLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightKafkaLogs + +All logs from HDInsight Kafka Logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightkafkalogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightkafkalogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightkafkametrics.md b/articles/azure-monitor/reference/tables/hdinsightkafkametrics.md new file mode 100644 index 0000000000..5cf707b65c --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightkafkametrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightKafkaMetrics +description: Reference for HDInsightKafkaMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightKafkaMetrics + +All metrics from Kafka clusters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightkafkametrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightkafkametrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightkafkaserverlog.md b/articles/azure-monitor/reference/tables/hdinsightkafkaserverlog.md new file mode 100644 index 0000000000..67212e5422 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightkafkaserverlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightKafkaServerLog +description: Reference for HDInsightKafkaServerLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightKafkaServerLog + +HDInsight Kafka Server Log + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightkafkaserverlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightkafkaserverlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightoozielogs.md b/articles/azure-monitor/reference/tables/hdinsightoozielogs.md new file mode 100644 index 0000000000..de13993e65 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightoozielogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightOozieLogs +description: Reference for HDInsightOozieLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightOozieLogs + +All logs from Oozie component. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightoozielogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightoozielogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightrangerauditlogs.md b/articles/azure-monitor/reference/tables/hdinsightrangerauditlogs.md new file mode 100644 index 0000000000..ede09dc9b3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightrangerauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightRangerAuditLogs +description: Reference for HDInsightRangerAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightRangerAuditLogs + +Audit logs from the Ranger component (only for ESP clusters). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightrangerauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightrangerauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsecuritylogs.md b/articles/azure-monitor/reference/tables/hdinsightsecuritylogs.md new file mode 100644 index 0000000000..073affd5b1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsecuritylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSecurityLogs +description: Reference for HDInsightSecurityLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSecurityLogs + +Security related logs including Ambari Audit and Auth Log. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsecuritylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsecuritylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkapplicationevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkapplicationevents.md new file mode 100644 index 0000000000..c9b816cd77 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkapplicationevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkApplicationEvents +description: Reference for HDInsightSparkApplicationEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkApplicationEvents + +Spark Application Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkapplicationevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkapplicationevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkblockmanagerevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkblockmanagerevents.md new file mode 100644 index 0000000000..402ac4e772 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkblockmanagerevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkBlockManagerEvents +description: Reference for HDInsightSparkBlockManagerEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkBlockManagerEvents + +Spark Block Manager Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkblockmanagerevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkblockmanagerevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkenvironmentevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkenvironmentevents.md new file mode 100644 index 0000000000..15315634be --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkenvironmentevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkEnvironmentEvents +description: Reference for HDInsightSparkEnvironmentEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkEnvironmentEvents + +Spark Environment Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkenvironmentevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkenvironmentevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkexecutorevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkexecutorevents.md new file mode 100644 index 0000000000..363436473c --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkexecutorevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkExecutorEvents +description: Reference for HDInsightSparkExecutorEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkExecutorEvents + +Spark Executor Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkexecutorevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkexecutorevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkextraevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkextraevents.md new file mode 100644 index 0000000000..1cb1a539bb --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkextraevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkExtraEvents +description: Reference for HDInsightSparkExtraEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkExtraEvents + +Spark Extra Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkextraevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkextraevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkjobevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkjobevents.md new file mode 100644 index 0000000000..a7e28a21af --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkjobevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkJobEvents +description: Reference for HDInsightSparkJobEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkJobEvents + +Spark Job Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkjobevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkjobevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparklogs.md b/articles/azure-monitor/reference/tables/hdinsightsparklogs.md new file mode 100644 index 0000000000..69367a38fe --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparklogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkLogs +description: Reference for HDInsightSparkLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkLogs + +All logs from related to Spark including Jupyter and Livy logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparklogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparklogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparksqlexecutionevents.md b/articles/azure-monitor/reference/tables/hdinsightsparksqlexecutionevents.md new file mode 100644 index 0000000000..3abc99be31 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparksqlexecutionevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkSQLExecutionEvents +description: Reference for HDInsightSparkSQLExecutionEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkSQLExecutionEvents + +Spark SQL Execution Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparksqlexecutionevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparksqlexecutionevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkstageevents.md b/articles/azure-monitor/reference/tables/hdinsightsparkstageevents.md new file mode 100644 index 0000000000..de4611dfe4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkstageevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkStageEvents +description: Reference for HDInsightSparkStageEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkStageEvents + +Spark Stage Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkstageevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkstageevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparkstagetaskaccumulables.md b/articles/azure-monitor/reference/tables/hdinsightsparkstagetaskaccumulables.md new file mode 100644 index 0000000000..486a904d68 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparkstagetaskaccumulables.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkStageTaskAccumulables +description: Reference for HDInsightSparkStageTaskAccumulables table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkStageTaskAccumulables + +Spark Stage Task Accumulables. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparkstagetaskaccumulables](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparkstagetaskaccumulables-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightsparktaskevents.md b/articles/azure-monitor/reference/tables/hdinsightsparktaskevents.md new file mode 100644 index 0000000000..9348b53fbb --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightsparktaskevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightSparkTaskEvents +description: Reference for HDInsightSparkTaskEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightSparkTaskEvents + +Spark Task Events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightsparktaskevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightsparktaskevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightstormlogs.md b/articles/azure-monitor/reference/tables/hdinsightstormlogs.md new file mode 100644 index 0000000000..9ed5d44b66 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightstormlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightStormLogs +description: Reference for HDInsightStormLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightStormLogs + +All Logs from Storm cluster nodes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightstormlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightstormlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightstormmetrics.md b/articles/azure-monitor/reference/tables/hdinsightstormmetrics.md new file mode 100644 index 0000000000..a6416faf46 --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightstormmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightStormMetrics +description: Reference for HDInsightStormMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightStormMetrics + +Cluster Level Metrics from Storm clusters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightstormmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightstormmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/hdinsightstormtopologymetrics.md b/articles/azure-monitor/reference/tables/hdinsightstormtopologymetrics.md new file mode 100644 index 0000000000..cf60e3205e --- /dev/null +++ b/articles/azure-monitor/reference/tables/hdinsightstormtopologymetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HDInsightStormTopologyMetrics +description: Reference for HDInsightStormTopologyMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HDInsightStormTopologyMetrics + +Topology Level Metrics from Storm clusters. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.hdinsight/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [hdinsightstormtopologymetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/hdinsightstormtopologymetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/healthstatechangeevent.md b/articles/azure-monitor/reference/tables/healthstatechangeevent.md new file mode 100644 index 0000000000..bc15f68d45 --- /dev/null +++ b/articles/azure-monitor/reference/tables/healthstatechangeevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HealthStateChangeEvent +description: Reference for HealthStateChangeEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HealthStateChangeEvent + +Workload Monitor Health. This data represents state transitions of a health monitor. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|-| +|**Solutions**| AzureResources, VMInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [healthstatechangeevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/healthstatechangeevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/heartbeat.md b/articles/azure-monitor/reference/tables/heartbeat.md new file mode 100644 index 0000000000..2a30c0bbd1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/heartbeat.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Heartbeat +description: Reference for Heartbeat table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Heartbeat + +Records logged by Log Analytics agents once per minute to report on agent health. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters,
microsoft.automation/automationaccounts| +|**Categories**|Virtual Machines, Containers, IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/heartbeat)| + + + +## Columns + +[!INCLUDE [heartbeat](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/heartbeat-include.md)] diff --git a/articles/azure-monitor/reference/tables/huntingbookmark.md b/articles/azure-monitor/reference/tables/huntingbookmark.md new file mode 100644 index 0000000000..80df0e9464 --- /dev/null +++ b/articles/azure-monitor/reference/tables/huntingbookmark.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - HuntingBookmark +description: Reference for HuntingBookmark table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# HuntingBookmark + +Azure sentinel hunting bookmarks audit table + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [huntingbookmark](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/huntingbookmark-include.md)] diff --git a/articles/azure-monitor/reference/tables/identitydirectoryevents.md b/articles/azure-monitor/reference/tables/identitydirectoryevents.md new file mode 100644 index 0000000000..08727a0136 --- /dev/null +++ b/articles/azure-monitor/reference/tables/identitydirectoryevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IdentityDirectoryEvents +description: Reference for IdentityDirectoryEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IdentityDirectoryEvents + +Captures various identity-related events, like password changes, password expiration, and user principal name (UPN) changes. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/identitydirectoryevents)| + + + +## Columns + +[!INCLUDE [identitydirectoryevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/identitydirectoryevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/identityinfo.md b/articles/azure-monitor/reference/tables/identityinfo.md new file mode 100644 index 0000000000..85e1a8c6b1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/identityinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IdentityInfo +description: Reference for IdentityInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IdentityInfo + +This table is populated by Azure Sentinel UEBA with all your users identities information. It can be used to correlate user information and insights with analytics or hunting queries. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| BehaviorAnalyticsInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [identityinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/identityinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/identitylogonevents.md b/articles/azure-monitor/reference/tables/identitylogonevents.md new file mode 100644 index 0000000000..b5431dc8e6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/identitylogonevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IdentityLogonEvents +description: Reference for IdentityLogonEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IdentityLogonEvents + +Authentication activities made through your on-premises Active Directory. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/identitylogonevents)| + + + +## Columns + +[!INCLUDE [identitylogonevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/identitylogonevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/identityqueryevents.md b/articles/azure-monitor/reference/tables/identityqueryevents.md new file mode 100644 index 0000000000..1cb506ad60 --- /dev/null +++ b/articles/azure-monitor/reference/tables/identityqueryevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IdentityQueryEvents +description: Reference for IdentityQueryEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IdentityQueryEvents + +Information about queries performed against Active Directory objects, such as users, groups, devices, and domains. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/identityqueryevents)| + + + +## Columns + +[!INCLUDE [identityqueryevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/identityqueryevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/iisassessmentrecommendation.md b/articles/azure-monitor/reference/tables/iisassessmentrecommendation.md new file mode 100644 index 0000000000..8f7dc14f17 --- /dev/null +++ b/articles/azure-monitor/reference/tables/iisassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IISAssessmentRecommendation +description: Reference for IISAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IISAssessmentRecommendation + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| IISAssessmentPlus| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [iisassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/iisassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/insightsmetrics.md b/articles/azure-monitor/reference/tables/insightsmetrics.md new file mode 100644 index 0000000000..545792ee6b --- /dev/null +++ b/articles/azure-monitor/reference/tables/insightsmetrics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - InsightsMetrics +description: Reference for InsightsMetrics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# InsightsMetrics + +Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics for Azure Monitor Solutions + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.insights/workloadmonitoring,
microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters,
microsoft.devices/iothubs| +|**Categories**|Virtual Machines, Containers, Azure Resources| +|**Solutions**| AzureResources, ContainerInsights, InfrastructureInsights, LogManagement, ServiceMap, VMInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/insightsmetrics)| + + + +## Columns + +[!INCLUDE [insightsmetrics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/insightsmetrics-include.md)] diff --git a/articles/azure-monitor/reference/tables/intuneauditlogs.md b/articles/azure-monitor/reference/tables/intuneauditlogs.md new file mode 100644 index 0000000000..ba4e5a080a --- /dev/null +++ b/articles/azure-monitor/reference/tables/intuneauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IntuneAuditLogs +description: Reference for IntuneAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IntuneAuditLogs + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [intuneauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/intuneauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/intunedevicecomplianceorg.md b/articles/azure-monitor/reference/tables/intunedevicecomplianceorg.md new file mode 100644 index 0000000000..da02c6ee3d --- /dev/null +++ b/articles/azure-monitor/reference/tables/intunedevicecomplianceorg.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IntuneDeviceComplianceOrg +description: Reference for IntuneDeviceComplianceOrg table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IntuneDeviceComplianceOrg + +Intune device compliance specialist report. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [intunedevicecomplianceorg](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/intunedevicecomplianceorg-include.md)] diff --git a/articles/azure-monitor/reference/tables/intunedevices.md b/articles/azure-monitor/reference/tables/intunedevices.md new file mode 100644 index 0000000000..4409bc9cc2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/intunedevices.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IntuneDevices +description: Reference for IntuneDevices table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IntuneDevices + +Intune devices specialist report. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [intunedevices](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/intunedevices-include.md)] diff --git a/articles/azure-monitor/reference/tables/intuneoperationallogs.md b/articles/azure-monitor/reference/tables/intuneoperationallogs.md new file mode 100644 index 0000000000..def54fe4cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/intuneoperationallogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IntuneOperationalLogs +description: Reference for IntuneOperationalLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IntuneOperationalLogs + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [intuneoperationallogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/intuneoperationallogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/iothubdistributedtracing.md b/articles/azure-monitor/reference/tables/iothubdistributedtracing.md new file mode 100644 index 0000000000..db7f638847 --- /dev/null +++ b/articles/azure-monitor/reference/tables/iothubdistributedtracing.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - IoTHubDistributedTracing +description: Reference for IoTHubDistributedTracing table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# IoTHubDistributedTracing + +The distributed tracing category tracks the trace-id and span-id for messages that carry the trace context header. To fully enable these logs, client-side code must be updated by following https://aka.ms/iottracing + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.devices/iothubs| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [iothubdistributedtracing](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/iothubdistributedtracing-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubeevents.md b/articles/azure-monitor/reference/tables/kubeevents.md new file mode 100644 index 0000000000..f78e287d0b --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubeevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubeEvents +description: Reference for KubeEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubeEvents + +Table that stores Kubernetes events + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/kubeevents)| + + + +## Columns + +[!INCLUDE [kubeevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubeevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubehealth.md b/articles/azure-monitor/reference/tables/kubehealth.md new file mode 100644 index 0000000000..754b53767a --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubehealth.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubeHealth +description: Reference for KubeHealth table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubeHealth + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [kubehealth](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubehealth-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubemonagentevents.md b/articles/azure-monitor/reference/tables/kubemonagentevents.md new file mode 100644 index 0000000000..8b54926586 --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubemonagentevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubeMonAgentEvents +description: Reference for KubeMonAgentEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubeMonAgentEvents + +Table that stores events from the Kubernetes cluster monitoring agent [Azure Monitor Agent] + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/kubemonagentevents)| + + + +## Columns + +[!INCLUDE [kubemonagentevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubemonagentevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubenodeinventory.md b/articles/azure-monitor/reference/tables/kubenodeinventory.md new file mode 100644 index 0000000000..f846a175e1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubenodeinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubeNodeInventory +description: Reference for KubeNodeInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubeNodeInventory + +Table that stores Kubernetes cluster's node information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/kubenodeinventory)| + + + +## Columns + +[!INCLUDE [kubenodeinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubenodeinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubepodinventory.md b/articles/azure-monitor/reference/tables/kubepodinventory.md new file mode 100644 index 0000000000..d54704d097 --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubepodinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubePodInventory +description: Reference for KubePodInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubePodInventory + +Table that stores kubernetes cluster's Pod & container information + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/kubepodinventory)| + + + +## Columns + +[!INCLUDE [kubepodinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubepodinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubepvinventory.md b/articles/azure-monitor/reference/tables/kubepvinventory.md new file mode 100644 index 0000000000..e5eb584244 --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubepvinventory.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubePVInventory +description: Reference for KubePVInventory table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubePVInventory + +Kubernetes persistent volumes and their properties. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [kubepvinventory](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubepvinventory-include.md)] diff --git a/articles/azure-monitor/reference/tables/kubeservices.md b/articles/azure-monitor/reference/tables/kubeservices.md new file mode 100644 index 0000000000..9c2e120d04 --- /dev/null +++ b/articles/azure-monitor/reference/tables/kubeservices.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - KubeServices +description: Reference for KubeServices table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# KubeServices + +Table that stores Kubernetes services information. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Containers| +|**Solutions**| AzureResources, ContainerInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/kubeservices)| + + + +## Columns + +[!INCLUDE [kubeservices](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/kubeservices-include.md)] diff --git a/articles/azure-monitor/reference/tables/laquerylogs.md b/articles/azure-monitor/reference/tables/laquerylogs.md new file mode 100644 index 0000000000..dc449a0153 --- /dev/null +++ b/articles/azure-monitor/reference/tables/laquerylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - LAQueryLogs +description: Reference for LAQueryLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# LAQueryLogs + +Audit logs for queries executed in Log Analytics Workspaces. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.operationalinsights/workspaces| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/laquerylogs)| + + + +## Columns + +[!INCLUDE [laquerylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/laquerylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/lasummarylogs.md b/articles/azure-monitor/reference/tables/lasummarylogs.md new file mode 100644 index 0000000000..b0774c0d30 --- /dev/null +++ b/articles/azure-monitor/reference/tables/lasummarylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - LASummaryLogs +description: Reference for LASummaryLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# LASummaryLogs + +Provides Summary logs rules execution details, including run status, duration and errors. Can be used to view bins executions statuses, identify rules that take a long time to complete, and failures that could be optimized in query, or shorted bin time. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.operationalinsights/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/lasummarylogs)| + + + +## Columns + +[!INCLUDE [lasummarylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/lasummarylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/linuxauditlog.md b/articles/azure-monitor/reference/tables/linuxauditlog.md new file mode 100644 index 0000000000..adb69e8fdf --- /dev/null +++ b/articles/azure-monitor/reference/tables/linuxauditlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - LinuxAuditLog +description: Reference for LinuxAuditLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# LinuxAuditLog + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| Security, SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [linuxauditlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/linuxauditlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/logicappworkflowruntime.md b/articles/azure-monitor/reference/tables/logicappworkflowruntime.md new file mode 100644 index 0000000000..7117a17bf1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/logicappworkflowruntime.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - LogicAppWorkflowRuntime +description: Reference for LogicAppWorkflowRuntime table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# LogicAppWorkflowRuntime + +Logs generated during Logic Apps workflow runtime. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.web/sites,
microsoft.logic/workflows| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/logicappworkflowruntime)| + + + +## Columns + +[!INCLUDE [logicappworkflowruntime](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/logicappworkflowruntime-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplication.md b/articles/azure-monitor/reference/tables/maapplication.md new file mode 100644 index 0000000000..c0c514d0ff --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplication.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplication +description: Reference for MAApplication table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplication + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplication](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplication-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplicationhealth.md b/articles/azure-monitor/reference/tables/maapplicationhealth.md new file mode 100644 index 0000000000..871460c037 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplicationhealth.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplicationHealth +description: Reference for MAApplicationHealth table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplicationHealth + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplicationhealth](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplicationhealth-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplicationhealthalternativeversions.md b/articles/azure-monitor/reference/tables/maapplicationhealthalternativeversions.md new file mode 100644 index 0000000000..33cf0fff0e --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplicationhealthalternativeversions.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplicationHealthAlternativeVersions +description: Reference for MAApplicationHealthAlternativeVersions table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplicationHealthAlternativeVersions + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplicationhealthalternativeversions](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplicationhealthalternativeversions-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplicationhealthissues.md b/articles/azure-monitor/reference/tables/maapplicationhealthissues.md new file mode 100644 index 0000000000..77caa1ae47 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplicationhealthissues.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplicationHealthIssues +description: Reference for MAApplicationHealthIssues table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplicationHealthIssues + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplicationhealthissues](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplicationhealthissues-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplicationinstance.md b/articles/azure-monitor/reference/tables/maapplicationinstance.md new file mode 100644 index 0000000000..87509567f5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplicationinstance.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplicationInstance +description: Reference for MAApplicationInstance table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplicationInstance + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplicationinstance](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplicationinstance-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplicationinstancereadiness.md b/articles/azure-monitor/reference/tables/maapplicationinstancereadiness.md new file mode 100644 index 0000000000..e6f4fdb067 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplicationinstancereadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplicationInstanceReadiness +description: Reference for MAApplicationInstanceReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplicationInstanceReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplicationinstancereadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplicationinstancereadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/maapplicationreadiness.md b/articles/azure-monitor/reference/tables/maapplicationreadiness.md new file mode 100644 index 0000000000..35cff62886 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maapplicationreadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAApplicationReadiness +description: Reference for MAApplicationReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAApplicationReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maapplicationreadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maapplicationreadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/madeploymentplan.md b/articles/azure-monitor/reference/tables/madeploymentplan.md new file mode 100644 index 0000000000..8da7359919 --- /dev/null +++ b/articles/azure-monitor/reference/tables/madeploymentplan.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADeploymentPlan +description: Reference for MADeploymentPlan table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADeploymentPlan + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madeploymentplan](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madeploymentplan-include.md)] diff --git a/articles/azure-monitor/reference/tables/madevice.md b/articles/azure-monitor/reference/tables/madevice.md new file mode 100644 index 0000000000..3b2a66cada --- /dev/null +++ b/articles/azure-monitor/reference/tables/madevice.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADevice +description: Reference for MADevice table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADevice + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madevice](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madevice-include.md)] diff --git a/articles/azure-monitor/reference/tables/madevicenotenrolled.md b/articles/azure-monitor/reference/tables/madevicenotenrolled.md new file mode 100644 index 0000000000..1dc0167c20 --- /dev/null +++ b/articles/azure-monitor/reference/tables/madevicenotenrolled.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADeviceNotEnrolled +description: Reference for MADeviceNotEnrolled table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADeviceNotEnrolled + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madevicenotenrolled](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madevicenotenrolled-include.md)] diff --git a/articles/azure-monitor/reference/tables/madevicenrt.md b/articles/azure-monitor/reference/tables/madevicenrt.md new file mode 100644 index 0000000000..3a5e78510d --- /dev/null +++ b/articles/azure-monitor/reference/tables/madevicenrt.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADeviceNRT +description: Reference for MADeviceNRT table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADeviceNRT + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madevicenrt](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madevicenrt-include.md)] diff --git a/articles/azure-monitor/reference/tables/madevicereadiness.md b/articles/azure-monitor/reference/tables/madevicereadiness.md new file mode 100644 index 0000000000..3c8e6ad015 --- /dev/null +++ b/articles/azure-monitor/reference/tables/madevicereadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADeviceReadiness +description: Reference for MADeviceReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADeviceReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madevicereadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madevicereadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/madriverinstancereadiness.md b/articles/azure-monitor/reference/tables/madriverinstancereadiness.md new file mode 100644 index 0000000000..60b8fc2b85 --- /dev/null +++ b/articles/azure-monitor/reference/tables/madriverinstancereadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADriverInstanceReadiness +description: Reference for MADriverInstanceReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADriverInstanceReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madriverinstancereadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madriverinstancereadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/madriverreadiness.md b/articles/azure-monitor/reference/tables/madriverreadiness.md new file mode 100644 index 0000000000..df00a32410 --- /dev/null +++ b/articles/azure-monitor/reference/tables/madriverreadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MADriverReadiness +description: Reference for MADriverReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MADriverReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [madriverreadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/madriverreadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficeaddin.md b/articles/azure-monitor/reference/tables/maofficeaddin.md new file mode 100644 index 0000000000..331820c925 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficeaddin.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeAddin +description: Reference for MAOfficeAddin table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeAddin + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficeaddin](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficeaddin-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficeaddininstance.md b/articles/azure-monitor/reference/tables/maofficeaddininstance.md new file mode 100644 index 0000000000..dda81d92b1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficeaddininstance.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeAddinInstance +description: Reference for MAOfficeAddinInstance table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeAddinInstance + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficeaddininstance](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficeaddininstance-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficeaddinreadiness.md b/articles/azure-monitor/reference/tables/maofficeaddinreadiness.md new file mode 100644 index 0000000000..f299f8195d --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficeaddinreadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeAddinReadiness +description: Reference for MAOfficeAddinReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeAddinReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficeaddinreadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficeaddinreadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficeappinstance.md b/articles/azure-monitor/reference/tables/maofficeappinstance.md new file mode 100644 index 0000000000..e1aa6499ea --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficeappinstance.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeAppInstance +description: Reference for MAOfficeAppInstance table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeAppInstance + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficeappinstance](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficeappinstance-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficeappreadiness.md b/articles/azure-monitor/reference/tables/maofficeappreadiness.md new file mode 100644 index 0000000000..412bfdf333 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficeappreadiness.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeAppReadiness +description: Reference for MAOfficeAppReadiness table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeAppReadiness + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficeappreadiness](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficeappreadiness-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficebuildinfo.md b/articles/azure-monitor/reference/tables/maofficebuildinfo.md new file mode 100644 index 0000000000..8acd1350b2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficebuildinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeBuildInfo +description: Reference for MAOfficeBuildInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeBuildInfo + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficebuildinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficebuildinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficecurrencyassessment.md b/articles/azure-monitor/reference/tables/maofficecurrencyassessment.md new file mode 100644 index 0000000000..735d2229cf --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficecurrencyassessment.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeCurrencyAssessment +description: Reference for MAOfficeCurrencyAssessment table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeCurrencyAssessment + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficecurrencyassessment](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficecurrencyassessment-include.md)] diff --git a/articles/azure-monitor/reference/tables/maofficesuiteinstance.md b/articles/azure-monitor/reference/tables/maofficesuiteinstance.md new file mode 100644 index 0000000000..958e846b02 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maofficesuiteinstance.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAOfficeSuiteInstance +description: Reference for MAOfficeSuiteInstance table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAOfficeSuiteInstance + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maofficesuiteinstance](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maofficesuiteinstance-include.md)] diff --git a/articles/azure-monitor/reference/tables/maproposedpilotdevices.md b/articles/azure-monitor/reference/tables/maproposedpilotdevices.md new file mode 100644 index 0000000000..d73ed9aad0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/maproposedpilotdevices.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAProposedPilotDevices +description: Reference for MAProposedPilotDevices table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAProposedPilotDevices + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [maproposedpilotdevices](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/maproposedpilotdevices-include.md)] diff --git a/articles/azure-monitor/reference/tables/mawindowsbuildinfo.md b/articles/azure-monitor/reference/tables/mawindowsbuildinfo.md new file mode 100644 index 0000000000..11ba38607b --- /dev/null +++ b/articles/azure-monitor/reference/tables/mawindowsbuildinfo.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAWindowsBuildInfo +description: Reference for MAWindowsBuildInfo table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAWindowsBuildInfo + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mawindowsbuildinfo](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mawindowsbuildinfo-include.md)] diff --git a/articles/azure-monitor/reference/tables/mawindowscurrencyassessment.md b/articles/azure-monitor/reference/tables/mawindowscurrencyassessment.md new file mode 100644 index 0000000000..82277db8dc --- /dev/null +++ b/articles/azure-monitor/reference/tables/mawindowscurrencyassessment.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAWindowsCurrencyAssessment +description: Reference for MAWindowsCurrencyAssessment table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAWindowsCurrencyAssessment + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mawindowscurrencyassessment](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mawindowscurrencyassessment-include.md)] diff --git a/articles/azure-monitor/reference/tables/mawindowscurrencyassessmentdailycounts.md b/articles/azure-monitor/reference/tables/mawindowscurrencyassessmentdailycounts.md new file mode 100644 index 0000000000..8feca1260a --- /dev/null +++ b/articles/azure-monitor/reference/tables/mawindowscurrencyassessmentdailycounts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAWindowsCurrencyAssessmentDailyCounts +description: Reference for MAWindowsCurrencyAssessmentDailyCounts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAWindowsCurrencyAssessmentDailyCounts + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mawindowscurrencyassessmentdailycounts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mawindowscurrencyassessmentdailycounts-include.md)] diff --git a/articles/azure-monitor/reference/tables/mawindowsdeploymentstatus.md b/articles/azure-monitor/reference/tables/mawindowsdeploymentstatus.md new file mode 100644 index 0000000000..b6afae58d6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mawindowsdeploymentstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAWindowsDeploymentStatus +description: Reference for MAWindowsDeploymentStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAWindowsDeploymentStatus + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mawindowsdeploymentstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mawindowsdeploymentstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/mawindowsdeploymentstatusnrt.md b/articles/azure-monitor/reference/tables/mawindowsdeploymentstatusnrt.md new file mode 100644 index 0000000000..8b5c7c2e33 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mawindowsdeploymentstatusnrt.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MAWindowsDeploymentStatusNRT +description: Reference for MAWindowsDeploymentStatusNRT table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MAWindowsDeploymentStatusNRT + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| Microsoft365Analytics| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mawindowsdeploymentstatusnrt](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mawindowsdeploymentstatusnrt-include.md)] diff --git a/articles/azure-monitor/reference/tables/mcasshadowitreporting.md b/articles/azure-monitor/reference/tables/mcasshadowitreporting.md new file mode 100644 index 0000000000..ff4c466573 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mcasshadowitreporting.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - McasShadowItReporting +description: Reference for McasShadowItReporting table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# McasShadowItReporting + +McasShadowItReporting + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mcasshadowitreporting](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mcasshadowitreporting-include.md)] diff --git a/articles/azure-monitor/reference/tables/mcceventlogs.md b/articles/azure-monitor/reference/tables/mcceventlogs.md new file mode 100644 index 0000000000..52ef852fa1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mcceventlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MCCEventLogs +description: Reference for MCCEventLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MCCEventLogs + +This table includes logs for cache events. Can be used for performance metrics. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.connectedcache/cachenodes| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mcceventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mcceventlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/mcvpauditlogs.md b/articles/azure-monitor/reference/tables/mcvpauditlogs.md new file mode 100644 index 0000000000..ba23a81761 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mcvpauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MCVPAuditLogs +description: Reference for MCVPAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MCVPAuditLogs + +The MCVP audit logs. This table will include audit logs for MCVP service transactions. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.connectedvehicle/platformaccounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mcvpauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mcvpauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/mcvpoperationlogs.md b/articles/azure-monitor/reference/tables/mcvpoperationlogs.md new file mode 100644 index 0000000000..6977c1f57e --- /dev/null +++ b/articles/azure-monitor/reference/tables/mcvpoperationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MCVPOperationLogs +description: Reference for MCVPOperationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MCVPOperationLogs + +The MCVP Azure monitor logs. This table will include logs for vehicle provision, connection and activities sending command and receiving telemetry messages. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.connectedvehicle/platformaccounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mcvpoperationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mcvpoperationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/mdcdetectiondnsevents.md b/articles/azure-monitor/reference/tables/mdcdetectiondnsevents.md new file mode 100644 index 0000000000..dbdb256ead --- /dev/null +++ b/articles/azure-monitor/reference/tables/mdcdetectiondnsevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MDCDetectionDNSEvents +description: Reference for MDCDetectionDNSEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MDCDetectionDNSEvents + +DNS Events. This table is collected by the detection team in MDC. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/mdcdetectiondnsevents)| + + + +## Columns + +[!INCLUDE [mdcdetectiondnsevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mdcdetectiondnsevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/mdcdetectionfimevents.md b/articles/azure-monitor/reference/tables/mdcdetectionfimevents.md new file mode 100644 index 0000000000..19c5f8c7c1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mdcdetectionfimevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MDCDetectionFimEvents +description: Reference for MDCDetectionFimEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MDCDetectionFimEvents + +Events from this table are collected by the detection team in MDC. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/mdcdetectionfimevents)| + + + +## Columns + +[!INCLUDE [mdcdetectionfimevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mdcdetectionfimevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/mdcfileintegritymonitoringevents.md b/articles/azure-monitor/reference/tables/mdcfileintegritymonitoringevents.md new file mode 100644 index 0000000000..4f94c50edd --- /dev/null +++ b/articles/azure-monitor/reference/tables/mdcfileintegritymonitoringevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MDCFileIntegrityMonitoringEvents +description: Reference for MDCFileIntegrityMonitoringEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MDCFileIntegrityMonitoringEvents + +View changes of Windows and Linux Files, as well as of software registry keys. Events from this table are collected by Microsoft Defender for Endpoint (MDE). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mdcfileintegritymonitoringevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mdcfileintegritymonitoringevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/mdecustomcollectiondevicefileevents.md b/articles/azure-monitor/reference/tables/mdecustomcollectiondevicefileevents.md new file mode 100644 index 0000000000..c675f96c5e --- /dev/null +++ b/articles/azure-monitor/reference/tables/mdecustomcollectiondevicefileevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MDECustomCollectionDeviceFileEvents +description: Reference for MDECustomCollectionDeviceFileEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MDECustomCollectionDeviceFileEvents + +This table is part of Microsoft Defender for Endpoints for the Custom Collection scenario. This table contains file creation, modification, and other file system events for anything explicitly requested by the customer for collection. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [mdecustomcollectiondevicefileevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mdecustomcollectiondevicefileevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoft-aad_domainservices.md b/articles/azure-monitor/reference/tables/microsoft-aad_domainservices.md new file mode 100644 index 0000000000..7a8d5de844 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-aad_domainservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.aad/domainservices +description: Azure Monitor tables for resource type microsoft.aad/domainservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.aad/domainservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-aad_domainservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-aadiam_tenants.md b/articles/azure-monitor/reference/tables/microsoft-aadiam_tenants.md new file mode 100644 index 0000000000..96c18ee331 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-aadiam_tenants.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.aadiam/tenants +description: Azure Monitor tables for resource type microsoft.aadiam/tenants +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.aadiam/tenants + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-aadiam_tenants-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-agfoodplatform_farmbeats.md b/articles/azure-monitor/reference/tables/microsoft-agfoodplatform_farmbeats.md new file mode 100644 index 0000000000..beab567aed --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-agfoodplatform_farmbeats.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.agfoodplatform/farmbeats +description: Azure Monitor tables for resource type microsoft.agfoodplatform/farmbeats +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.agfoodplatform/farmbeats + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-agfoodplatform_farmbeats-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-analysisservices_servers.md b/articles/azure-monitor/reference/tables/microsoft-analysisservices_servers.md new file mode 100644 index 0000000000..72dc66d147 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-analysisservices_servers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.analysisservices/servers +description: Azure Monitor tables for resource type microsoft.analysisservices/servers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.analysisservices/servers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-analysisservices_servers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-apimanagement_service.md b/articles/azure-monitor/reference/tables/microsoft-apimanagement_service.md new file mode 100644 index 0000000000..2213916c81 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-apimanagement_service.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.apimanagement/service +description: Azure Monitor tables for resource type microsoft.apimanagement/service +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.apimanagement/service + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-apimanagement_service-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-app_managedenvironments.md b/articles/azure-monitor/reference/tables/microsoft-app_managedenvironments.md new file mode 100644 index 0000000000..b3e212f58c --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-app_managedenvironments.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.app/managedenvironments +description: Azure Monitor tables for resource type microsoft.app/managedenvironments +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.app/managedenvironments + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-app_managedenvironments-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-appconfiguration_configurationstores.md b/articles/azure-monitor/reference/tables/microsoft-appconfiguration_configurationstores.md new file mode 100644 index 0000000000..eca08d2164 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-appconfiguration_configurationstores.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.appconfiguration/configurationstores +description: Azure Monitor tables for resource type microsoft.appconfiguration/configurationstores +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.appconfiguration/configurationstores + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-appconfiguration_configurationstores-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-appplatform_spring.md b/articles/azure-monitor/reference/tables/microsoft-appplatform_spring.md new file mode 100644 index 0000000000..d73c1f3081 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-appplatform_spring.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.appplatform/spring +description: Azure Monitor tables for resource type microsoft.appplatform/spring +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.appplatform/spring + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-appplatform_spring-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-attestation_attestationproviders.md b/articles/azure-monitor/reference/tables/microsoft-attestation_attestationproviders.md new file mode 100644 index 0000000000..dc21b52673 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-attestation_attestationproviders.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.attestation/attestationproviders +description: Azure Monitor tables for resource type microsoft.attestation/attestationproviders +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.attestation/attestationproviders + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-attestation_attestationproviders-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-automation_automationaccounts.md b/articles/azure-monitor/reference/tables/microsoft-automation_automationaccounts.md new file mode 100644 index 0000000000..7be3ddbf88 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-automation_automationaccounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.automation/automationaccounts +description: Azure Monitor tables for resource type microsoft.automation/automationaccounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.automation/automationaccounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-automation_automationaccounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-autonomousdevelopmentplatform_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-autonomousdevelopmentplatform_workspaces.md new file mode 100644 index 0000000000..0c7cd3e85a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-autonomousdevelopmentplatform_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.autonomousdevelopmentplatform/workspaces +description: Azure Monitor tables for resource type microsoft.autonomousdevelopmentplatform/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.autonomousdevelopmentplatform/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-autonomousdevelopmentplatform_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-avs_privateclouds.md b/articles/azure-monitor/reference/tables/microsoft-avs_privateclouds.md new file mode 100644 index 0000000000..cf9812d990 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-avs_privateclouds.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.avs/privateclouds +description: Azure Monitor tables for resource type microsoft.avs/privateclouds +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.avs/privateclouds + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-avs_privateclouds-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-azuredatatransfer_connections.md b/articles/azure-monitor/reference/tables/microsoft-azuredatatransfer_connections.md new file mode 100644 index 0000000000..e3b5450490 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-azuredatatransfer_connections.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.azuredatatransfer/connections +description: Azure Monitor tables for resource type microsoft.azuredatatransfer/connections +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.azuredatatransfer/connections + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-azuredatatransfer_connections-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-azureplaywrightservice_accounts.md b/articles/azure-monitor/reference/tables/microsoft-azureplaywrightservice_accounts.md new file mode 100644 index 0000000000..9ed6aef8a1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-azureplaywrightservice_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.azureplaywrightservice/accounts +description: Azure Monitor tables for resource type microsoft.azureplaywrightservice/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.azureplaywrightservice/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-azureplaywrightservice_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-azuresphere_catalogs.md b/articles/azure-monitor/reference/tables/microsoft-azuresphere_catalogs.md new file mode 100644 index 0000000000..ecfcb40275 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-azuresphere_catalogs.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.azuresphere/catalogs +description: Azure Monitor tables for resource type microsoft.azuresphere/catalogs +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.azuresphere/catalogs + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-azuresphere_catalogs-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-azurestackhci_clusters.md b/articles/azure-monitor/reference/tables/microsoft-azurestackhci_clusters.md new file mode 100644 index 0000000000..51ee670870 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-azurestackhci_clusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.azurestackhci/clusters +description: Azure Monitor tables for resource type microsoft.azurestackhci/clusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.azurestackhci/clusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-azurestackhci_clusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-azurestackhci_virtualmachines.md b/articles/azure-monitor/reference/tables/microsoft-azurestackhci_virtualmachines.md new file mode 100644 index 0000000000..ed5ac3154f --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-azurestackhci_virtualmachines.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.azurestackhci/virtualmachines +description: Azure Monitor tables for resource type microsoft.azurestackhci/virtualmachines +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.azurestackhci/virtualmachines + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-azurestackhci_virtualmachines-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-batch_batchaccounts.md b/articles/azure-monitor/reference/tables/microsoft-batch_batchaccounts.md new file mode 100644 index 0000000000..5193b077af --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-batch_batchaccounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.batch/batchaccounts +description: Azure Monitor tables for resource type microsoft.batch/batchaccounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.batch/batchaccounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-batch_batchaccounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-blockchain_blockchainmembers.md b/articles/azure-monitor/reference/tables/microsoft-blockchain_blockchainmembers.md new file mode 100644 index 0000000000..44fbb1aa00 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-blockchain_blockchainmembers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.blockchain/blockchainmembers +description: Azure Monitor tables for resource type microsoft.blockchain/blockchainmembers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.blockchain/blockchainmembers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-blockchain_blockchainmembers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-botservice_botservices.md b/articles/azure-monitor/reference/tables/microsoft-botservice_botservices.md new file mode 100644 index 0000000000..0e17757f05 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-botservice_botservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.botservice/botservices +description: Azure Monitor tables for resource type microsoft.botservice/botservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.botservice/botservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-botservice_botservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-cache_redis.md b/articles/azure-monitor/reference/tables/microsoft-cache_redis.md new file mode 100644 index 0000000000..192a80d0b9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-cache_redis.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.cache/redis +description: Azure Monitor tables for resource type microsoft.cache/redis +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.cache/redis + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-cache_redis-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-cache_redisenterprise.md b/articles/azure-monitor/reference/tables/microsoft-cache_redisenterprise.md new file mode 100644 index 0000000000..86e93cbb64 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-cache_redisenterprise.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.cache/redisenterprise +description: Azure Monitor tables for resource type microsoft.cache/redisenterprise +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.cache/redisenterprise + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-cache_redisenterprise-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-cdn_profiles.md b/articles/azure-monitor/reference/tables/microsoft-cdn_profiles.md new file mode 100644 index 0000000000..bf4c8a507f --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-cdn_profiles.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.cdn/profiles +description: Azure Monitor tables for resource type microsoft.cdn/profiles +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.cdn/profiles + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-cdn_profiles-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-chaos_experiments.md b/articles/azure-monitor/reference/tables/microsoft-chaos_experiments.md new file mode 100644 index 0000000000..a781c992af --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-chaos_experiments.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.chaos/experiments +description: Azure Monitor tables for resource type microsoft.chaos/experiments +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.chaos/experiments + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-chaos_experiments-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-cognitiveservices_accounts.md b/articles/azure-monitor/reference/tables/microsoft-cognitiveservices_accounts.md new file mode 100644 index 0000000000..2bbd945a9a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-cognitiveservices_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.cognitiveservices/accounts +description: Azure Monitor tables for resource type microsoft.cognitiveservices/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.cognitiveservices/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-cognitiveservices_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-communication_communicationservices.md b/articles/azure-monitor/reference/tables/microsoft-communication_communicationservices.md new file mode 100644 index 0000000000..5968c77fc1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-communication_communicationservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.communication/communicationservices +description: Azure Monitor tables for resource type microsoft.communication/communicationservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.communication/communicationservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-communication_communicationservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-compute_virtualmachines.md b/articles/azure-monitor/reference/tables/microsoft-compute_virtualmachines.md new file mode 100644 index 0000000000..718912a6fa --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-compute_virtualmachines.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.compute/virtualmachines +description: Azure Monitor tables for resource type microsoft.compute/virtualmachines +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.compute/virtualmachines + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-compute_virtualmachines-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-compute_virtualmachinescalesets.md b/articles/azure-monitor/reference/tables/microsoft-compute_virtualmachinescalesets.md new file mode 100644 index 0000000000..dd3e1dcb96 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-compute_virtualmachinescalesets.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.compute/virtualmachinescalesets +description: Azure Monitor tables for resource type microsoft.compute/virtualmachinescalesets +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.compute/virtualmachinescalesets + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-compute_virtualmachinescalesets-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-conenctedvmwarevsphere_virtualmachines.md b/articles/azure-monitor/reference/tables/microsoft-conenctedvmwarevsphere_virtualmachines.md new file mode 100644 index 0000000000..4b4b5ba874 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-conenctedvmwarevsphere_virtualmachines.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.conenctedvmwarevsphere/virtualmachines +description: Azure Monitor tables for resource type microsoft.conenctedvmwarevsphere/virtualmachines +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.conenctedvmwarevsphere/virtualmachines + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-conenctedvmwarevsphere_virtualmachines-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-confidentialledger_managedccfs.md b/articles/azure-monitor/reference/tables/microsoft-confidentialledger_managedccfs.md new file mode 100644 index 0000000000..880838fadf --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-confidentialledger_managedccfs.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.confidentialledger/managedccfs +description: Azure Monitor tables for resource type microsoft.confidentialledger/managedccfs +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.confidentialledger/managedccfs + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-confidentialledger_managedccfs-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-connectedcache_cachenodes.md b/articles/azure-monitor/reference/tables/microsoft-connectedcache_cachenodes.md new file mode 100644 index 0000000000..29c5569daa --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-connectedcache_cachenodes.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.connectedcache/cachenodes +description: Azure Monitor tables for resource type microsoft.connectedcache/cachenodes +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.connectedcache/cachenodes + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-connectedcache_cachenodes-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-connectedvehicle_platformaccounts.md b/articles/azure-monitor/reference/tables/microsoft-connectedvehicle_platformaccounts.md new file mode 100644 index 0000000000..595e6f33b1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-connectedvehicle_platformaccounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.connectedvehicle/platformaccounts +description: Azure Monitor tables for resource type microsoft.connectedvehicle/platformaccounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.connectedvehicle/platformaccounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-connectedvehicle_platformaccounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-containerinstance_containergroups.md b/articles/azure-monitor/reference/tables/microsoft-containerinstance_containergroups.md new file mode 100644 index 0000000000..b978d3049d --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-containerinstance_containergroups.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.containerinstance/containergroups +description: Azure Monitor tables for resource type microsoft.containerinstance/containergroups +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.containerinstance/containergroups + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-containerinstance_containergroups-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-containerregistry_registries.md b/articles/azure-monitor/reference/tables/microsoft-containerregistry_registries.md new file mode 100644 index 0000000000..5fb5eb3d21 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-containerregistry_registries.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.containerregistry/registries +description: Azure Monitor tables for resource type microsoft.containerregistry/registries +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.containerregistry/registries + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-containerregistry_registries-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-containerservice_managedclusters.md b/articles/azure-monitor/reference/tables/microsoft-containerservice_managedclusters.md new file mode 100644 index 0000000000..2ff5aa691e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-containerservice_managedclusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.containerservice/managedclusters +description: Azure Monitor tables for resource type microsoft.containerservice/managedclusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.containerservice/managedclusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-containerservice_managedclusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-d365customerinsights_instances.md b/articles/azure-monitor/reference/tables/microsoft-d365customerinsights_instances.md new file mode 100644 index 0000000000..86c8e31f98 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-d365customerinsights_instances.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.d365customerinsights/instances +description: Azure Monitor tables for resource type microsoft.d365customerinsights/instances +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.d365customerinsights/instances + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-d365customerinsights_instances-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dashboard_grafana.md b/articles/azure-monitor/reference/tables/microsoft-dashboard_grafana.md new file mode 100644 index 0000000000..c02b4fa790 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dashboard_grafana.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dashboard/grafana +description: Azure Monitor tables for resource type microsoft.dashboard/grafana +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dashboard/grafana + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dashboard_grafana-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-databricks_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-databricks_workspaces.md new file mode 100644 index 0000000000..11eb3fde6c --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-databricks_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.databricks/workspaces +description: Azure Monitor tables for resource type microsoft.databricks/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.databricks/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-databricks_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-datacollaboration_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-datacollaboration_workspaces.md new file mode 100644 index 0000000000..c7e3a93f8e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-datacollaboration_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.datacollaboration/workspaces +description: Azure Monitor tables for resource type microsoft.datacollaboration/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.datacollaboration/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-datacollaboration_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-datafactory_factories.md b/articles/azure-monitor/reference/tables/microsoft-datafactory_factories.md new file mode 100644 index 0000000000..f93ff7b600 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-datafactory_factories.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.datafactory/factories +description: Azure Monitor tables for resource type microsoft.datafactory/factories +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.datafactory/factories + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-datafactory_factories-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-datalakeanalytics_accounts.md b/articles/azure-monitor/reference/tables/microsoft-datalakeanalytics_accounts.md new file mode 100644 index 0000000000..8c37a4b56f --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-datalakeanalytics_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.datalakeanalytics/accounts +description: Azure Monitor tables for resource type microsoft.datalakeanalytics/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.datalakeanalytics/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-datalakeanalytics_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-datalakestore_accounts.md b/articles/azure-monitor/reference/tables/microsoft-datalakestore_accounts.md new file mode 100644 index 0000000000..8ae7e09dca --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-datalakestore_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.datalakestore/accounts +description: Azure Monitor tables for resource type microsoft.datalakestore/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.datalakestore/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-datalakestore_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-datashare_accounts.md b/articles/azure-monitor/reference/tables/microsoft-datashare_accounts.md new file mode 100644 index 0000000000..7b656e6abc --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-datashare_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.datashare/accounts +description: Azure Monitor tables for resource type microsoft.datashare/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.datashare/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-datashare_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbformariadb_servers.md b/articles/azure-monitor/reference/tables/microsoft-dbformariadb_servers.md new file mode 100644 index 0000000000..59d592cfdf --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbformariadb_servers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbformariadb/servers +description: Azure Monitor tables for resource type microsoft.dbformariadb/servers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbformariadb/servers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbformariadb_servers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbformysql_flexibleservers.md b/articles/azure-monitor/reference/tables/microsoft-dbformysql_flexibleservers.md new file mode 100644 index 0000000000..cc6465431a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbformysql_flexibleservers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbformysql/flexibleservers +description: Azure Monitor tables for resource type microsoft.dbformysql/flexibleservers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbformysql/flexibleservers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbformysql_flexibleservers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbformysql_servers.md b/articles/azure-monitor/reference/tables/microsoft-dbformysql_servers.md new file mode 100644 index 0000000000..2f25207a77 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbformysql_servers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbformysql/servers +description: Azure Monitor tables for resource type microsoft.dbformysql/servers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbformysql/servers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbformysql_servers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_flexibleservers.md b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_flexibleservers.md new file mode 100644 index 0000000000..fd947daa3b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_flexibleservers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbforpostgresql/flexibleservers +description: Azure Monitor tables for resource type microsoft.dbforpostgresql/flexibleservers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbforpostgresql/flexibleservers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbforpostgresql_flexibleservers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_servergroupsv2.md b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_servergroupsv2.md new file mode 100644 index 0000000000..93875f1877 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_servergroupsv2.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbforpostgresql/servergroupsv2 +description: Azure Monitor tables for resource type microsoft.dbforpostgresql/servergroupsv2 +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbforpostgresql/servergroupsv2 + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbforpostgresql_servergroupsv2-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_servers.md b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_servers.md new file mode 100644 index 0000000000..753c74f4f2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_servers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbforpostgresql/servers +description: Azure Monitor tables for resource type microsoft.dbforpostgresql/servers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbforpostgresql/servers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbforpostgresql_servers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_serversv2.md b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_serversv2.md new file mode 100644 index 0000000000..d3fa11fd86 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-dbforpostgresql_serversv2.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.dbforpostgresql/serversv2 +description: Azure Monitor tables for resource type microsoft.dbforpostgresql/serversv2 +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.dbforpostgresql/serversv2 + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-dbforpostgresql_serversv2-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_applicationgroups.md b/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_applicationgroups.md new file mode 100644 index 0000000000..9cfe9c92ab --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_applicationgroups.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.desktopvirtualization/applicationgroups +description: Azure Monitor tables for resource type microsoft.desktopvirtualization/applicationgroups +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.desktopvirtualization/applicationgroups + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-desktopvirtualization_applicationgroups-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_hostpools.md b/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_hostpools.md new file mode 100644 index 0000000000..5389fd4d73 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_hostpools.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.desktopvirtualization/hostpools +description: Azure Monitor tables for resource type microsoft.desktopvirtualization/hostpools +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.desktopvirtualization/hostpools + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-desktopvirtualization_hostpools-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_workspaces.md new file mode 100644 index 0000000000..db94f967e9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-desktopvirtualization_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.desktopvirtualization/workspaces +description: Azure Monitor tables for resource type microsoft.desktopvirtualization/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.desktopvirtualization/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-desktopvirtualization_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-devcenter_devcenters.md b/articles/azure-monitor/reference/tables/microsoft-devcenter_devcenters.md new file mode 100644 index 0000000000..d19fef4ea3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-devcenter_devcenters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.devcenter/devcenters +description: Azure Monitor tables for resource type microsoft.devcenter/devcenters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.devcenter/devcenters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-devcenter_devcenters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-devices_iothubs.md b/articles/azure-monitor/reference/tables/microsoft-devices_iothubs.md new file mode 100644 index 0000000000..5b8fd98640 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-devices_iothubs.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.devices/iothubs +description: Azure Monitor tables for resource type microsoft.devices/iothubs +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.devices/iothubs + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-devices_iothubs-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-devices_provisioningservices.md b/articles/azure-monitor/reference/tables/microsoft-devices_provisioningservices.md new file mode 100644 index 0000000000..805f029ee5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-devices_provisioningservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.devices/provisioningservices +description: Azure Monitor tables for resource type microsoft.devices/provisioningservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.devices/provisioningservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-devices_provisioningservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-digitaltwins_digitaltwinsinstances.md b/articles/azure-monitor/reference/tables/microsoft-digitaltwins_digitaltwinsinstances.md new file mode 100644 index 0000000000..1c5b9a3f6e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-digitaltwins_digitaltwinsinstances.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.digitaltwins/digitaltwinsinstances +description: Azure Monitor tables for resource type microsoft.digitaltwins/digitaltwinsinstances +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.digitaltwins/digitaltwinsinstances + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-digitaltwins_digitaltwinsinstances-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-documentdb_cassandraclusters.md b/articles/azure-monitor/reference/tables/microsoft-documentdb_cassandraclusters.md new file mode 100644 index 0000000000..774257d485 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-documentdb_cassandraclusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.documentdb/cassandraclusters +description: Azure Monitor tables for resource type microsoft.documentdb/cassandraclusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.documentdb/cassandraclusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-documentdb_cassandraclusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-documentdb_databaseaccounts.md b/articles/azure-monitor/reference/tables/microsoft-documentdb_databaseaccounts.md new file mode 100644 index 0000000000..547737aad2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-documentdb_databaseaccounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.documentdb/databaseaccounts +description: Azure Monitor tables for resource type microsoft.documentdb/databaseaccounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.documentdb/databaseaccounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-documentdb_databaseaccounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-documentdb_mongoclusters.md b/articles/azure-monitor/reference/tables/microsoft-documentdb_mongoclusters.md new file mode 100644 index 0000000000..25667dbef3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-documentdb_mongoclusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.documentdb/mongoclusters +description: Azure Monitor tables for resource type microsoft.documentdb/mongoclusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.documentdb/mongoclusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-documentdb_mongoclusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventgrid_domains.md b/articles/azure-monitor/reference/tables/microsoft-eventgrid_domains.md new file mode 100644 index 0000000000..d0fde19a68 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventgrid_domains.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventgrid/domains +description: Azure Monitor tables for resource type microsoft.eventgrid/domains +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventgrid/domains + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventgrid_domains-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventgrid_namespaces.md b/articles/azure-monitor/reference/tables/microsoft-eventgrid_namespaces.md new file mode 100644 index 0000000000..1de865fae0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventgrid_namespaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventgrid/namespaces +description: Azure Monitor tables for resource type microsoft.eventgrid/namespaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventgrid/namespaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventgrid_namespaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventgrid_partnernamespaces.md b/articles/azure-monitor/reference/tables/microsoft-eventgrid_partnernamespaces.md new file mode 100644 index 0000000000..687f6013e1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventgrid_partnernamespaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventgrid/partnernamespaces +description: Azure Monitor tables for resource type microsoft.eventgrid/partnernamespaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventgrid/partnernamespaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventgrid_partnernamespaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventgrid_partnertopics.md b/articles/azure-monitor/reference/tables/microsoft-eventgrid_partnertopics.md new file mode 100644 index 0000000000..84705e153e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventgrid_partnertopics.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventgrid/partnertopics +description: Azure Monitor tables for resource type microsoft.eventgrid/partnertopics +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventgrid/partnertopics + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventgrid_partnertopics-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventgrid_systemtopics.md b/articles/azure-monitor/reference/tables/microsoft-eventgrid_systemtopics.md new file mode 100644 index 0000000000..2327731e94 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventgrid_systemtopics.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventgrid/systemtopics +description: Azure Monitor tables for resource type microsoft.eventgrid/systemtopics +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventgrid/systemtopics + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventgrid_systemtopics-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventgrid_topics.md b/articles/azure-monitor/reference/tables/microsoft-eventgrid_topics.md new file mode 100644 index 0000000000..271f53a71b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventgrid_topics.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventgrid/topics +description: Azure Monitor tables for resource type microsoft.eventgrid/topics +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventgrid/topics + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventgrid_topics-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-eventhub_namespaces.md b/articles/azure-monitor/reference/tables/microsoft-eventhub_namespaces.md new file mode 100644 index 0000000000..d66cd841ca --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-eventhub_namespaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.eventhub/namespaces +description: Azure Monitor tables for resource type microsoft.eventhub/namespaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.eventhub/namespaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-eventhub_namespaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-experimentation_experimentworkspaces.md b/articles/azure-monitor/reference/tables/microsoft-experimentation_experimentworkspaces.md new file mode 100644 index 0000000000..cc696ff349 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-experimentation_experimentworkspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.experimentation/experimentworkspaces +description: Azure Monitor tables for resource type microsoft.experimentation/experimentworkspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.experimentation/experimentworkspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-experimentation_experimentworkspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-graph_tenants.md b/articles/azure-monitor/reference/tables/microsoft-graph_tenants.md new file mode 100644 index 0000000000..35c0972fa8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-graph_tenants.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.graph/tenants +description: Azure Monitor tables for resource type microsoft.graph/tenants +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.graph/tenants + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-graph_tenants-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-hardwaresecuritymodules_cloudhsmclusters.md b/articles/azure-monitor/reference/tables/microsoft-hardwaresecuritymodules_cloudhsmclusters.md new file mode 100644 index 0000000000..972b8488d6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-hardwaresecuritymodules_cloudhsmclusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.hardwaresecuritymodules/cloudhsmclusters +description: Azure Monitor tables for resource type microsoft.hardwaresecuritymodules/cloudhsmclusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.hardwaresecuritymodules/cloudhsmclusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-hardwaresecuritymodules_cloudhsmclusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-hdinsight_clusters.md b/articles/azure-monitor/reference/tables/microsoft-hdinsight_clusters.md new file mode 100644 index 0000000000..97f35db0c7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-hdinsight_clusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.hdinsight/clusters +description: Azure Monitor tables for resource type microsoft.hdinsight/clusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.hdinsight/clusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-hdinsight_clusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-healthcareapis_services.md b/articles/azure-monitor/reference/tables/microsoft-healthcareapis_services.md new file mode 100644 index 0000000000..03591a435a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-healthcareapis_services.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.healthcareapis/services +description: Azure Monitor tables for resource type microsoft.healthcareapis/services +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.healthcareapis/services + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-healthcareapis_services-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-healthcareapis_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-healthcareapis_workspaces.md new file mode 100644 index 0000000000..d584bdc641 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-healthcareapis_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.healthcareapis/workspaces +description: Azure Monitor tables for resource type microsoft.healthcareapis/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.healthcareapis/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-healthcareapis_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-healthdataaiservices_deidservices.md b/articles/azure-monitor/reference/tables/microsoft-healthdataaiservices_deidservices.md new file mode 100644 index 0000000000..f7b3678c54 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-healthdataaiservices_deidservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.healthdataaiservices/deidservices +description: Azure Monitor tables for resource type microsoft.healthdataaiservices/deidservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.healthdataaiservices/deidservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-healthdataaiservices_deidservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-hybridcontainerservice_provisionedclusters.md b/articles/azure-monitor/reference/tables/microsoft-hybridcontainerservice_provisionedclusters.md new file mode 100644 index 0000000000..9f99b6fea1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-hybridcontainerservice_provisionedclusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.hybridcontainerservice/provisionedclusters +description: Azure Monitor tables for resource type microsoft.hybridcontainerservice/provisionedclusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.hybridcontainerservice/provisionedclusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-hybridcontainerservice_provisionedclusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-insights_autoscalesettings.md b/articles/azure-monitor/reference/tables/microsoft-insights_autoscalesettings.md new file mode 100644 index 0000000000..2b22e19867 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-insights_autoscalesettings.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.insights/autoscalesettings +description: Azure Monitor tables for resource type microsoft.insights/autoscalesettings +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.insights/autoscalesettings + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-insights_autoscalesettings-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-insights_components.md b/articles/azure-monitor/reference/tables/microsoft-insights_components.md new file mode 100644 index 0000000000..ee577eb096 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-insights_components.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.insights/components +description: Azure Monitor tables for resource type microsoft.insights/components +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.insights/components + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-insights_components-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-insights_datacollectionrules.md b/articles/azure-monitor/reference/tables/microsoft-insights_datacollectionrules.md new file mode 100644 index 0000000000..088cc76233 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-insights_datacollectionrules.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.insights/datacollectionrules +description: Azure Monitor tables for resource type microsoft.insights/datacollectionrules +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.insights/datacollectionrules + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-insights_datacollectionrules-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-insights_workloadmonitoring.md b/articles/azure-monitor/reference/tables/microsoft-insights_workloadmonitoring.md new file mode 100644 index 0000000000..2f54e51b9b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-insights_workloadmonitoring.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.insights/workloadmonitoring +description: Azure Monitor tables for resource type microsoft.insights/workloadmonitoring +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.insights/workloadmonitoring + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-insights_workloadmonitoring-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-intune_operations.md b/articles/azure-monitor/reference/tables/microsoft-intune_operations.md new file mode 100644 index 0000000000..250358ea5c --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-intune_operations.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.intune/operations +description: Azure Monitor tables for resource type microsoft.intune/operations +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.intune/operations + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-intune_operations-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-keyvault_vaults.md b/articles/azure-monitor/reference/tables/microsoft-keyvault_vaults.md new file mode 100644 index 0000000000..6ec9289f26 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-keyvault_vaults.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.keyvault/vaults +description: Azure Monitor tables for resource type microsoft.keyvault/vaults +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.keyvault/vaults + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-keyvault_vaults-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-kubernetes_connectedclusters.md b/articles/azure-monitor/reference/tables/microsoft-kubernetes_connectedclusters.md new file mode 100644 index 0000000000..45399fc0ca --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-kubernetes_connectedclusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.kubernetes/connectedclusters +description: Azure Monitor tables for resource type microsoft.kubernetes/connectedclusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.kubernetes/connectedclusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-kubernetes_connectedclusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-kusto_clusters.md b/articles/azure-monitor/reference/tables/microsoft-kusto_clusters.md new file mode 100644 index 0000000000..17504c18cc --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-kusto_clusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.kusto/clusters +description: Azure Monitor tables for resource type microsoft.kusto/clusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.kusto/clusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-kusto_clusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-loadtestservice_loadtests.md b/articles/azure-monitor/reference/tables/microsoft-loadtestservice_loadtests.md new file mode 100644 index 0000000000..2d746157f5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-loadtestservice_loadtests.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.loadtestservice/loadtests +description: Azure Monitor tables for resource type microsoft.loadtestservice/loadtests +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.loadtestservice/loadtests + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-loadtestservice_loadtests-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-logic_integrationaccounts.md b/articles/azure-monitor/reference/tables/microsoft-logic_integrationaccounts.md new file mode 100644 index 0000000000..9c13d4a3f3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-logic_integrationaccounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.logic/integrationaccounts +description: Azure Monitor tables for resource type microsoft.logic/integrationaccounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.logic/integrationaccounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-logic_integrationaccounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-logic_workflows.md b/articles/azure-monitor/reference/tables/microsoft-logic_workflows.md new file mode 100644 index 0000000000..17b9ad3f11 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-logic_workflows.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.logic/workflows +description: Azure Monitor tables for resource type microsoft.logic/workflows +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.logic/workflows + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-logic_workflows-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-machinelearningservices_registries.md b/articles/azure-monitor/reference/tables/microsoft-machinelearningservices_registries.md new file mode 100644 index 0000000000..e82e8c85c2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-machinelearningservices_registries.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.machinelearningservices/registries +description: Azure Monitor tables for resource type microsoft.machinelearningservices/registries +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.machinelearningservices/registries + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-machinelearningservices_registries-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-machinelearningservices_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-machinelearningservices_workspaces.md new file mode 100644 index 0000000000..209fefa637 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-machinelearningservices_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.machinelearningservices/workspaces +description: Azure Monitor tables for resource type microsoft.machinelearningservices/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.machinelearningservices/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-machinelearningservices_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-managednetworkfabric_networkdevices.md b/articles/azure-monitor/reference/tables/microsoft-managednetworkfabric_networkdevices.md new file mode 100644 index 0000000000..43944096bc --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-managednetworkfabric_networkdevices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.managednetworkfabric/networkdevices +description: Azure Monitor tables for resource type microsoft.managednetworkfabric/networkdevices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.managednetworkfabric/networkdevices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-managednetworkfabric_networkdevices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-media_mediaservices.md b/articles/azure-monitor/reference/tables/microsoft-media_mediaservices.md new file mode 100644 index 0000000000..a58ada3768 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-media_mediaservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.media/mediaservices +description: Azure Monitor tables for resource type microsoft.media/mediaservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.media/mediaservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-media_mediaservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-monitor_accounts.md b/articles/azure-monitor/reference/tables/microsoft-monitor_accounts.md new file mode 100644 index 0000000000..57907a09bc --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-monitor_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.monitor/accounts +description: Azure Monitor tables for resource type microsoft.monitor/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.monitor/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-monitor_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_applicationgateways.md b/articles/azure-monitor/reference/tables/microsoft-network_applicationgateways.md new file mode 100644 index 0000000000..a86750735d --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_applicationgateways.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/applicationgateways +description: Azure Monitor tables for resource type microsoft.network/applicationgateways +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/applicationgateways + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_applicationgateways-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_azurefirewalls.md b/articles/azure-monitor/reference/tables/microsoft-network_azurefirewalls.md new file mode 100644 index 0000000000..976f7118e6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_azurefirewalls.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/azurefirewalls +description: Azure Monitor tables for resource type microsoft.network/azurefirewalls +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/azurefirewalls + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_azurefirewalls-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_bastionhosts.md b/articles/azure-monitor/reference/tables/microsoft-network_bastionhosts.md new file mode 100644 index 0000000000..db09493b65 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_bastionhosts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/bastionhosts +description: Azure Monitor tables for resource type microsoft.network/bastionhosts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/bastionhosts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_bastionhosts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_dnsresolverpolicies.md b/articles/azure-monitor/reference/tables/microsoft-network_dnsresolverpolicies.md new file mode 100644 index 0000000000..2477684d2e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_dnsresolverpolicies.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/dnsresolverpolicies +description: Azure Monitor tables for resource type microsoft.network/dnsresolverpolicies +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/dnsresolverpolicies + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_dnsresolverpolicies-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_expressroutecircuits.md b/articles/azure-monitor/reference/tables/microsoft-network_expressroutecircuits.md new file mode 100644 index 0000000000..522c2c0dda --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_expressroutecircuits.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/expressroutecircuits +description: Azure Monitor tables for resource type microsoft.network/expressroutecircuits +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/expressroutecircuits + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_expressroutecircuits-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_frontdoors.md b/articles/azure-monitor/reference/tables/microsoft-network_frontdoors.md new file mode 100644 index 0000000000..1fe6d7c8b4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_frontdoors.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/frontdoors +description: Azure Monitor tables for resource type microsoft.network/frontdoors +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/frontdoors + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_frontdoors-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_loadbalancers.md b/articles/azure-monitor/reference/tables/microsoft-network_loadbalancers.md new file mode 100644 index 0000000000..8846a5b357 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_loadbalancers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/loadbalancers +description: Azure Monitor tables for resource type microsoft.network/loadbalancers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/loadbalancers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_loadbalancers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_networkinterfaces.md b/articles/azure-monitor/reference/tables/microsoft-network_networkinterfaces.md new file mode 100644 index 0000000000..00755164d4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_networkinterfaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/networkinterfaces +description: Azure Monitor tables for resource type microsoft.network/networkinterfaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/networkinterfaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_networkinterfaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_networkmanagers.md b/articles/azure-monitor/reference/tables/microsoft-network_networkmanagers.md new file mode 100644 index 0000000000..04c53bd2a6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_networkmanagers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/networkmanagers +description: Azure Monitor tables for resource type microsoft.network/networkmanagers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/networkmanagers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_networkmanagers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_networksecuritygroups.md b/articles/azure-monitor/reference/tables/microsoft-network_networksecuritygroups.md new file mode 100644 index 0000000000..443aae8d92 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_networksecuritygroups.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/networksecuritygroups +description: Azure Monitor tables for resource type microsoft.network/networksecuritygroups +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/networksecuritygroups + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_networksecuritygroups-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_networksecurityperimeters.md b/articles/azure-monitor/reference/tables/microsoft-network_networksecurityperimeters.md new file mode 100644 index 0000000000..6d3ddf34e7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_networksecurityperimeters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/networksecurityperimeters +description: Azure Monitor tables for resource type microsoft.network/networksecurityperimeters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/networksecurityperimeters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_networksecurityperimeters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_networkwatchers_connectionmonitors.md b/articles/azure-monitor/reference/tables/microsoft-network_networkwatchers_connectionmonitors.md new file mode 100644 index 0000000000..d40e1c52f9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_networkwatchers_connectionmonitors.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/networkwatchers/connectionmonitors +description: Azure Monitor tables for resource type microsoft.network/networkwatchers/connectionmonitors +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/networkwatchers/connectionmonitors + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_networkwatchers_connectionmonitors-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_publicipaddresses.md b/articles/azure-monitor/reference/tables/microsoft-network_publicipaddresses.md new file mode 100644 index 0000000000..a3b2eaf3de --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_publicipaddresses.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/publicipaddresses +description: Azure Monitor tables for resource type microsoft.network/publicipaddresses +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/publicipaddresses + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_publicipaddresses-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_trafficmanagerprofiles.md b/articles/azure-monitor/reference/tables/microsoft-network_trafficmanagerprofiles.md new file mode 100644 index 0000000000..59df474898 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_trafficmanagerprofiles.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/trafficmanagerprofiles +description: Azure Monitor tables for resource type microsoft.network/trafficmanagerprofiles +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/trafficmanagerprofiles + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_trafficmanagerprofiles-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_virtualnetworkgateways.md b/articles/azure-monitor/reference/tables/microsoft-network_virtualnetworkgateways.md new file mode 100644 index 0000000000..e615461a84 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_virtualnetworkgateways.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/virtualnetworkgateways +description: Azure Monitor tables for resource type microsoft.network/virtualnetworkgateways +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/virtualnetworkgateways + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_virtualnetworkgateways-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_virtualnetworks.md b/articles/azure-monitor/reference/tables/microsoft-network_virtualnetworks.md new file mode 100644 index 0000000000..5f7d47bde1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_virtualnetworks.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/virtualnetworks +description: Azure Monitor tables for resource type microsoft.network/virtualnetworks +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/virtualnetworks + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_virtualnetworks-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-network_vpngateways.md b/articles/azure-monitor/reference/tables/microsoft-network_vpngateways.md new file mode 100644 index 0000000000..84bcc37e13 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-network_vpngateways.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.network/vpngateways +description: Azure Monitor tables for resource type microsoft.network/vpngateways +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.network/vpngateways + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-network_vpngateways-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-networkanalytics_dataproducts.md b/articles/azure-monitor/reference/tables/microsoft-networkanalytics_dataproducts.md new file mode 100644 index 0000000000..80b0acd9de --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-networkanalytics_dataproducts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.networkanalytics/dataproducts +description: Azure Monitor tables for resource type microsoft.networkanalytics/dataproducts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.networkanalytics/dataproducts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-networkanalytics_dataproducts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-networkcloud_baremetalmachines.md b/articles/azure-monitor/reference/tables/microsoft-networkcloud_baremetalmachines.md new file mode 100644 index 0000000000..ff082e79c8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-networkcloud_baremetalmachines.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.networkcloud/baremetalmachines +description: Azure Monitor tables for resource type microsoft.networkcloud/baremetalmachines +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.networkcloud/baremetalmachines + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-networkcloud_baremetalmachines-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-networkcloud_clustermanagers.md b/articles/azure-monitor/reference/tables/microsoft-networkcloud_clustermanagers.md new file mode 100644 index 0000000000..13d3ca2b51 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-networkcloud_clustermanagers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.networkcloud/clustermanagers +description: Azure Monitor tables for resource type microsoft.networkcloud/clustermanagers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.networkcloud/clustermanagers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-networkcloud_clustermanagers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-networkcloud_clusters.md b/articles/azure-monitor/reference/tables/microsoft-networkcloud_clusters.md new file mode 100644 index 0000000000..b37aa68cfa --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-networkcloud_clusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.networkcloud/clusters +description: Azure Monitor tables for resource type microsoft.networkcloud/clusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.networkcloud/clusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-networkcloud_clusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-networkcloud_storageappliances.md b/articles/azure-monitor/reference/tables/microsoft-networkcloud_storageappliances.md new file mode 100644 index 0000000000..d94803c0b3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-networkcloud_storageappliances.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.networkcloud/storageappliances +description: Azure Monitor tables for resource type microsoft.networkcloud/storageappliances +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.networkcloud/storageappliances + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-networkcloud_storageappliances-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-networkfunction_azuretrafficcollectors.md b/articles/azure-monitor/reference/tables/microsoft-networkfunction_azuretrafficcollectors.md new file mode 100644 index 0000000000..1a59120701 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-networkfunction_azuretrafficcollectors.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.networkfunction/azuretrafficcollectors +description: Azure Monitor tables for resource type microsoft.networkfunction/azuretrafficcollectors +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.networkfunction/azuretrafficcollectors + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-networkfunction_azuretrafficcollectors-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-openenergyplatform_energyservices.md b/articles/azure-monitor/reference/tables/microsoft-openenergyplatform_energyservices.md new file mode 100644 index 0000000000..a7248b5513 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-openenergyplatform_energyservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.openenergyplatform/energyservices +description: Azure Monitor tables for resource type microsoft.openenergyplatform/energyservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.openenergyplatform/energyservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-openenergyplatform_energyservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-openlogisticsplatform_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-openlogisticsplatform_workspaces.md new file mode 100644 index 0000000000..c7d8918db0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-openlogisticsplatform_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.openlogisticsplatform/workspaces +description: Azure Monitor tables for resource type microsoft.openlogisticsplatform/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.openlogisticsplatform/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-openlogisticsplatform_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-operationalinsights_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-operationalinsights_workspaces.md new file mode 100644 index 0000000000..1c238f654a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-operationalinsights_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.operationalinsights/workspaces +description: Azure Monitor tables for resource type microsoft.operationalinsights/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.operationalinsights/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-operationalinsights_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-playfab_titles.md b/articles/azure-monitor/reference/tables/microsoft-playfab_titles.md new file mode 100644 index 0000000000..3762883d83 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-playfab_titles.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.playfab/titles +description: Azure Monitor tables for resource type microsoft.playfab/titles +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.playfab/titles + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-playfab_titles-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-powerbi_tenants.md b/articles/azure-monitor/reference/tables/microsoft-powerbi_tenants.md new file mode 100644 index 0000000000..fb4834d995 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-powerbi_tenants.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.powerbi/tenants +description: Azure Monitor tables for resource type microsoft.powerbi/tenants +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.powerbi/tenants + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-powerbi_tenants-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-powerbi_tenants_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-powerbi_tenants_workspaces.md new file mode 100644 index 0000000000..01ec1c322d --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-powerbi_tenants_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.powerbi/tenants/workspaces +description: Azure Monitor tables for resource type microsoft.powerbi/tenants/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.powerbi/tenants/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-powerbi_tenants_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-powerbidedicated_capacities.md b/articles/azure-monitor/reference/tables/microsoft-powerbidedicated_capacities.md new file mode 100644 index 0000000000..7f0a9a4c7d --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-powerbidedicated_capacities.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.powerbidedicated/capacities +description: Azure Monitor tables for resource type microsoft.powerbidedicated/capacities +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.powerbidedicated/capacities + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-powerbidedicated_capacities-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-purview_accounts.md b/articles/azure-monitor/reference/tables/microsoft-purview_accounts.md new file mode 100644 index 0000000000..c1a694984b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-purview_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.purview/accounts +description: Azure Monitor tables for resource type microsoft.purview/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.purview/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-purview_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-recoveryservices_vaults.md b/articles/azure-monitor/reference/tables/microsoft-recoveryservices_vaults.md new file mode 100644 index 0000000000..f282954ff6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-recoveryservices_vaults.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.recoveryservices/vaults +description: Azure Monitor tables for resource type microsoft.recoveryservices/vaults +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.recoveryservices/vaults + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-recoveryservices_vaults-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-relay_namespaces.md b/articles/azure-monitor/reference/tables/microsoft-relay_namespaces.md new file mode 100644 index 0000000000..c14efbaea9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-relay_namespaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.relay/namespaces +description: Azure Monitor tables for resource type microsoft.relay/namespaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.relay/namespaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-relay_namespaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-scvmm_virtualmachines.md b/articles/azure-monitor/reference/tables/microsoft-scvmm_virtualmachines.md new file mode 100644 index 0000000000..6131b6f2b9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-scvmm_virtualmachines.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.scvmm/virtualmachines +description: Azure Monitor tables for resource type microsoft.scvmm/virtualmachines +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.scvmm/virtualmachines + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-scvmm_virtualmachines-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-search_searchservices.md b/articles/azure-monitor/reference/tables/microsoft-search_searchservices.md new file mode 100644 index 0000000000..fa3d27b15e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-search_searchservices.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.search/searchservices +description: Azure Monitor tables for resource type microsoft.search/searchservices +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.search/searchservices + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-search_searchservices-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-security_defenderforstoragesettings.md b/articles/azure-monitor/reference/tables/microsoft-security_defenderforstoragesettings.md new file mode 100644 index 0000000000..026ad70af7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-security_defenderforstoragesettings.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.security/defenderforstoragesettings +description: Azure Monitor tables for resource type microsoft.security/defenderforstoragesettings +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.security/defenderforstoragesettings + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-security_defenderforstoragesettings-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-security_security.md b/articles/azure-monitor/reference/tables/microsoft-security_security.md new file mode 100644 index 0000000000..a02e8eb4e6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-security_security.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.security/security +description: Azure Monitor tables for resource type microsoft.security/security +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.security/security + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-security_security-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-servicebus_namespaces.md b/articles/azure-monitor/reference/tables/microsoft-servicebus_namespaces.md new file mode 100644 index 0000000000..d666c46175 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-servicebus_namespaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.servicebus/namespaces +description: Azure Monitor tables for resource type microsoft.servicebus/namespaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.servicebus/namespaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-servicebus_namespaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-servicefabric_clusters.md b/articles/azure-monitor/reference/tables/microsoft-servicefabric_clusters.md new file mode 100644 index 0000000000..3bf6633a20 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-servicefabric_clusters.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.servicefabric/clusters +description: Azure Monitor tables for resource type microsoft.servicefabric/clusters +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.servicefabric/clusters + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-servicefabric_clusters-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-servicenetworking_trafficcontrollers.md b/articles/azure-monitor/reference/tables/microsoft-servicenetworking_trafficcontrollers.md new file mode 100644 index 0000000000..fb8e18b242 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-servicenetworking_trafficcontrollers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.servicenetworking/trafficcontrollers +description: Azure Monitor tables for resource type microsoft.servicenetworking/trafficcontrollers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.servicenetworking/trafficcontrollers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-servicenetworking_trafficcontrollers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-signalrservice_signalr.md b/articles/azure-monitor/reference/tables/microsoft-signalrservice_signalr.md new file mode 100644 index 0000000000..c8602d47b9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-signalrservice_signalr.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.signalrservice/signalr +description: Azure Monitor tables for resource type microsoft.signalrservice/signalr +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.signalrservice/signalr + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-signalrservice_signalr-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-signalrservice_webpubsub.md b/articles/azure-monitor/reference/tables/microsoft-signalrservice_webpubsub.md new file mode 100644 index 0000000000..8eddfefce6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-signalrservice_webpubsub.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.signalrservice/webpubsub +description: Azure Monitor tables for resource type microsoft.signalrservice/webpubsub +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.signalrservice/webpubsub + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-signalrservice_webpubsub-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-sql_managedinstances.md b/articles/azure-monitor/reference/tables/microsoft-sql_managedinstances.md new file mode 100644 index 0000000000..0f3eab2d2a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-sql_managedinstances.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.sql/managedinstances +description: Azure Monitor tables for resource type microsoft.sql/managedinstances +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.sql/managedinstances + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-sql_managedinstances-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-sql_servers.md b/articles/azure-monitor/reference/tables/microsoft-sql_servers.md new file mode 100644 index 0000000000..ecc967119f --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-sql_servers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.sql/servers +description: Azure Monitor tables for resource type microsoft.sql/servers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.sql/servers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-sql_servers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-sql_servers_databases.md b/articles/azure-monitor/reference/tables/microsoft-sql_servers_databases.md new file mode 100644 index 0000000000..069c40ebd8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-sql_servers_databases.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.sql/servers/databases +description: Azure Monitor tables for resource type microsoft.sql/servers/databases +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.sql/servers/databases + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-sql_servers_databases-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-storage_storageaccounts.md b/articles/azure-monitor/reference/tables/microsoft-storage_storageaccounts.md new file mode 100644 index 0000000000..58b2f4af78 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-storage_storageaccounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.storage/storageaccounts +description: Azure Monitor tables for resource type microsoft.storage/storageaccounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.storage/storageaccounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-storage_storageaccounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-storagecache_amlfilesytems.md b/articles/azure-monitor/reference/tables/microsoft-storagecache_amlfilesytems.md new file mode 100644 index 0000000000..c294c4a2c1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-storagecache_amlfilesytems.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.storagecache/amlfilesytems +description: Azure Monitor tables for resource type microsoft.storagecache/amlfilesytems +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.storagecache/amlfilesytems + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-storagecache_amlfilesytems-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-storagecache_caches.md b/articles/azure-monitor/reference/tables/microsoft-storagecache_caches.md new file mode 100644 index 0000000000..5abb0df50a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-storagecache_caches.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.storagecache/caches +description: Azure Monitor tables for resource type microsoft.storagecache/caches +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.storagecache/caches + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-storagecache_caches-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-storagemover_storagemovers.md b/articles/azure-monitor/reference/tables/microsoft-storagemover_storagemovers.md new file mode 100644 index 0000000000..06ae58389c --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-storagemover_storagemovers.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.storagemover/storagemovers +description: Azure Monitor tables for resource type microsoft.storagemover/storagemovers +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.storagemover/storagemovers + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-storagemover_storagemovers-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-streamanalytics_streamingjobs.md b/articles/azure-monitor/reference/tables/microsoft-streamanalytics_streamingjobs.md new file mode 100644 index 0000000000..b9502c2988 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-streamanalytics_streamingjobs.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.streamanalytics/streamingjobs +description: Azure Monitor tables for resource type microsoft.streamanalytics/streamingjobs +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.streamanalytics/streamingjobs + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-streamanalytics_streamingjobs-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-synapse_workspaces.md b/articles/azure-monitor/reference/tables/microsoft-synapse_workspaces.md new file mode 100644 index 0000000000..a09b558e3f --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-synapse_workspaces.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.synapse/workspaces +description: Azure Monitor tables for resource type microsoft.synapse/workspaces +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.synapse/workspaces + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-synapse_workspaces-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-timeseriesinsights_environments.md b/articles/azure-monitor/reference/tables/microsoft-timeseriesinsights_environments.md new file mode 100644 index 0000000000..e4f40a0b40 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-timeseriesinsights_environments.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.timeseriesinsights/environments +description: Azure Monitor tables for resource type microsoft.timeseriesinsights/environments +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.timeseriesinsights/environments + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-timeseriesinsights_environments-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-videoindexer_accounts.md b/articles/azure-monitor/reference/tables/microsoft-videoindexer_accounts.md new file mode 100644 index 0000000000..6417cd2f71 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-videoindexer_accounts.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.videoindexer/accounts +description: Azure Monitor tables for resource type microsoft.videoindexer/accounts +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.videoindexer/accounts + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-videoindexer_accounts-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-web_sites.md b/articles/azure-monitor/reference/tables/microsoft-web_sites.md new file mode 100644 index 0000000000..70883d484b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-web_sites.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.web/sites +description: Azure Monitor tables for resource type microsoft.web/sites +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.web/sites + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-web_sites-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoft-workloadmonitor_monitors.md b/articles/azure-monitor/reference/tables/microsoft-workloadmonitor_monitors.md new file mode 100644 index 0000000000..72bb64cf6e --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoft-workloadmonitor_monitors.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for microsoft.workloadmonitor/monitors +description: Azure Monitor tables for resource type microsoft.workloadmonitor/monitors +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for microsoft.workloadmonitor/monitors + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-workloadmonitor_monitors-include.md)] + diff --git a/articles/azure-monitor/reference/tables/microsoftazurebastionauditlogs.md b/articles/azure-monitor/reference/tables/microsoftazurebastionauditlogs.md new file mode 100644 index 0000000000..97ab93181d --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftazurebastionauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftAzureBastionAuditLogs +description: Reference for MicrosoftAzureBastionAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftAzureBastionAuditLogs + +Microsoft Azure Bastion Audit Logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/bastionhosts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [microsoftazurebastionauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftazurebastionauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftdatasharereceivedsnapshotlog.md b/articles/azure-monitor/reference/tables/microsoftdatasharereceivedsnapshotlog.md new file mode 100644 index 0000000000..aebad6405a --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftdatasharereceivedsnapshotlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftDataShareReceivedSnapshotLog +description: Reference for MicrosoftDataShareReceivedSnapshotLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftDataShareReceivedSnapshotLog + +Data Share consumer side synchronization logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datashare/accounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/microsoftdatasharereceivedsnapshotlog)| + + + +## Columns + +[!INCLUDE [microsoftdatasharereceivedsnapshotlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftdatasharereceivedsnapshotlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftdatasharesentsnapshotlog.md b/articles/azure-monitor/reference/tables/microsoftdatasharesentsnapshotlog.md new file mode 100644 index 0000000000..791cfc1399 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftdatasharesentsnapshotlog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftDataShareSentSnapshotLog +description: Reference for MicrosoftDataShareSentSnapshotLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftDataShareSentSnapshotLog + +Data Share provider side synchronization logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.datashare/accounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/microsoftdatasharesentsnapshotlog)| + + + +## Columns + +[!INCLUDE [microsoftdatasharesentsnapshotlog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftdatasharesentsnapshotlog-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftdatasharesharelog.md b/articles/azure-monitor/reference/tables/microsoftdatasharesharelog.md new file mode 100644 index 0000000000..c640a36c5d --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftdatasharesharelog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftDataShareShareLog +description: Reference for MicrosoftDataShareShareLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftDataShareShareLog + +Microsoft Data Share Share Log + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [microsoftdatasharesharelog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftdatasharesharelog-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftdynamicstelemetryperformancelogs.md b/articles/azure-monitor/reference/tables/microsoftdynamicstelemetryperformancelogs.md new file mode 100644 index 0000000000..5133f43481 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftdynamicstelemetryperformancelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftDynamicsTelemetryPerformanceLogs +description: Reference for MicrosoftDynamicsTelemetryPerformanceLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftDynamicsTelemetryPerformanceLogs + +Microsoft Dynamics Telemetry Performance Logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [microsoftdynamicstelemetryperformancelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftdynamicstelemetryperformancelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftdynamicstelemetrysystemmetricslogs.md b/articles/azure-monitor/reference/tables/microsoftdynamicstelemetrysystemmetricslogs.md new file mode 100644 index 0000000000..79ef11293b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftdynamicstelemetrysystemmetricslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftDynamicsTelemetrySystemMetricsLogs +description: Reference for MicrosoftDynamicsTelemetrySystemMetricsLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftDynamicsTelemetrySystemMetricsLogs + +Microsoft Dynamics Telemetry System Metrics Logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [microsoftdynamicstelemetrysystemmetricslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftdynamicstelemetrysystemmetricslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftgraphactivitylogs.md b/articles/azure-monitor/reference/tables/microsoftgraphactivitylogs.md new file mode 100644 index 0000000000..09dac9cf5b --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftgraphactivitylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftGraphActivityLogs +description: Reference for MicrosoftGraphActivityLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftGraphActivityLogs + +Microsoft Graph Activity Logs provide details of API requests made to Microsoft Graph for resources in the tenant. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/microsoftgraphactivitylogs)| + + + +## Columns + +[!INCLUDE [microsoftgraphactivitylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftgraphactivitylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsofthealthcareapisauditlogs.md b/articles/azure-monitor/reference/tables/microsofthealthcareapisauditlogs.md new file mode 100644 index 0000000000..d24d0a6ac2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsofthealthcareapisauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftHealthcareApisAuditLogs +description: Reference for MicrosoftHealthcareApisAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftHealthcareApisAuditLogs + +Azure API for FHIR audit logs + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.healthcareapis/services| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [microsofthealthcareapisauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsofthealthcareapisauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/microsoftpurviewinformationprotection.md b/articles/azure-monitor/reference/tables/microsoftpurviewinformationprotection.md new file mode 100644 index 0000000000..141aca9f91 --- /dev/null +++ b/articles/azure-monitor/reference/tables/microsoftpurviewinformationprotection.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MicrosoftPurviewInformationProtection +description: Reference for MicrosoftPurviewInformationProtection table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MicrosoftPurviewInformationProtection + +Microsoft Purview Information Protection audit logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/microsoftpurviewinformationprotection)| + + + +## Columns + +[!INCLUDE [microsoftpurviewinformationprotection](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoftpurviewinformationprotection-include.md)] diff --git a/articles/azure-monitor/reference/tables/mnfdeviceupdates.md b/articles/azure-monitor/reference/tables/mnfdeviceupdates.md new file mode 100644 index 0000000000..e8941764c0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mnfdeviceupdates.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MNFDeviceUpdates +description: Reference for MNFDeviceUpdates table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MNFDeviceUpdates + +Components state updates representing the status changes of ethernet ports, power supply units, fan modules, chassis and device software. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.managednetworkfabric/networkdevices| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/mnfdeviceupdates)| + + + +## Columns + +[!INCLUDE [mnfdeviceupdates](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mnfdeviceupdates-include.md)] diff --git a/articles/azure-monitor/reference/tables/mnfsystemsessionhistoryupdates.md b/articles/azure-monitor/reference/tables/mnfsystemsessionhistoryupdates.md new file mode 100644 index 0000000000..bb4c3c91e9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mnfsystemsessionhistoryupdates.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MNFSystemSessionHistoryUpdates +description: Reference for MNFSystemSessionHistoryUpdates table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MNFSystemSessionHistoryUpdates + +System session history update events in the Nexus network fabric devices. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.managednetworkfabric/networkdevices| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/mnfsystemsessionhistoryupdates)| + + + +## Columns + +[!INCLUDE [mnfsystemsessionhistoryupdates](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mnfsystemsessionhistoryupdates-include.md)] diff --git a/articles/azure-monitor/reference/tables/mnfsystemstatemessageupdates.md b/articles/azure-monitor/reference/tables/mnfsystemstatemessageupdates.md new file mode 100644 index 0000000000..5f13fccb54 --- /dev/null +++ b/articles/azure-monitor/reference/tables/mnfsystemstatemessageupdates.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - MNFSystemStateMessageUpdates +description: Reference for MNFSystemStateMessageUpdates table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# MNFSystemStateMessageUpdates + +System state message update events in the Nexus network fabric devices. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.managednetworkfabric/networkdevices| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/mnfsystemstatemessageupdates)| + + + +## Columns + +[!INCLUDE [mnfsystemstatemessageupdates](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/mnfsystemstatemessageupdates-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncbmbreakglassauditlogs.md b/articles/azure-monitor/reference/tables/ncbmbreakglassauditlogs.md new file mode 100644 index 0000000000..d5ea022417 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncbmbreakglassauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCBMBreakGlassAuditLogs +description: Reference for NCBMBreakGlassAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCBMBreakGlassAuditLogs + +Security log events on Nexus Baremetal Machines to monitor and detect user access to the system. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/baremetalmachines| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncbmbreakglassauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncbmbreakglassauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncbmsecuritydefenderlogs.md b/articles/azure-monitor/reference/tables/ncbmsecuritydefenderlogs.md new file mode 100644 index 0000000000..cef097483a --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncbmsecuritydefenderlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCBMSecurityDefenderLogs +description: Reference for NCBMSecurityDefenderLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCBMSecurityDefenderLogs + +Security log events on Nexus Baremetal Machines to monitor and detect user access to the system. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/baremetalmachines| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncbmsecuritydefenderlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncbmsecuritydefenderlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncbmsecuritylogs.md b/articles/azure-monitor/reference/tables/ncbmsecuritylogs.md new file mode 100644 index 0000000000..0d9ed9ebb6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncbmsecuritylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCBMSecurityLogs +description: Reference for NCBMSecurityLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCBMSecurityLogs + +Security log events on Nexus Baremetal Machines to monitor and detect user access to the system. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/baremetalmachines| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncbmsecuritylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncbmsecuritylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncbmsystemlogs.md b/articles/azure-monitor/reference/tables/ncbmsystemlogs.md new file mode 100644 index 0000000000..570d83c507 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncbmsystemlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCBMSystemLogs +description: Reference for NCBMSystemLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCBMSystemLogs + +Syslog events on Nexus Baremetal Machines providing critical insights into system activities, errors and anomalies for effecient troubleshooting and monitoring. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/baremetalmachines| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncbmsystemlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncbmsystemlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncckuberneteslogs.md b/articles/azure-monitor/reference/tables/ncckuberneteslogs.md new file mode 100644 index 0000000000..60b413d4c5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncckuberneteslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCCKubernetesLogs +description: Reference for NCCKubernetesLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCCKubernetesLogs + +Containerized application logs from Nexus clusters to gain insight onto the container orchestration platform. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncckuberneteslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncckuberneteslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/nccvmorchestrationlogs.md b/articles/azure-monitor/reference/tables/nccvmorchestrationlogs.md new file mode 100644 index 0000000000..1c27705e03 --- /dev/null +++ b/articles/azure-monitor/reference/tables/nccvmorchestrationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCCVMOrchestrationLogs +description: Reference for NCCVMOrchestrationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCCVMOrchestrationLogs + +Logs from Virtual Machine Orchestrator of Nexus cluster to track seamless coordination and management of virtual machines. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [nccvmorchestrationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nccvmorchestrationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncmclusteroperationslogs.md b/articles/azure-monitor/reference/tables/ncmclusteroperationslogs.md new file mode 100644 index 0000000000..d41672d583 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncmclusteroperationslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCMClusterOperationsLogs +description: Reference for NCMClusterOperationsLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCMClusterOperationsLogs + +Cluster Manager logs to track the deployment or upgrade of Nexus cluster. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/clustermanagers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncmclusteroperationslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncmclusteroperationslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncsstoragealerts.md b/articles/azure-monitor/reference/tables/ncsstoragealerts.md new file mode 100644 index 0000000000..5a94691bf5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncsstoragealerts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCSStorageAlerts +description: Reference for NCSStorageAlerts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCSStorageAlerts + +Alert events logged from Nexus storage appliance providing storage system level alerts. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/storageappliances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncsstoragealerts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncsstoragealerts-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncsstorageaudits.md b/articles/azure-monitor/reference/tables/ncsstorageaudits.md new file mode 100644 index 0000000000..672745cd4c --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncsstorageaudits.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCSStorageAudits +description: Reference for NCSStorageAudits table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCSStorageAudits + +Audit log events from Nexus storage appliance providing insight into data and system access. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/storageappliances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncsstorageaudits](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncsstorageaudits-include.md)] diff --git a/articles/azure-monitor/reference/tables/ncsstoragelogs.md b/articles/azure-monitor/reference/tables/ncsstoragelogs.md new file mode 100644 index 0000000000..137d2ef99c --- /dev/null +++ b/articles/azure-monitor/reference/tables/ncsstoragelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NCSStorageLogs +description: Reference for NCSStorageLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NCSStorageLogs + +All Logs from Nexus storage appliance other than audit & alert logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.networkcloud/storageappliances| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ncsstoragelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ncsstoragelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/networkaccessalerts.md b/articles/azure-monitor/reference/tables/networkaccessalerts.md new file mode 100644 index 0000000000..532176fb40 --- /dev/null +++ b/articles/azure-monitor/reference/tables/networkaccessalerts.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NetworkAccessAlerts +description: Reference for NetworkAccessAlerts table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NetworkAccessAlerts + +This table is part of Identity and Network Access, which contains Network Access Alerts. These Alerts can be leveraged for knowing the state of your network access. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Network, IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [networkaccessalerts](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/networkaccessalerts-include.md)] diff --git a/articles/azure-monitor/reference/tables/networkaccesstraffic.md b/articles/azure-monitor/reference/tables/networkaccesstraffic.md new file mode 100644 index 0000000000..39b9260ce9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/networkaccesstraffic.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NetworkAccessTraffic +description: Reference for NetworkAccessTraffic table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NetworkAccessTraffic + +This table is part of Identity and Network Access, which contains Network Traffic Access logs. These logs can be leveraged for policy, risk, and traffic management, as well as to monitor users experience. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Network, IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [networkaccesstraffic](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/networkaccesstraffic-include.md)] diff --git a/articles/azure-monitor/reference/tables/networkmonitoring.md b/articles/azure-monitor/reference/tables/networkmonitoring.md new file mode 100644 index 0000000000..2c2c7397fe --- /dev/null +++ b/articles/azure-monitor/reference/tables/networkmonitoring.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NetworkMonitoring +description: Reference for NetworkMonitoring table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NetworkMonitoring + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Network| +|**Solutions**| NetworkMonitoring| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [networkmonitoring](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/networkmonitoring-include.md)] diff --git a/articles/azure-monitor/reference/tables/networksessions.md b/articles/azure-monitor/reference/tables/networksessions.md new file mode 100644 index 0000000000..55d9c156a9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/networksessions.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NetworkSessions +description: Reference for NetworkSessions table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NetworkSessions + +Network connections or sessions such as those logged by firewalls, Wire Data, NSG, Netflow, proxy systems and web security gateways. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/networksessions)| + + + +## Columns + +[!INCLUDE [networksessions](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/networksessions-include.md)] diff --git a/articles/azure-monitor/reference/tables/nginx-nginxplus_nginxdeployments.md b/articles/azure-monitor/reference/tables/nginx-nginxplus_nginxdeployments.md new file mode 100644 index 0000000000..8c7efe12cc --- /dev/null +++ b/articles/azure-monitor/reference/tables/nginx-nginxplus_nginxdeployments.md @@ -0,0 +1,18 @@ +--- +title: Azure Monitor tables for nginx.nginxplus/nginxdeployments +description: Azure Monitor tables for resource type nginx.nginxplus/nginxdeployments +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: edbaynash +author: EdB-MSFT + +ms.date: 09/16/2024 + + +--- + +# Log Analytics tables for nginx.nginxplus/nginxdeployments + +[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nginx-nginxplus_nginxdeployments-include.md)] + diff --git a/articles/azure-monitor/reference/tables/ngxoperationlogs.md b/articles/azure-monitor/reference/tables/ngxoperationlogs.md new file mode 100644 index 0000000000..887a874375 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ngxoperationlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NGXOperationLogs +description: Reference for NGXOperationLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NGXOperationLogs + +NGINX access and error logs captured by NGINXaaS. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|nginx.nginxplus/nginxdeployments| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ngxoperationlogs)| + + + +## Columns + +[!INCLUDE [ngxoperationlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ngxoperationlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ngxsecuritylogs.md b/articles/azure-monitor/reference/tables/ngxsecuritylogs.md new file mode 100644 index 0000000000..373e197faa --- /dev/null +++ b/articles/azure-monitor/reference/tables/ngxsecuritylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NGXSecurityLogs +description: Reference for NGXSecurityLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NGXSecurityLogs + +NGINX security logs captured by NGINXaaS. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|nginx.nginxplus/nginxdeployments| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ngxsecuritylogs)| + + + +## Columns + +[!INCLUDE [ngxsecuritylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ngxsecuritylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/nspaccesslogs.md b/articles/azure-monitor/reference/tables/nspaccesslogs.md new file mode 100644 index 0000000000..cf1dd0a80a --- /dev/null +++ b/articles/azure-monitor/reference/tables/nspaccesslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NSPAccessLogs +description: Reference for NSPAccessLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NSPAccessLogs + +Logs of Network Security Perimeter (NSP) inbound access allowed based on NSP access rules. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networksecurityperimeters| +|**Categories**|Azure Resources, Network, Audit, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [nspaccesslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nspaccesslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/ntainsights.md b/articles/azure-monitor/reference/tables/ntainsights.md new file mode 100644 index 0000000000..1098144ca0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ntainsights.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NTAInsights +description: Reference for NTAInsights table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NTAInsights + +Traffic Analytics insights are provided for flow data which shows anomalies in data pattern. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ntainsights](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ntainsights-include.md)] diff --git a/articles/azure-monitor/reference/tables/ntaipdetails.md b/articles/azure-monitor/reference/tables/ntaipdetails.md new file mode 100644 index 0000000000..37d91b83eb --- /dev/null +++ b/articles/azure-monitor/reference/tables/ntaipdetails.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NTAIpDetails +description: Reference for NTAIpDetails table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NTAIpDetails + +Traffic Analytics provides WHOIS data and geographic location for all public IPs in the customer's environment. For Malicious IP, it provides DNS domain, threat type and thread descriptions as identified by Microsoft security intelligence solutions. IP Details are published to your Log Analytics Workspace so you can create custom queries and put alerts on them. You can also access pre-populated queries from the traffic analytics dashboard. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ntaipdetails](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ntaipdetails-include.md)] diff --git a/articles/azure-monitor/reference/tables/ntanetanalytics.md b/articles/azure-monitor/reference/tables/ntanetanalytics.md new file mode 100644 index 0000000000..224c57e654 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ntanetanalytics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NTANetAnalytics +description: Reference for NTANetAnalytics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NTANetAnalytics + +Traffic Analytics records for Flowlog enriched data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ntanetanalytics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ntanetanalytics-include.md)] diff --git a/articles/azure-monitor/reference/tables/ntatopologydetails.md b/articles/azure-monitor/reference/tables/ntatopologydetails.md new file mode 100644 index 0000000000..09bcd2b6cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/ntatopologydetails.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NTATopologyDetails +description: Reference for NTATopologyDetails table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NTATopologyDetails + +Traffic Analytics records for Topology data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ntatopologydetails](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ntatopologydetails-include.md)] diff --git a/articles/azure-monitor/reference/tables/nwconnectionmonitordestinationlistenerresult.md b/articles/azure-monitor/reference/tables/nwconnectionmonitordestinationlistenerresult.md new file mode 100644 index 0000000000..125c02fa2a --- /dev/null +++ b/articles/azure-monitor/reference/tables/nwconnectionmonitordestinationlistenerresult.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NWConnectionMonitorDestinationListenerResult +description: Reference for NWConnectionMonitorDestinationListenerResult table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NWConnectionMonitorDestinationListenerResult + +Connection Monitor destination listener result records. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [nwconnectionmonitordestinationlistenerresult](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nwconnectionmonitordestinationlistenerresult-include.md)] diff --git a/articles/azure-monitor/reference/tables/nwconnectionmonitordnsresult.md b/articles/azure-monitor/reference/tables/nwconnectionmonitordnsresult.md new file mode 100644 index 0000000000..00161ebaf1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/nwconnectionmonitordnsresult.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NWConnectionMonitorDNSResult +description: Reference for NWConnectionMonitorDNSResult table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NWConnectionMonitorDNSResult + +Connection Monitor DNS result records. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkwatchers/connectionmonitors| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [nwconnectionmonitordnsresult](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nwconnectionmonitordnsresult-include.md)] diff --git a/articles/azure-monitor/reference/tables/nwconnectionmonitorpathresult.md b/articles/azure-monitor/reference/tables/nwconnectionmonitorpathresult.md new file mode 100644 index 0000000000..ef8e696b6d --- /dev/null +++ b/articles/azure-monitor/reference/tables/nwconnectionmonitorpathresult.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NWConnectionMonitorPathResult +description: Reference for NWConnectionMonitorPathResult table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NWConnectionMonitorPathResult + +Connection Monitor path result records. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkwatchers/connectionmonitors| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/nwconnectionmonitorpathresult)| + + + +## Columns + +[!INCLUDE [nwconnectionmonitorpathresult](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nwconnectionmonitorpathresult-include.md)] diff --git a/articles/azure-monitor/reference/tables/nwconnectionmonitortestresult.md b/articles/azure-monitor/reference/tables/nwconnectionmonitortestresult.md new file mode 100644 index 0000000000..0d6d23a8ac --- /dev/null +++ b/articles/azure-monitor/reference/tables/nwconnectionmonitortestresult.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - NWConnectionMonitorTestResult +description: Reference for NWConnectionMonitorTestResult table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# NWConnectionMonitorTestResult + +Connection Monitor test result records. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.network/networkwatchers/connectionmonitors| +|**Categories**|Network| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/nwconnectionmonitortestresult)| + + + +## Columns + +[!INCLUDE [nwconnectionmonitortestresult](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/nwconnectionmonitortestresult-include.md)] diff --git a/articles/azure-monitor/reference/tables/oepairflowtask.md b/articles/azure-monitor/reference/tables/oepairflowtask.md new file mode 100644 index 0000000000..2a867266ff --- /dev/null +++ b/articles/azure-monitor/reference/tables/oepairflowtask.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OEPAirFlowTask +description: Reference for OEPAirFlowTask table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OEPAirFlowTask + +Diagnostic logs for AirFlow task execution having task name, task details. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openenergyplatform/energyservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/oepairflowtask)| + + + +## Columns + +[!INCLUDE [oepairflowtask](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/oepairflowtask-include.md)] diff --git a/articles/azure-monitor/reference/tables/oepauditlogs.md b/articles/azure-monitor/reference/tables/oepauditlogs.md new file mode 100644 index 0000000000..17360e8e32 --- /dev/null +++ b/articles/azure-monitor/reference/tables/oepauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OEPAuditLogs +description: Reference for OEPAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OEPAuditLogs + +Audit Logs for Microsoft Energy Data Services. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openenergyplatform/energyservices| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [oepauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/oepauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/oepdataplanelogs.md b/articles/azure-monitor/reference/tables/oepdataplanelogs.md new file mode 100644 index 0000000000..24c1c9cc9c --- /dev/null +++ b/articles/azure-monitor/reference/tables/oepdataplanelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OEPDataplaneLogs +description: Reference for OEPDataplaneLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OEPDataplaneLogs + +Contains logs for HTTP requests & responses for the Indexer Service API, in OSDU Data Platform, and Microsoft Energy Data Services. The Indexer service, indexes the metadata store to support search. The indexer service will automatically take items that are newly added to storage and index the attributes from the schema associated with the kind attribute. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openenergyplatform/energyservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [oepdataplanelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/oepdataplanelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/oepelasticoperator.md b/articles/azure-monitor/reference/tables/oepelasticoperator.md new file mode 100644 index 0000000000..97b67db9f9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/oepelasticoperator.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OEPElasticOperator +description: Reference for OEPElasticOperator table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OEPElasticOperator + +Diagnostic logs for elastic operator. Elastic operator manages all the elasticsearch clusters in the oak instance. These logs can be helpful in identifing what operations are performed by the operator on the cluster. It could be upgrades, reconciliation, resource update etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openenergyplatform/energyservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [oepelasticoperator](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/oepelasticoperator-include.md)] diff --git a/articles/azure-monitor/reference/tables/oepelasticsearch.md b/articles/azure-monitor/reference/tables/oepelasticsearch.md new file mode 100644 index 0000000000..89e3e0689f --- /dev/null +++ b/articles/azure-monitor/reference/tables/oepelasticsearch.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OEPElasticsearch +description: Reference for OEPElasticsearch table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OEPElasticsearch + +Diagnostic logs for Elasticsearch cluster. It could be slow logs, server logs or deprecation logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openenergyplatform/energyservices| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [oepelasticsearch](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/oepelasticsearch-include.md)] diff --git a/articles/azure-monitor/reference/tables/officeactivity.md b/articles/azure-monitor/reference/tables/officeactivity.md new file mode 100644 index 0000000000..a5da78c59f --- /dev/null +++ b/articles/azure-monitor/reference/tables/officeactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OfficeActivity +description: Reference for OfficeActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OfficeActivity + +Audit logs for Office 365 tenants collected by Azure Sentinel. Including Exchange, SharePoint and Teams logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| AzureSentinelPrivatePreview, SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/officeactivity)| + + + +## Columns + +[!INCLUDE [officeactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/officeactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/olpsupplychainentityoperations.md b/articles/azure-monitor/reference/tables/olpsupplychainentityoperations.md new file mode 100644 index 0000000000..04c130411c --- /dev/null +++ b/articles/azure-monitor/reference/tables/olpsupplychainentityoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OLPSupplyChainEntityOperations +description: Reference for OLPSupplyChainEntityOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OLPSupplyChainEntityOperations + +The OLPSupplyChainEntityOperations table captures every data plane operation performed on a supplychain entity in the workspace. Data Plane requests are operations executed to create, update, delete or retrieve supplychain entities such as Warehouse, Item, DeliveryNode, Shipment etc. within a workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openlogisticsplatform/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/olpsupplychainentityoperations)| + + + +## Columns + +[!INCLUDE [olpsupplychainentityoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/olpsupplychainentityoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/olpsupplychainevents.md b/articles/azure-monitor/reference/tables/olpsupplychainevents.md new file mode 100644 index 0000000000..a5bff8f2d1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/olpsupplychainevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - OLPSupplyChainEvents +description: Reference for OLPSupplyChainEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# OLPSupplyChainEvents + +The events table captures every event that was dispatched from the Open Logistics Platform workspace. Events can be a result of a data plane API call (e.g. Shipment Created, Item Deleted, Notification sent, etc.) or a long running job operation completion (e.g. Data ingestion results in NewDataAvailable event). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.openlogisticsplatform/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [olpsupplychainevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/olpsupplychainevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/operation.md b/articles/azure-monitor/reference/tables/operation.md new file mode 100644 index 0000000000..48880f3ab4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/operation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Operation +description: Reference for Operation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Operation + +Operational log of important activities affecting workspace. Includes both user-initiated activities and notifications from Log Analytics workspace services such as data-capping. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Monitor| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [operation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/operation-include.md)] diff --git a/articles/azure-monitor/reference/tables/perf.md b/articles/azure-monitor/reference/tables/perf.md new file mode 100644 index 0000000000..de75af688e --- /dev/null +++ b/articles/azure-monitor/reference/tables/perf.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Perf +description: Reference for Perf table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Perf + +Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.azurestackhci/clusters,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Virtual Machines, Containers| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/perf)| + + + +## Columns + +[!INCLUDE [perf](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/perf-include.md)] diff --git a/articles/azure-monitor/reference/tables/pftitleauditlogs.md b/articles/azure-monitor/reference/tables/pftitleauditlogs.md new file mode 100644 index 0000000000..83125447a9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/pftitleauditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PFTitleAuditLogs +description: Reference for PFTitleAuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PFTitleAuditLogs + +Provides audit logs for various types of action performed on Azure PlayFab Title. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.playfab/titles| +|**Categories**|Audit, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [pftitleauditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/pftitleauditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerappsactivity.md b/articles/azure-monitor/reference/tables/powerappsactivity.md new file mode 100644 index 0000000000..44aa352711 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerappsactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerAppsActivity +description: Reference for PowerAppsActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerAppsActivity + +Contains Microsoft Power Apps activity logs that track events like creation, deletion, updates, permission changes, and app launches. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/powerappsactivity)| + + + +## Columns + +[!INCLUDE [powerappsactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerappsactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerautomateactivity.md b/articles/azure-monitor/reference/tables/powerautomateactivity.md new file mode 100644 index 0000000000..8c63ccbff2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerautomateactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerAutomateActivity +description: Reference for PowerAutomateActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerAutomateActivity + +Contains Microsoft Power Automate audit logs. It's typically used to track Power Automate activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/powerautomateactivity)| + + + +## Columns + +[!INCLUDE [powerautomateactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerautomateactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbiactivity.md b/articles/azure-monitor/reference/tables/powerbiactivity.md new file mode 100644 index 0000000000..a7beafad72 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbiactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIActivity +description: Reference for PowerBIActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIActivity + +Contains Microsoft PowerBI audit logs. It's typically used to track PowerBI activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/powerbiactivity)| + + + +## Columns + +[!INCLUDE [powerbiactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbiactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbiaudittenant.md b/articles/azure-monitor/reference/tables/powerbiaudittenant.md new file mode 100644 index 0000000000..16e1c2986f --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbiaudittenant.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIAuditTenant +description: Reference for PowerBIAuditTenant table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIAuditTenant + +Contains Power BI audit events as per the Activity Log and Office365 Audit Log. Covers operations over full lifecycle of Power BI assets such as creation, modification and deletion. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbiaudittenant](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbiaudittenant-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbidatasetstenant.md b/articles/azure-monitor/reference/tables/powerbidatasetstenant.md new file mode 100644 index 0000000000..f9e2afedfa --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbidatasetstenant.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIDatasetsTenant +description: Reference for PowerBIDatasetsTenant table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIDatasetsTenant + +Contains Analysis Services engine process events such as the start of a batch or transaction e.g. execute query, process partition. Typically used to monitor the performance, health and usage of Power BI's data engine. Contains information from the entire tenant. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.powerbi/tenants| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbidatasetstenant](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbidatasetstenant-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbidatasetstenantpreview.md b/articles/azure-monitor/reference/tables/powerbidatasetstenantpreview.md new file mode 100644 index 0000000000..5ad7924502 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbidatasetstenantpreview.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIDatasetsTenantPreview +description: Reference for PowerBIDatasetsTenantPreview table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIDatasetsTenantPreview + +Contains Analysis Services engine process events such as the start of a batch or transaction e.g. execute query, process partition. Typically used to monitor the performance, health and usage of Power BI's data engine. Contains information from the entire tenant. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbidatasetstenantpreview](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbidatasetstenantpreview-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbidatasetsworkspace.md b/articles/azure-monitor/reference/tables/powerbidatasetsworkspace.md new file mode 100644 index 0000000000..623612072b --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbidatasetsworkspace.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIDatasetsWorkspace +description: Reference for PowerBIDatasetsWorkspace table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIDatasetsWorkspace + +Contains Analysis Services engine process events such as the start of a batch or transaction e.g. execute query, process partition. Typically used to monitor the performance, health and usage of Power BI's data engine. Contains information from the entire tenant. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.powerbi/tenants/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbidatasetsworkspace](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbidatasetsworkspace-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbidatasetsworkspacepreview.md b/articles/azure-monitor/reference/tables/powerbidatasetsworkspacepreview.md new file mode 100644 index 0000000000..ecb84b74b4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbidatasetsworkspacepreview.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIDatasetsWorkspacePreview +description: Reference for PowerBIDatasetsWorkspacePreview table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIDatasetsWorkspacePreview + +Contains Analysis Services engine process events such as the start of a batch or transaction e.g. execute query, process partition. Typically used to monitor the performance, health and usage of Power BI's data engine. Contains information per workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbidatasetsworkspacepreview](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbidatasetsworkspacepreview-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbireportusagetenant.md b/articles/azure-monitor/reference/tables/powerbireportusagetenant.md new file mode 100644 index 0000000000..4a2bc15d70 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbireportusagetenant.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIReportUsageTenant +description: Reference for PowerBIReportUsageTenant table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIReportUsageTenant + +Contains usage metric logs for open report and change report page for the workspaces on tenant level. Typically used to monitor usage of Power BI workspaces for customer tenant. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbireportusagetenant](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbireportusagetenant-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerbireportusageworkspace.md b/articles/azure-monitor/reference/tables/powerbireportusageworkspace.md new file mode 100644 index 0000000000..2744eac38c --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerbireportusageworkspace.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerBIReportUsageWorkspace +description: Reference for PowerBIReportUsageWorkspace table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerBIReportUsageWorkspace + +Contains usage metric logs for open report and change report page of Power BI on workspace level. Typically used to monitor Power BI workspace usage for customer workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [powerbireportusageworkspace](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerbireportusageworkspace-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerplatformadminactivity.md b/articles/azure-monitor/reference/tables/powerplatformadminactivity.md new file mode 100644 index 0000000000..ad564c1fad --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerplatformadminactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerPlatformAdminActivity +description: Reference for PowerPlatformAdminActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerPlatformAdminActivity + +Contains Microsoft Power Platform administrative activity logs that track events like creation, deletion, updates, to the Microsoft Power Platform environment. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/powerplatformadminactivity)| + + + +## Columns + +[!INCLUDE [powerplatformadminactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerplatformadminactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerplatformconnectoractivity.md b/articles/azure-monitor/reference/tables/powerplatformconnectoractivity.md new file mode 100644 index 0000000000..0f3d4a00fe --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerplatformconnectoractivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerPlatformConnectorActivity +description: Reference for PowerPlatformConnectorActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerPlatformConnectorActivity + +Contains Microsoft Power Platform Connector audit logs. It's typically used to track Power Platform Connector activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/powerplatformconnectoractivity)| + + + +## Columns + +[!INCLUDE [powerplatformconnectoractivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerplatformconnectoractivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/powerplatformdlpactivity.md b/articles/azure-monitor/reference/tables/powerplatformdlpactivity.md new file mode 100644 index 0000000000..d065a83c20 --- /dev/null +++ b/articles/azure-monitor/reference/tables/powerplatformdlpactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PowerPlatformDlpActivity +description: Reference for PowerPlatformDlpActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PowerPlatformDlpActivity + +Contains Microsoft Power Platform Data Loss Prevention (DLP) audit logs. It's typically used to track Power Platform DLP admin activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/powerplatformdlpactivity)| + + + +## Columns + +[!INCLUDE [powerplatformdlpactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/powerplatformdlpactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/projectactivity.md b/articles/azure-monitor/reference/tables/projectactivity.md new file mode 100644 index 0000000000..a2a016f9cd --- /dev/null +++ b/articles/azure-monitor/reference/tables/projectactivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ProjectActivity +description: Reference for ProjectActivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ProjectActivity + +Contains your Microsoft Project audit logs in order to track your Project activities. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/projectactivity)| + + + +## Columns + +[!INCLUDE [projectactivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/projectactivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/protectionstatus.md b/articles/azure-monitor/reference/tables/protectionstatus.md new file mode 100644 index 0000000000..1c9db577dd --- /dev/null +++ b/articles/azure-monitor/reference/tables/protectionstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ProtectionStatus +description: Reference for ProtectionStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ProtectionStatus + +Antimalware installation info and security health status of the machine: + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Security| +|**Solutions**| AntiMalware, Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/protectionstatus)| + + + +## Columns + +[!INCLUDE [protectionstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/protectionstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/purviewdatasensitivitylogs.md b/articles/azure-monitor/reference/tables/purviewdatasensitivitylogs.md new file mode 100644 index 0000000000..316e93383b --- /dev/null +++ b/articles/azure-monitor/reference/tables/purviewdatasensitivitylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PurviewDataSensitivityLogs +description: Reference for PurviewDataSensitivityLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PurviewDataSensitivityLogs + +Data Sensitivity information for assets scanned using Purview. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.securityinsights/purview,
microsoft.purview/accounts| +|**Categories**|Security, Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [purviewdatasensitivitylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/purviewdatasensitivitylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/purviewscanstatuslogs.md b/articles/azure-monitor/reference/tables/purviewscanstatuslogs.md new file mode 100644 index 0000000000..982771290c --- /dev/null +++ b/articles/azure-monitor/reference/tables/purviewscanstatuslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PurviewScanStatusLogs +description: Reference for PurviewScanStatusLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PurviewScanStatusLogs + +Status of the scan on the data sources. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.purview/accounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [purviewscanstatuslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/purviewscanstatuslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/purviewsecuritylogs.md b/articles/azure-monitor/reference/tables/purviewsecuritylogs.md new file mode 100644 index 0000000000..eb9e3012ed --- /dev/null +++ b/articles/azure-monitor/reference/tables/purviewsecuritylogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - PurviewSecurityLogs +description: Reference for PurviewSecurityLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# PurviewSecurityLogs + +Table containing audit events for the Purview account, such as role assignments to a collection or creation or deletion of a collection. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.purview/accounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/purviewsecuritylogs)| + + + +## Columns + +[!INCLUDE [purviewsecuritylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/purviewsecuritylogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/redconnectionevents.md b/articles/azure-monitor/reference/tables/redconnectionevents.md new file mode 100644 index 0000000000..1dd7aff3ab --- /dev/null +++ b/articles/azure-monitor/reference/tables/redconnectionevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - REDConnectionEvents +description: Reference for REDConnectionEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# REDConnectionEvents + +Logs the connection events when client connects to redis enterprise database. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.cache/redisenterprise| +|**Categories**|Azure Resources, Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/redconnectionevents)| + + + +## Columns + +[!INCLUDE [redconnectionevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/redconnectionevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/remotenetworkhealthlogs.md b/articles/azure-monitor/reference/tables/remotenetworkhealthlogs.md new file mode 100644 index 0000000000..6677217baf --- /dev/null +++ b/articles/azure-monitor/reference/tables/remotenetworkhealthlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - RemoteNetworkHealthLogs +description: Reference for RemoteNetworkHealthLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# RemoteNetworkHealthLogs + +This table is part of Identity and Network Access, which contains Remote Network Health logs. These logs can be leveraged for knowing the state of your remote networks health state. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Network, IT & Management Tools| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [remotenetworkhealthlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/remotenetworkhealthlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/resourcemanagementpublicaccesslogs.md b/articles/azure-monitor/reference/tables/resourcemanagementpublicaccesslogs.md new file mode 100644 index 0000000000..0370e80baf --- /dev/null +++ b/articles/azure-monitor/reference/tables/resourcemanagementpublicaccesslogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ResourceManagementPublicAccessLogs +description: Reference for ResourceManagementPublicAccessLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ResourceManagementPublicAccessLogs + +Contains Resource management private link analysis events such as the operations that are already blocked due to private link present at the scope or operations that would be blocked. Contains information from the entire tenant. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/resourcemanagementpublicaccesslogs)| + + + +## Columns + +[!INCLUDE [resourcemanagementpublicaccesslogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/resourcemanagementpublicaccesslogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/sccmassessmentrecommendation.md b/articles/azure-monitor/reference/tables/sccmassessmentrecommendation.md new file mode 100644 index 0000000000..b4a55bc441 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sccmassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SCCMAssessmentRecommendation +description: Reference for SCCMAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SCCMAssessmentRecommendation + +Recommendations generated by SCCM assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SCCMAssessmentPlus| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sccmassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sccmassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/scomassessmentrecommendation.md b/articles/azure-monitor/reference/tables/scomassessmentrecommendation.md new file mode 100644 index 0000000000..f4bb7dd4f3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/scomassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SCOMAssessmentRecommendation +description: Reference for SCOMAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SCOMAssessmentRecommendation + +Recommendations generated by SCOM assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SCOMAssessment, SCOMAssessmentPlus| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [scomassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/scomassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/securescorecontrols.md b/articles/azure-monitor/reference/tables/securescorecontrols.md new file mode 100644 index 0000000000..1eac00b03d --- /dev/null +++ b/articles/azure-monitor/reference/tables/securescorecontrols.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecureScoreControls +description: Reference for SecureScoreControls table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecureScoreControls + +Azure Security Center Secure Score per control. A control is a logical group of related security recommendations, its secure score reflects the security posture per the control. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securescorecontrols](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securescorecontrols-include.md)] diff --git a/articles/azure-monitor/reference/tables/securescores.md b/articles/azure-monitor/reference/tables/securescores.md new file mode 100644 index 0000000000..3c27eb5cbf --- /dev/null +++ b/articles/azure-monitor/reference/tables/securescores.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecureScores +description: Reference for SecureScores table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecureScores + +Azure Security Center overall Secure Scores per subscription. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securescores](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securescores-include.md)] diff --git a/articles/azure-monitor/reference/tables/securityattackpathdata.md b/articles/azure-monitor/reference/tables/securityattackpathdata.md new file mode 100644 index 0000000000..4d4e6e7d8b --- /dev/null +++ b/articles/azure-monitor/reference/tables/securityattackpathdata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityAttackPathData +description: Reference for SecurityAttackPathData table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityAttackPathData + +This tables contains attack paths that are being generated by Microsoft Defender for Cloud in order to detect potential breach paths of attackers to your cloud environment. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.security/security| +|**Categories**|Security| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/securityattackpathdata)| + + + +## Columns + +[!INCLUDE [securityattackpathdata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityattackpathdata-include.md)] diff --git a/articles/azure-monitor/reference/tables/securitybaseline.md b/articles/azure-monitor/reference/tables/securitybaseline.md new file mode 100644 index 0000000000..9dd4cc84a5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/securitybaseline.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityBaseline +description: Reference for SecurityBaseline table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityBaseline + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Security| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securitybaseline](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securitybaseline-include.md)] diff --git a/articles/azure-monitor/reference/tables/securitybaselinesummary.md b/articles/azure-monitor/reference/tables/securitybaselinesummary.md new file mode 100644 index 0000000000..34716986cb --- /dev/null +++ b/articles/azure-monitor/reference/tables/securitybaselinesummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityBaselineSummary +description: Reference for SecurityBaselineSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityBaselineSummary + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Security| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securitybaselinesummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securitybaselinesummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/securitydetection.md b/articles/azure-monitor/reference/tables/securitydetection.md new file mode 100644 index 0000000000..980568d124 --- /dev/null +++ b/articles/azure-monitor/reference/tables/securitydetection.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityDetection +description: Reference for SecurityDetection table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityDetection + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| Security| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securitydetection](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securitydetection-include.md)] diff --git a/articles/azure-monitor/reference/tables/securityevent.md b/articles/azure-monitor/reference/tables/securityevent.md new file mode 100644 index 0000000000..bd39cb3c6f --- /dev/null +++ b/articles/azure-monitor/reference/tables/securityevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityEvent +description: Reference for SecurityEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityEvent + +Security events collected from windows machines by Azure Security Center or Azure Sentinel. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.securityinsights/securityinsights,
microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Security| +|**Solutions**| Security, SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/securityevent)| + + + +## Columns + +[!INCLUDE [securityevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/securityincident.md b/articles/azure-monitor/reference/tables/securityincident.md new file mode 100644 index 0000000000..6c07a635af --- /dev/null +++ b/articles/azure-monitor/reference/tables/securityincident.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityIncident +description: Reference for SecurityIncident table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityIncident + +Incidents generated by security products. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securityincident](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityincident-include.md)] diff --git a/articles/azure-monitor/reference/tables/securityiotrawevent.md b/articles/azure-monitor/reference/tables/securityiotrawevent.md new file mode 100644 index 0000000000..78c214f7f5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/securityiotrawevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityIoTRawEvent +description: Reference for SecurityIoTRawEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityIoTRawEvent + +Table is part of Microsoft Defender for IoT. It contains IoT raw security event properties. These logs can be used to monitor your operational, diagnostic and security raw events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| AzureSecurityOfThings| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securityiotrawevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityiotrawevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/securitynestedrecommendation.md b/articles/azure-monitor/reference/tables/securitynestedrecommendation.md new file mode 100644 index 0000000000..6211c928e4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/securitynestedrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityNestedRecommendation +description: Reference for SecurityNestedRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityNestedRecommendation + +Nested recommendations can be thought of as 'sub' recommendations grouped into a 'parent' recommendation. To view nested recommendations, open the 'parent' from the recommendations page in Security Center. For example, if a vulnerability scan of your SQL databases returns 100 findings, each finding will be available as a nested recommendation within the parent recommendation 'Vulnerabilities on your SQL databases should be remediated'. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securitynestedrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securitynestedrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/securityrecommendation.md b/articles/azure-monitor/reference/tables/securityrecommendation.md new file mode 100644 index 0000000000..6e0ef3171c --- /dev/null +++ b/articles/azure-monitor/reference/tables/securityrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityRecommendation +description: Reference for SecurityRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityRecommendation + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| AzureSecurityOfThings, Security, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securityrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/securityregulatorycompliance.md b/articles/azure-monitor/reference/tables/securityregulatorycompliance.md new file mode 100644 index 0000000000..8f1f57316c --- /dev/null +++ b/articles/azure-monitor/reference/tables/securityregulatorycompliance.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SecurityRegulatoryCompliance +description: Reference for SecurityRegulatoryCompliance table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SecurityRegulatoryCompliance + +Azure Security Center regulatory compliance assessments state. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [securityregulatorycompliance](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityregulatorycompliance-include.md)] diff --git a/articles/azure-monitor/reference/tables/sentinelaudit.md b/articles/azure-monitor/reference/tables/sentinelaudit.md new file mode 100644 index 0000000000..0cfd10ce99 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sentinelaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SentinelAudit +description: Reference for SentinelAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SentinelAudit + +Audit logs for operations performed on Azure Sentinel resources, such as Data Connectors, Analytic Rules and more. These logs can be used to audit operations on your Sentinel resources. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security, Audit| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/sentinelaudit)| + + + +## Columns + +[!INCLUDE [sentinelaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sentinelaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/sentinelhealth.md b/articles/azure-monitor/reference/tables/sentinelhealth.md new file mode 100644 index 0000000000..88c1e5ba69 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sentinelhealth.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SentinelHealth +description: Reference for SentinelHealth table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SentinelHealth + +Audit logs for operations performed by Azure Sentinel resources such as Data Connectors, Analytic Rules and more. These logs can be used to monitor the health of your Sentinel resources. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sentinelhealth](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sentinelhealth-include.md)] diff --git a/articles/azure-monitor/reference/tables/servicefabricoperationalevent.md b/articles/azure-monitor/reference/tables/servicefabricoperationalevent.md new file mode 100644 index 0000000000..d3b9965ae7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/servicefabricoperationalevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ServiceFabricOperationalEvent +description: Reference for ServiceFabricOperationalEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ServiceFabricOperationalEvent + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [servicefabricoperationalevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/servicefabricoperationalevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/servicefabricreliableactorevent.md b/articles/azure-monitor/reference/tables/servicefabricreliableactorevent.md new file mode 100644 index 0000000000..c3c6c06f75 --- /dev/null +++ b/articles/azure-monitor/reference/tables/servicefabricreliableactorevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ServiceFabricReliableActorEvent +description: Reference for ServiceFabricReliableActorEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ServiceFabricReliableActorEvent + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [servicefabricreliableactorevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/servicefabricreliableactorevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/servicefabricreliableserviceevent.md b/articles/azure-monitor/reference/tables/servicefabricreliableserviceevent.md new file mode 100644 index 0000000000..a56c245807 --- /dev/null +++ b/articles/azure-monitor/reference/tables/servicefabricreliableserviceevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ServiceFabricReliableServiceEvent +description: Reference for ServiceFabricReliableServiceEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ServiceFabricReliableServiceEvent + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [servicefabricreliableserviceevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/servicefabricreliableserviceevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/sfbassessmentrecommendation.md b/articles/azure-monitor/reference/tables/sfbassessmentrecommendation.md new file mode 100644 index 0000000000..3ec347fd82 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sfbassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SfBAssessmentRecommendation +description: Reference for SfBAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SfBAssessmentRecommendation + +Recommendations generated by Skype for Business assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SfBAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sfbassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sfbassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/sfbonlineassessmentrecommendation.md b/articles/azure-monitor/reference/tables/sfbonlineassessmentrecommendation.md new file mode 100644 index 0000000000..aff244df4c --- /dev/null +++ b/articles/azure-monitor/reference/tables/sfbonlineassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SfBOnlineAssessmentRecommendation +description: Reference for SfBOnlineAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SfBOnlineAssessmentRecommendation + +Recommendations generated by Skype and Teams assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SfBOnlineAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sfbonlineassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sfbonlineassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/sharepointonlineassessmentrecommendation.md b/articles/azure-monitor/reference/tables/sharepointonlineassessmentrecommendation.md new file mode 100644 index 0000000000..64fce50ce3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sharepointonlineassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SharePointOnlineAssessmentRecommendation +description: Reference for SharePointOnlineAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SharePointOnlineAssessmentRecommendation + +Recommendations generated by SP Online assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SharePointOnlineAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sharepointonlineassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sharepointonlineassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/signalrservicediagnosticlogs.md b/articles/azure-monitor/reference/tables/signalrservicediagnosticlogs.md new file mode 100644 index 0000000000..b1e7ad1d53 --- /dev/null +++ b/articles/azure-monitor/reference/tables/signalrservicediagnosticlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SignalRServiceDiagnosticLogs +description: Reference for SignalRServiceDiagnosticLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SignalRServiceDiagnosticLogs + +Azure SignalR service diagnostic logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.signalrservice/signalr| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/signalrservicediagnosticlogs)| + + + +## Columns + +[!INCLUDE [signalrservicediagnosticlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/signalrservicediagnosticlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/signinlogs.md b/articles/azure-monitor/reference/tables/signinlogs.md new file mode 100644 index 0000000000..e09fdcb18a --- /dev/null +++ b/articles/azure-monitor/reference/tables/signinlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SigninLogs +description: Reference for SigninLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SigninLogs + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.graph/tenants| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/signinlogs)| + + + +## Columns + +[!INCLUDE [signinlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/signinlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/spassessmentrecommendation.md b/articles/azure-monitor/reference/tables/spassessmentrecommendation.md new file mode 100644 index 0000000000..af218874a8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/spassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SPAssessmentRecommendation +description: Reference for SPAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SPAssessmentRecommendation + +Recommendations generated by SP assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SPAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [spassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/spassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/sqlassessmentrecommendation.md b/articles/azure-monitor/reference/tables/sqlassessmentrecommendation.md new file mode 100644 index 0000000000..ff1d1e9bc0 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sqlassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SQLAssessmentRecommendation +description: Reference for SQLAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SQLAssessmentRecommendation + +Recommendations generated by SQL assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines| +|**Categories**|Workloads| +|**Solutions**| AzureResources, SQLAssessment, SQLAssessmentPlus| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/sqlassessmentrecommendation)| + + + +## Columns + +[!INCLUDE [sqlassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sqlassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/sqlatpstatus.md b/articles/azure-monitor/reference/tables/sqlatpstatus.md new file mode 100644 index 0000000000..b3fe23e29f --- /dev/null +++ b/articles/azure-monitor/reference/tables/sqlatpstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SqlAtpStatus +description: Reference for SqlAtpStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SqlAtpStatus + +SQL Advanced Threat Protection status log. The logs allows identifying machines connected to the workspace with SQL ATP and the protection status on each instance on those machines. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| SQLAdvancedThreatProtection| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sqlatpstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sqlatpstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/sqldataclassification.md b/articles/azure-monitor/reference/tables/sqldataclassification.md new file mode 100644 index 0000000000..ebe4f03da6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sqldataclassification.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SqlDataClassification +description: Reference for SqlDataClassification table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SqlDataClassification + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| SQLDataClassification| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sqldataclassification](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sqldataclassification-include.md)] diff --git a/articles/azure-monitor/reference/tables/sqlsecurityauditevents.md b/articles/azure-monitor/reference/tables/sqlsecurityauditevents.md new file mode 100644 index 0000000000..52fc733a67 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sqlsecurityauditevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SQLSecurityAuditEvents +description: Reference for SQLSecurityAuditEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SQLSecurityAuditEvents + +Azure Synapse SQL Audit Log. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sqlsecurityauditevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sqlsecurityauditevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/sqlvulnerabilityassessmentresult.md b/articles/azure-monitor/reference/tables/sqlvulnerabilityassessmentresult.md new file mode 100644 index 0000000000..9b7f6ef312 --- /dev/null +++ b/articles/azure-monitor/reference/tables/sqlvulnerabilityassessmentresult.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SqlVulnerabilityAssessmentResult +description: Reference for SqlVulnerabilityAssessmentResult table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SqlVulnerabilityAssessmentResult + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| SQLThreatDetection, SQLVulnerabilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sqlvulnerabilityassessmentresult](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sqlvulnerabilityassessmentresult-include.md)] diff --git a/articles/azure-monitor/reference/tables/sqlvulnerabilityassessmentscanstatus.md b/articles/azure-monitor/reference/tables/sqlvulnerabilityassessmentscanstatus.md new file mode 100644 index 0000000000..7f7d98d58c --- /dev/null +++ b/articles/azure-monitor/reference/tables/sqlvulnerabilityassessmentscanstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SqlVulnerabilityAssessmentScanStatus +description: Reference for SqlVulnerabilityAssessmentScanStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SqlVulnerabilityAssessmentScanStatus + +SQL Vulnerability Assesment Heartbeat Log. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| SQLVulnerabilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [sqlvulnerabilityassessmentscanstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/sqlvulnerabilityassessmentscanstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagebloblogs.md b/articles/azure-monitor/reference/tables/storagebloblogs.md new file mode 100644 index 0000000000..f1807a823b --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagebloblogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageBlobLogs +description: Reference for StorageBlobLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageBlobLogs + +Storage Blob Service Logs Schema + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storage/storageaccounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/storagebloblogs)| + + + +## Columns + +[!INCLUDE [storagebloblogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagebloblogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagecacheoperationevents.md b/articles/azure-monitor/reference/tables/storagecacheoperationevents.md new file mode 100644 index 0000000000..e84616d71a --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagecacheoperationevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageCacheOperationEvents +description: Reference for StorageCacheOperationEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageCacheOperationEvents + +Logs for Azure HPC Cache API requests. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagecache/caches| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/storagecacheoperationevents)| + + + +## Columns + +[!INCLUDE [storagecacheoperationevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagecacheoperationevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagecacheupgradeevents.md b/articles/azure-monitor/reference/tables/storagecacheupgradeevents.md new file mode 100644 index 0000000000..fe255905b9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagecacheupgradeevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageCacheUpgradeEvents +description: Reference for StorageCacheUpgradeEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageCacheUpgradeEvents + +Logs for Azure HPC Cache firmware upgrade events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagecache/caches| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/storagecacheupgradeevents)| + + + +## Columns + +[!INCLUDE [storagecacheupgradeevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagecacheupgradeevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagecachewarningevents.md b/articles/azure-monitor/reference/tables/storagecachewarningevents.md new file mode 100644 index 0000000000..0325f89134 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagecachewarningevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageCacheWarningEvents +description: Reference for StorageCacheWarningEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageCacheWarningEvents + +Logs for Azure HPC Cache warning events. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagecache/caches| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/storagecachewarningevents)| + + + +## Columns + +[!INCLUDE [storagecachewarningevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagecachewarningevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagefilelogs.md b/articles/azure-monitor/reference/tables/storagefilelogs.md new file mode 100644 index 0000000000..0c0162de47 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagefilelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageFileLogs +description: Reference for StorageFileLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageFileLogs + +Storage File Service Logs Schema + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storage/storageaccounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [storagefilelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagefilelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagemalwarescanningresults.md b/articles/azure-monitor/reference/tables/storagemalwarescanningresults.md new file mode 100644 index 0000000000..3be1516e23 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagemalwarescanningresults.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageMalwareScanningResults +description: Reference for StorageMalwareScanningResults table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageMalwareScanningResults + +Logs for malware scans performed by the Malware Scanning feature of Defender in Storage. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.security/defenderforstoragesettings| +|**Categories**|Azure Resources, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/storagemalwarescanningresults)| + + + +## Columns + +[!INCLUDE [storagemalwarescanningresults](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagemalwarescanningresults-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagemovercopylogsfailed.md b/articles/azure-monitor/reference/tables/storagemovercopylogsfailed.md new file mode 100644 index 0000000000..9226f319f5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagemovercopylogsfailed.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageMoverCopyLogsFailed +description: Reference for StorageMoverCopyLogsFailed table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageMoverCopyLogsFailed + +The result logs generated during the execution of Storage Mover job runs where the transfer result is 'Failed'. The logs include the details of the scanned items and their transfer result. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagemover/storagemovers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [storagemovercopylogsfailed](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagemovercopylogsfailed-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagemovercopylogstransferred.md b/articles/azure-monitor/reference/tables/storagemovercopylogstransferred.md new file mode 100644 index 0000000000..e8a4d87171 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagemovercopylogstransferred.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageMoverCopyLogsTransferred +description: Reference for StorageMoverCopyLogsTransferred table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageMoverCopyLogsTransferred + +The result logs generated during the execution of Storage Mover job runs where the transfer result is 'Transferred'. The logs include the details of the scanned items and their transfer result. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagemover/storagemovers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [storagemovercopylogstransferred](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagemovercopylogstransferred-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagemoverjobrunlogs.md b/articles/azure-monitor/reference/tables/storagemoverjobrunlogs.md new file mode 100644 index 0000000000..a7fdae6f75 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagemoverjobrunlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageMoverJobRunLogs +description: Reference for StorageMoverJobRunLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageMoverJobRunLogs + +Logs associated with Storage Mover job runs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storagemover/storagemovers| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [storagemoverjobrunlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagemoverjobrunlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagequeuelogs.md b/articles/azure-monitor/reference/tables/storagequeuelogs.md new file mode 100644 index 0000000000..11a82f7954 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagequeuelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageQueueLogs +description: Reference for StorageQueueLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageQueueLogs + +Storage Queue Service Logs Schema + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storage/storageaccounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [storagequeuelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagequeuelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/storagetablelogs.md b/articles/azure-monitor/reference/tables/storagetablelogs.md new file mode 100644 index 0000000000..7c12554d16 --- /dev/null +++ b/articles/azure-monitor/reference/tables/storagetablelogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - StorageTableLogs +description: Reference for StorageTableLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# StorageTableLogs + +Storage Table Service Logs Schema + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.storage/storageaccounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [storagetablelogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/storagetablelogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/succeededingestion.md b/articles/azure-monitor/reference/tables/succeededingestion.md new file mode 100644 index 0000000000..2d7787d7ea --- /dev/null +++ b/articles/azure-monitor/reference/tables/succeededingestion.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SucceededIngestion +description: Reference for SucceededIngestion table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SucceededIngestion + +Succeeded ingestion operations logs provide information about successfully completed ingest operations. Logs include data source details that together with `Failed ingestion operations` logs can be used for tracking the process of ingestion of each data source. Ingestion logs are supported for queued ingestion to the ingestion endpoint using SDKs, data connections, and connectors. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kusto/clusters| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/succeededingestion)| + + + +## Columns + +[!INCLUDE [succeededingestion](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/succeededingestion-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsebigdatapoolapplicationsended.md b/articles/azure-monitor/reference/tables/synapsebigdatapoolapplicationsended.md new file mode 100644 index 0000000000..5d931494de --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsebigdatapoolapplicationsended.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseBigDataPoolApplicationsEnded +description: Reference for SynapseBigDataPoolApplicationsEnded table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseBigDataPoolApplicationsEnded + +Information about ended Apache Spark applications. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsebigdatapoolapplicationsended](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsebigdatapoolapplicationsended-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsebuiltinsqlpoolrequestsended.md b/articles/azure-monitor/reference/tables/synapsebuiltinsqlpoolrequestsended.md new file mode 100644 index 0000000000..4d507dc8ef --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsebuiltinsqlpoolrequestsended.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseBuiltinSqlPoolRequestsEnded +description: Reference for SynapseBuiltinSqlPoolRequestsEnded table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseBuiltinSqlPoolRequestsEnded + +Ended Azure Synapse built-in serverless SQL requests. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsebuiltinsqlpoolrequestsended](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsebuiltinsqlpoolrequestsended-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxcommand.md b/articles/azure-monitor/reference/tables/synapsedxcommand.md new file mode 100644 index 0000000000..f32e910888 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxcommand.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXCommand +description: Reference for SynapseDXCommand table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXCommand + +Azure data explorer synapse command execution summary. Logs include DatabaseName, State, Duration that can be used for monitoring the commands which were invoked on the cluster + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxcommand](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxcommand-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxfailedingestion.md b/articles/azure-monitor/reference/tables/synapsedxfailedingestion.md new file mode 100644 index 0000000000..e671fbc515 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxfailedingestion.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXFailedIngestion +description: Reference for SynapseDXFailedIngestion table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXFailedIngestion + +Failed ingestion operations logs provide detailed information about failed ingest operations. Logs include data source details, as well as error code and failure status (transient or permanent), that can be used for tracking the process of data source ingestion. Users can identify usage errors (permanent bad requests) and handle retries of transient failures. Ingestion logs are supported for queued ingestion to the ingestion endpoint using SDKs, data connections, and connectors + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxfailedingestion](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxfailedingestion-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxingestionbatching.md b/articles/azure-monitor/reference/tables/synapsedxingestionbatching.md new file mode 100644 index 0000000000..00f20b6b00 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxingestionbatching.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXIngestionBatching +description: Reference for SynapseDXIngestionBatching table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXIngestionBatching + +Azure data explore synapse ingestion batching operations. These logs have detailed statistics of batches ready for ingestion (duration, batch size and blobs count) + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxingestionbatching](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxingestionbatching-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxquery.md b/articles/azure-monitor/reference/tables/synapsedxquery.md new file mode 100644 index 0000000000..97e06d479a --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxquery.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXQuery +description: Reference for SynapseDXQuery table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXQuery + +Azure data explorer synpase query execution summary. Logs include DatabaseName, State, Duration that can be used for monitoring the queries which were invoked on the cluster + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxquery](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxquery-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxsucceededingestion.md b/articles/azure-monitor/reference/tables/synapsedxsucceededingestion.md new file mode 100644 index 0000000000..ff34b8bae3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxsucceededingestion.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXSucceededIngestion +description: Reference for SynapseDXSucceededIngestion table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXSucceededIngestion + +Succeeded ingestion operations logs provide information about successfully completed ingest operations. Logs include data source details that together with `Failed ingestion operations` logs can be used for tracking the process of ingestion of each data source. Ingestion logs are supported for queued ingestion to the ingestion endpoint using SDKs, data connections, and connectors + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxsucceededingestion](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxsucceededingestion-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxtabledetails.md b/articles/azure-monitor/reference/tables/synapsedxtabledetails.md new file mode 100644 index 0000000000..3a2f580271 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxtabledetails.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXTableDetails +description: Reference for SynapseDXTableDetails table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXTableDetails + +Azure Data Explorer Synpase table details + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxtabledetails](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxtabledetails-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsedxtableusagestatistics.md b/articles/azure-monitor/reference/tables/synapsedxtableusagestatistics.md new file mode 100644 index 0000000000..7764c900fb --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsedxtableusagestatistics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseDXTableUsageStatistics +description: Reference for SynapseDXTableUsageStatistics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseDXTableUsageStatistics + +Azure date explorer synapse table usage statistics. Logs include DatabaseName, TableName, User that can be used for monitoring cluster's table usage + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsedxtableusagestatistics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsedxtableusagestatistics-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsegatewayapirequests.md b/articles/azure-monitor/reference/tables/synapsegatewayapirequests.md new file mode 100644 index 0000000000..082be248e9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsegatewayapirequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseGatewayApiRequests +description: Reference for SynapseGatewayApiRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseGatewayApiRequests + +Azure Synapse gateway API requests. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsegatewayapirequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsegatewayapirequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsegatewayevents.md b/articles/azure-monitor/reference/tables/synapsegatewayevents.md new file mode 100644 index 0000000000..864ae5a9db --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsegatewayevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseGatewayEvents +description: Reference for SynapseGatewayEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseGatewayEvents + +Logs for all user requests that go through gateway on synapse. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsegatewayevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsegatewayevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapseintegrationactivityruns.md b/articles/azure-monitor/reference/tables/synapseintegrationactivityruns.md new file mode 100644 index 0000000000..04a2dda137 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapseintegrationactivityruns.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseIntegrationActivityRuns +description: Reference for SynapseIntegrationActivityRuns table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseIntegrationActivityRuns + +Logs for Synapse integration activity runs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapseintegrationactivityruns](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapseintegrationactivityruns-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapseintegrationpipelineruns.md b/articles/azure-monitor/reference/tables/synapseintegrationpipelineruns.md new file mode 100644 index 0000000000..c2e4ae731b --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapseintegrationpipelineruns.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseIntegrationPipelineRuns +description: Reference for SynapseIntegrationPipelineRuns table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseIntegrationPipelineRuns + +Logs for Synapse integration pipeline runs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapseintegrationpipelineruns](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapseintegrationpipelineruns-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapseintegrationtriggerruns.md b/articles/azure-monitor/reference/tables/synapseintegrationtriggerruns.md new file mode 100644 index 0000000000..e718ea9865 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapseintegrationtriggerruns.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseIntegrationTriggerRuns +description: Reference for SynapseIntegrationTriggerRuns table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseIntegrationTriggerRuns + +Logs for Synapse integration trigger runs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapseintegrationtriggerruns](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapseintegrationtriggerruns-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapselinkevent.md b/articles/azure-monitor/reference/tables/synapselinkevent.md new file mode 100644 index 0000000000..46c5e22146 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapselinkevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseLinkEvent +description: Reference for SynapseLinkEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseLinkEvent + +Information about Synapse Link, including Link status and Link table status. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/synapselinkevent)| + + + +## Columns + +[!INCLUDE [synapselinkevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapselinkevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapserbacevents.md b/articles/azure-monitor/reference/tables/synapserbacevents.md new file mode 100644 index 0000000000..e03cdac0a9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapserbacevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseRBACEvents +description: Reference for SynapseRBACEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseRBACEvents + +Logs for RBAC changes performed by user on synapse. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapserbacevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapserbacevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapserbacoperations.md b/articles/azure-monitor/reference/tables/synapserbacoperations.md new file mode 100644 index 0000000000..947b70ef4b --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapserbacoperations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseRbacOperations +description: Reference for SynapseRbacOperations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseRbacOperations + +Azure Synapse role-based access control (SRBAC) operations. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapserbacoperations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapserbacoperations-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsescopepoolscopejobsended.md b/articles/azure-monitor/reference/tables/synapsescopepoolscopejobsended.md new file mode 100644 index 0000000000..0d6b66861f --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsescopepoolscopejobsended.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseScopePoolScopeJobsEnded +description: Reference for SynapseScopePoolScopeJobsEnded table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseScopePoolScopeJobsEnded + +SCOPE ended event including SCOPE job result and Information about the job. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsescopepoolscopejobsended](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsescopepoolscopejobsended-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsescopepoolscopejobsstatechange.md b/articles/azure-monitor/reference/tables/synapsescopepoolscopejobsstatechange.md new file mode 100644 index 0000000000..be0f2d933b --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsescopepoolscopejobsstatechange.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseScopePoolScopeJobsStateChange +description: Reference for SynapseScopePoolScopeJobsStateChange table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseScopePoolScopeJobsStateChange + +SCOPE job state change event. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsescopepoolscopejobsstatechange](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsescopepoolscopejobsstatechange-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsesqlpooldmsworkers.md b/articles/azure-monitor/reference/tables/synapsesqlpooldmsworkers.md new file mode 100644 index 0000000000..f63ad4f806 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsesqlpooldmsworkers.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseSqlPoolDmsWorkers +description: Reference for SynapseSqlPoolDmsWorkers table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseSqlPoolDmsWorkers + +Information about workers completing DMS steps in an Azure Synapse dedicated SQL pool. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsesqlpooldmsworkers](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsesqlpooldmsworkers-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsesqlpoolexecrequests.md b/articles/azure-monitor/reference/tables/synapsesqlpoolexecrequests.md new file mode 100644 index 0000000000..e75d717964 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsesqlpoolexecrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseSqlPoolExecRequests +description: Reference for SynapseSqlPoolExecRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseSqlPoolExecRequests + +Information about SQL requests or queries in an Azure Synapse dedicated SQL pool. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsesqlpoolexecrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsesqlpoolexecrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsesqlpoolrequeststeps.md b/articles/azure-monitor/reference/tables/synapsesqlpoolrequeststeps.md new file mode 100644 index 0000000000..0d61b60dda --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsesqlpoolrequeststeps.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseSqlPoolRequestSteps +description: Reference for SynapseSqlPoolRequestSteps table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseSqlPoolRequestSteps + +Information about request steps that compose a given SQL request or query in an Azure Synapse dedicated SQL pool. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsesqlpoolrequeststeps](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsesqlpoolrequeststeps-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsesqlpoolsqlrequests.md b/articles/azure-monitor/reference/tables/synapsesqlpoolsqlrequests.md new file mode 100644 index 0000000000..35ff78bc66 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsesqlpoolsqlrequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseSqlPoolSqlRequests +description: Reference for SynapseSqlPoolSqlRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseSqlPoolSqlRequests + +Information about query distributions of the steps of SQL requests/queries in an Azure Synapse dedicated SQL pool. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsesqlpoolsqlrequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsesqlpoolsqlrequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/synapsesqlpoolwaits.md b/articles/azure-monitor/reference/tables/synapsesqlpoolwaits.md new file mode 100644 index 0000000000..1bce37cd45 --- /dev/null +++ b/articles/azure-monitor/reference/tables/synapsesqlpoolwaits.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - SynapseSqlPoolWaits +description: Reference for SynapseSqlPoolWaits table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# SynapseSqlPoolWaits + +Information about the wait states encountered during execution of a SQL request/query in an Azure Synapse dedicated SQL pool, including locks and waits on transmission queues. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.synapse/workspaces| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [synapsesqlpoolwaits](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/synapsesqlpoolwaits-include.md)] diff --git a/articles/azure-monitor/reference/tables/syslog.md b/articles/azure-monitor/reference/tables/syslog.md new file mode 100644 index 0000000000..f426acb6d1 --- /dev/null +++ b/articles/azure-monitor/reference/tables/syslog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Syslog +description: Reference for Syslog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Syslog + +Syslog events on Linux computers using the Log Analytics agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.kubernetes/connectedclusters,
microsoft.containerservice/managedclusters,
microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters| +|**Categories**|Virtual Machines, Security| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/syslog)| + + + +## Columns + +[!INCLUDE [syslog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/syslog-include.md)] diff --git a/articles/azure-monitor/reference/tables/threatintelligenceindicator.md b/articles/azure-monitor/reference/tables/threatintelligenceindicator.md new file mode 100644 index 0000000000..dc92a338e5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/threatintelligenceindicator.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - ThreatIntelligenceIndicator +description: Reference for ThreatIntelligenceIndicator table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# ThreatIntelligenceIndicator + +Threat Intelligence Indicator + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [threatintelligenceindicator](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/threatintelligenceindicator-include.md)] diff --git a/articles/azure-monitor/reference/tables/tsiingress.md b/articles/azure-monitor/reference/tables/tsiingress.md new file mode 100644 index 0000000000..e9d854cbfc --- /dev/null +++ b/articles/azure-monitor/reference/tables/tsiingress.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - TSIIngress +description: Reference for TSIIngress table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# TSIIngress + +The Ingress category tracks errors that occur in the ingress pipeline. This category includes errors that occur when receiving events (such as failures to connect to an Event Source) and processing events (such as errors when parsing an event payload). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.timeseriesinsights/environments| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/tsiingress)| + + + +## Columns + +[!INCLUDE [tsiingress](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/tsiingress-include.md)] diff --git a/articles/azure-monitor/reference/tables/uaapp.md b/articles/azure-monitor/reference/tables/uaapp.md new file mode 100644 index 0000000000..e25bdd2360 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uaapp.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAApp +description: Reference for UAApp table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAApp + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uaapp](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uaapp-include.md)] diff --git a/articles/azure-monitor/reference/tables/uacomputer.md b/articles/azure-monitor/reference/tables/uacomputer.md new file mode 100644 index 0000000000..0f687806cf --- /dev/null +++ b/articles/azure-monitor/reference/tables/uacomputer.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAComputer +description: Reference for UAComputer table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAComputer + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uacomputer](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uacomputer-include.md)] diff --git a/articles/azure-monitor/reference/tables/uacomputerrank.md b/articles/azure-monitor/reference/tables/uacomputerrank.md new file mode 100644 index 0000000000..3dc65f66a9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uacomputerrank.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAComputerRank +description: Reference for UAComputerRank table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAComputerRank + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uacomputerrank](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uacomputerrank-include.md)] diff --git a/articles/azure-monitor/reference/tables/uadriver.md b/articles/azure-monitor/reference/tables/uadriver.md new file mode 100644 index 0000000000..5438fac300 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uadriver.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UADriver +description: Reference for UADriver table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UADriver + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uadriver](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uadriver-include.md)] diff --git a/articles/azure-monitor/reference/tables/uadriverproblemcodes.md b/articles/azure-monitor/reference/tables/uadriverproblemcodes.md new file mode 100644 index 0000000000..f7250a2417 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uadriverproblemcodes.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UADriverProblemCodes +description: Reference for UADriverProblemCodes table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UADriverProblemCodes + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uadriverproblemcodes](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uadriverproblemcodes-include.md)] diff --git a/articles/azure-monitor/reference/tables/uafeedback.md b/articles/azure-monitor/reference/tables/uafeedback.md new file mode 100644 index 0000000000..5dee8918b3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uafeedback.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAFeedback +description: Reference for UAFeedback table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAFeedback + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uafeedback](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uafeedback-include.md)] diff --git a/articles/azure-monitor/reference/tables/uaiesitediscovery.md b/articles/azure-monitor/reference/tables/uaiesitediscovery.md new file mode 100644 index 0000000000..c79b67ee96 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uaiesitediscovery.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAIESiteDiscovery +description: Reference for UAIESiteDiscovery table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAIESiteDiscovery + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uaiesitediscovery](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uaiesitediscovery-include.md)] diff --git a/articles/azure-monitor/reference/tables/uaofficeaddin.md b/articles/azure-monitor/reference/tables/uaofficeaddin.md new file mode 100644 index 0000000000..3e2885bf65 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uaofficeaddin.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAOfficeAddIn +description: Reference for UAOfficeAddIn table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAOfficeAddIn + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uaofficeaddin](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uaofficeaddin-include.md)] diff --git a/articles/azure-monitor/reference/tables/uaproposedactionplan.md b/articles/azure-monitor/reference/tables/uaproposedactionplan.md new file mode 100644 index 0000000000..5a231b13f5 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uaproposedactionplan.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAProposedActionPlan +description: Reference for UAProposedActionPlan table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAProposedActionPlan + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uaproposedactionplan](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uaproposedactionplan-include.md)] diff --git a/articles/azure-monitor/reference/tables/uasysreqissue.md b/articles/azure-monitor/reference/tables/uasysreqissue.md new file mode 100644 index 0000000000..a50ef7ec45 --- /dev/null +++ b/articles/azure-monitor/reference/tables/uasysreqissue.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UASysReqIssue +description: Reference for UASysReqIssue table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UASysReqIssue + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uasysreqissue](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uasysreqissue-include.md)] diff --git a/articles/azure-monitor/reference/tables/uaupgradedcomputer.md b/articles/azure-monitor/reference/tables/uaupgradedcomputer.md new file mode 100644 index 0000000000..ff5a0ba98c --- /dev/null +++ b/articles/azure-monitor/reference/tables/uaupgradedcomputer.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UAUpgradedComputer +description: Reference for UAUpgradedComputer table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UAUpgradedComputer + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| CompatibilityAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [uaupgradedcomputer](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/uaupgradedcomputer-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucclient.md b/articles/azure-monitor/reference/tables/ucclient.md new file mode 100644 index 0000000000..a90fbbb90a --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucclient.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCClient +description: Reference for UCClient table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCClient + +Update Compliance - This event acts as an individual device's record, containing data like the current build installed, device's name, the OS Edition, active hours (quantitative), and so on. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ucclient](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucclient-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucclientreadinessstatus.md b/articles/azure-monitor/reference/tables/ucclientreadinessstatus.md new file mode 100644 index 0000000000..f9f6629db7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucclientreadinessstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCClientReadinessStatus +description: Reference for UCClientReadinessStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCClientReadinessStatus + +Update Compliance - Status message for an UC client device, which indicates update readiness of the given device for a specific target version. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ucclientreadinessstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucclientreadinessstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucclientupdatestatus.md b/articles/azure-monitor/reference/tables/ucclientupdatestatus.md new file mode 100644 index 0000000000..77de3e7676 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucclientupdatestatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCClientUpdateStatus +description: Reference for UCClientUpdateStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCClientUpdateStatus + +Update Compliance - Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ucclientupdatestatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucclientupdatestatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucdevicealert.md b/articles/azure-monitor/reference/tables/ucdevicealert.md new file mode 100644 index 0000000000..4afa4c720e --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucdevicealert.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCDeviceAlert +description: Reference for UCDeviceAlert table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCDeviceAlert + +Update Compliance - These alerts are activated as a result of an issue that is device-specific, and is not specific to a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as the fact it is on a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in WUfB DS will be a ServiceDeviceAlert, as it is a device-wide state in the service to not be correctly registered. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ucdevicealert](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucdevicealert-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucdoaggregatedstatus.md b/articles/azure-monitor/reference/tables/ucdoaggregatedstatus.md new file mode 100644 index 0000000000..f2d74625ad --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucdoaggregatedstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCDOAggregatedStatus +description: Reference for UCDOAggregatedStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCDOAggregatedStatus + +Update Compliance - aggregates all individual UCDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled to delivery. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ucdoaggregatedstatus)| + + + +## Columns + +[!INCLUDE [ucdoaggregatedstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucdoaggregatedstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucdostatus.md b/articles/azure-monitor/reference/tables/ucdostatus.md new file mode 100644 index 0000000000..008848beb3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucdostatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCDOStatus +description: Reference for UCDOStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCDOStatus + +Update Compliance - provides information, for a single device, on their bandwidth utilization across content types in the event they use delivery optimization. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/ucdostatus)| + + + +## Columns + +[!INCLUDE [ucdostatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucdostatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucserviceupdatestatus.md b/articles/azure-monitor/reference/tables/ucserviceupdatestatus.md new file mode 100644 index 0000000000..eaa51c5935 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucserviceupdatestatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCServiceUpdateStatus +description: Reference for UCServiceUpdateStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCServiceUpdateStatus + +Update Compliance - Update Event that comes directly from the service-side, and only tells the "service-side" of the story, for one device (client), and one update, in one deployment. As such, this event is stripped of certain fields in favor of being able to show data in near real-time. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ucserviceupdatestatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucserviceupdatestatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/ucupdatealert.md b/articles/azure-monitor/reference/tables/ucupdatealert.md new file mode 100644 index 0000000000..3d83efb388 --- /dev/null +++ b/articles/azure-monitor/reference/tables/ucupdatealert.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UCUpdateAlert +description: Reference for UCUpdateAlert table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UCUpdateAlert + +Update Compliance - Alert for both Client and Service Update, will contain information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert will not necessarily contain client-side statuses. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|-| +|**Solutions**| LogManagement, WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [ucupdatealert](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/ucupdatealert-include.md)] diff --git a/articles/azure-monitor/reference/tables/update.md b/articles/azure-monitor/reference/tables/update.md new file mode 100644 index 0000000000..ac2935d2eb --- /dev/null +++ b/articles/azure-monitor/reference/tables/update.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Update +description: Reference for Update table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Update + +Details for update schedule run. Includes information such as which updates where available and which were installed. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.automation/automationaccounts| +|**Categories**|IT & Management Tools, Security| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree, Updates| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/update)| + + + +## Columns + +[!INCLUDE [update](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/update-include.md)] diff --git a/articles/azure-monitor/reference/tables/updaterunprogress.md b/articles/azure-monitor/reference/tables/updaterunprogress.md new file mode 100644 index 0000000000..4cc85ecc7b --- /dev/null +++ b/articles/azure-monitor/reference/tables/updaterunprogress.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UpdateRunProgress +description: Reference for UpdateRunProgress table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UpdateRunProgress + +Breaks down each run of your update schedule by the patches available at the time with details on the installation status of each patch. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.automation/automationaccounts| +|**Categories**|IT & Management Tools| +|**Solutions**| Updates| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/updaterunprogress)| + + + +## Columns + +[!INCLUDE [updaterunprogress](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/updaterunprogress-include.md)] diff --git a/articles/azure-monitor/reference/tables/updatesummary.md b/articles/azure-monitor/reference/tables/updatesummary.md new file mode 100644 index 0000000000..d0aa4eaf06 --- /dev/null +++ b/articles/azure-monitor/reference/tables/updatesummary.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UpdateSummary +description: Reference for UpdateSummary table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UpdateSummary + +Summary for each update schedule run. Includes information such as how many updates were not installed. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.automation/automationaccounts| +|**Categories**|Virtual Machines| +|**Solutions**| Security, SecurityCenter, SecurityCenterFree, Updates| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/updatesummary)| + + + +## Columns + +[!INCLUDE [updatesummary](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/updatesummary-include.md)] diff --git a/articles/azure-monitor/reference/tables/urlclickevents.md b/articles/azure-monitor/reference/tables/urlclickevents.md new file mode 100644 index 0000000000..9bf28a6a10 --- /dev/null +++ b/articles/azure-monitor/reference/tables/urlclickevents.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UrlClickEvents +description: Reference for UrlClickEvents table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UrlClickEvents + +Events involving URLs clicked, selected, or requested on Microsoft Defender for Office 365. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/urlclickevents)| + + + +## Columns + +[!INCLUDE [urlclickevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/urlclickevents-include.md)] diff --git a/articles/azure-monitor/reference/tables/usage.md b/articles/azure-monitor/reference/tables/usage.md new file mode 100644 index 0000000000..b9135bad05 --- /dev/null +++ b/articles/azure-monitor/reference/tables/usage.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Usage +description: Reference for Usage table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Usage + +Hourly usage data for each table in the workspace. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Azure Monitor| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/usage)| + + + +## Columns + +[!INCLUDE [usage](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/usage-include.md)] diff --git a/articles/azure-monitor/reference/tables/useraccessanalytics.md b/articles/azure-monitor/reference/tables/useraccessanalytics.md new file mode 100644 index 0000000000..2a71becc88 --- /dev/null +++ b/articles/azure-monitor/reference/tables/useraccessanalytics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UserAccessAnalytics +description: Reference for UserAccessAnalytics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UserAccessAnalytics + +This analytics table, for a given user, provides the direct or transitive access to Azure resources. For example, if the user under investigation is Jane Smith, Access Analytics calculates all the Azure subscriptions that she either can access directly, via groups or serviceprincipals. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| BehaviorAnalyticsInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [useraccessanalytics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/useraccessanalytics-include.md)] diff --git a/articles/azure-monitor/reference/tables/userpeeranalytics.md b/articles/azure-monitor/reference/tables/userpeeranalytics.md new file mode 100644 index 0000000000..92ce81a160 --- /dev/null +++ b/articles/azure-monitor/reference/tables/userpeeranalytics.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - UserPeerAnalytics +description: Reference for UserPeerAnalytics table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# UserPeerAnalytics + +This analytics table, for a given user, provides a ranked list of peers. For example, if the user is Jane Smith, Peer Analytics calculates all of Jane's peers based on her mailing list, security groups, etc and provides the top 20 of her peers. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| BehaviorAnalyticsInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [userpeeranalytics](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/userpeeranalytics-include.md)] diff --git a/articles/azure-monitor/reference/tables/vcoremongorequests.md b/articles/azure-monitor/reference/tables/vcoremongorequests.md new file mode 100644 index 0000000000..5cfa298452 --- /dev/null +++ b/articles/azure-monitor/reference/tables/vcoremongorequests.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VCoreMongoRequests +description: Reference for VCoreMongoRequests table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VCoreMongoRequests + +This table details data plane requests for MongoDB (vCore). + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.documentdb/mongoclusters| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/vcoremongorequests)| + + + +## Columns + +[!INCLUDE [vcoremongorequests](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/vcoremongorequests-include.md)] diff --git a/articles/azure-monitor/reference/tables/viaudit.md b/articles/azure-monitor/reference/tables/viaudit.md new file mode 100644 index 0000000000..7d8195d8a6 --- /dev/null +++ b/articles/azure-monitor/reference/tables/viaudit.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VIAudit +description: Reference for VIAudit table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VIAudit + +Audit logs from Video Indexer. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.videoindexer/accounts| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/viaudit)| + + + +## Columns + +[!INCLUDE [viaudit](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/viaudit-include.md)] diff --git a/articles/azure-monitor/reference/tables/viindexing.md b/articles/azure-monitor/reference/tables/viindexing.md new file mode 100644 index 0000000000..b5bb746673 --- /dev/null +++ b/articles/azure-monitor/reference/tables/viindexing.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VIIndexing +description: Reference for VIIndexing table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VIIndexing + +Indexing logs from Video Indexer. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.videoindexer/accounts| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/viindexing)| + + + +## Columns + +[!INCLUDE [viindexing](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/viindexing-include.md)] diff --git a/articles/azure-monitor/reference/tables/vmboundport.md b/articles/azure-monitor/reference/tables/vmboundport.md new file mode 100644 index 0000000000..6933ce9856 --- /dev/null +++ b/articles/azure-monitor/reference/tables/vmboundport.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VMBoundPort +description: Reference for VMBoundPort table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VMBoundPort + +Traffic for open server ports on the monitored machine. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Virtual Machines| +|**Solutions**| AzureResources, InfrastructureInsights, ServiceMap, VMInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [vmboundport](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/vmboundport-include.md)] diff --git a/articles/azure-monitor/reference/tables/vmcomputer.md b/articles/azure-monitor/reference/tables/vmcomputer.md new file mode 100644 index 0000000000..e872c3583d --- /dev/null +++ b/articles/azure-monitor/reference/tables/vmcomputer.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VMComputer +description: Reference for VMComputer table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VMComputer + +Inventory data for servers collected by the Service Map and VM Insights solutions using the Dependency agent and Log analytics agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Virtual Machines| +|**Solutions**| AzureResources, ServiceMap, VMInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [vmcomputer](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/vmcomputer-include.md)] diff --git a/articles/azure-monitor/reference/tables/vmconnection.md b/articles/azure-monitor/reference/tables/vmconnection.md new file mode 100644 index 0000000000..851d4f46e4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/vmconnection.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VMConnection +description: Reference for VMConnection table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VMConnection + +Traffic for inbound and outbound connections to and from monitored computers. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Virtual Machines| +|**Solutions**| AzureResources, InfrastructureInsights, ServiceMap, VMInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [vmconnection](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/vmconnection-include.md)] diff --git a/articles/azure-monitor/reference/tables/vmprocess.md b/articles/azure-monitor/reference/tables/vmprocess.md new file mode 100644 index 0000000000..17c43cd0c8 --- /dev/null +++ b/articles/azure-monitor/reference/tables/vmprocess.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - VMProcess +description: Reference for VMProcess table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# VMProcess + +Process data for servers collected by the Service Map and VM Insights solutions using the Dependency agent and Log analytics agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Virtual Machines| +|**Solutions**| AzureResources, ServiceMap, VMInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [vmprocess](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/vmprocess-include.md)] diff --git a/articles/azure-monitor/reference/tables/w3ciislog.md b/articles/azure-monitor/reference/tables/w3ciislog.md new file mode 100644 index 0000000000..105c32dca3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/w3ciislog.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - W3CIISLog +description: Reference for W3CIISLog table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# W3CIISLog + +Internet Information Server (IIS) log on Windows computers using the Log Analytics agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|IT & Management Tools, Virtual Machines| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/w3ciislog)| + + + +## Columns + +[!INCLUDE [w3ciislog](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/w3ciislog-include.md)] diff --git a/articles/azure-monitor/reference/tables/waasdeploymentstatus.md b/articles/azure-monitor/reference/tables/waasdeploymentstatus.md new file mode 100644 index 0000000000..bf2ab88cf3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/waasdeploymentstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WaaSDeploymentStatus +description: Reference for WaaSDeploymentStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WaaSDeploymentStatus + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/waasdeploymentstatus)| + + + +## Columns + +[!INCLUDE [waasdeploymentstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/waasdeploymentstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/waasinsiderstatus.md b/articles/azure-monitor/reference/tables/waasinsiderstatus.md new file mode 100644 index 0000000000..6ef8877bc7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/waasinsiderstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WaaSInsiderStatus +description: Reference for WaaSInsiderStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WaaSInsiderStatus + +Summary of each run of your update schedule with details like how many updates were not installed etc. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [waasinsiderstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/waasinsiderstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/waasupdatestatus.md b/articles/azure-monitor/reference/tables/waasupdatestatus.md new file mode 100644 index 0000000000..cc43c916a7 --- /dev/null +++ b/articles/azure-monitor/reference/tables/waasupdatestatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WaaSUpdateStatus +description: Reference for WaaSUpdateStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WaaSUpdateStatus + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/waasupdatestatus)| + + + +## Columns + +[!INCLUDE [waasupdatestatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/waasupdatestatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/watchlist.md b/articles/azure-monitor/reference/tables/watchlist.md new file mode 100644 index 0000000000..0072868da3 --- /dev/null +++ b/articles/azure-monitor/reference/tables/watchlist.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Watchlist +description: Reference for Watchlist table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Watchlist + +Azure Sentinel Watchlist contains imported data from CSV files that can be used to join or filter as an alert/incident condition. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| SecurityInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/watchlist)| + + + +## Columns + +[!INCLUDE [watchlist](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/watchlist-include.md)] diff --git a/articles/azure-monitor/reference/tables/wdavstatus.md b/articles/azure-monitor/reference/tables/wdavstatus.md new file mode 100644 index 0000000000..9c6e83b12b --- /dev/null +++ b/articles/azure-monitor/reference/tables/wdavstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WDAVStatus +description: Reference for WDAVStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WDAVStatus + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wdavstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wdavstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/wdavthreat.md b/articles/azure-monitor/reference/tables/wdavthreat.md new file mode 100644 index 0000000000..0b7ad6ca3a --- /dev/null +++ b/articles/azure-monitor/reference/tables/wdavthreat.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WDAVThreat +description: Reference for WDAVThreat table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WDAVThreat + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wdavthreat](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wdavthreat-include.md)] diff --git a/articles/azure-monitor/reference/tables/webpubsubconnectivity.md b/articles/azure-monitor/reference/tables/webpubsubconnectivity.md new file mode 100644 index 0000000000..c5da803d85 --- /dev/null +++ b/articles/azure-monitor/reference/tables/webpubsubconnectivity.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WebPubSubConnectivity +description: Reference for WebPubSubConnectivity table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WebPubSubConnectivity + +Connectivity logs provide detailed information for Azure Web PubSub hub connections. For example, basic information (user ID, connection ID, and so on) and event information (connect, disconnect, and abort event, and so on) and can be used to troubleshoot connection-related issues. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.signalrservice/webpubsub| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [webpubsubconnectivity](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/webpubsubconnectivity-include.md)] diff --git a/articles/azure-monitor/reference/tables/webpubsubhttprequest.md b/articles/azure-monitor/reference/tables/webpubsubhttprequest.md new file mode 100644 index 0000000000..6cfc0e503b --- /dev/null +++ b/articles/azure-monitor/reference/tables/webpubsubhttprequest.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WebPubSubHttpRequest +description: Reference for WebPubSubHttpRequest table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WebPubSubHttpRequest + +Http request logs provide detailed information for the http requests received by Azure Web PubSub. For example, status code and url of the request and is helpful to troubleshoot request-related issues. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.signalrservice/webpubsub| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [webpubsubhttprequest](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/webpubsubhttprequest-include.md)] diff --git a/articles/azure-monitor/reference/tables/webpubsubmessaging.md b/articles/azure-monitor/reference/tables/webpubsubmessaging.md new file mode 100644 index 0000000000..09c8c6b4e4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/webpubsubmessaging.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WebPubSubMessaging +description: Reference for WebPubSubMessaging table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WebPubSubMessaging + +Messaging logs provide tracing information for the Azure Web PubSub hub messages received and sent via Azure Web PubSub service. For example, tracing ID and message type of the message. Typically the message is recorded when it arrives at or leaves from service and is helpful for troubleshooting message-related issues. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.signalrservice/webpubsub| +|**Categories**|Azure Resources| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [webpubsubmessaging](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/webpubsubmessaging-include.md)] diff --git a/articles/azure-monitor/reference/tables/windows365auditlogs.md b/articles/azure-monitor/reference/tables/windows365auditlogs.md new file mode 100644 index 0000000000..d761630e2f --- /dev/null +++ b/articles/azure-monitor/reference/tables/windows365auditlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - Windows365AuditLogs +description: Reference for Windows365AuditLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# Windows365AuditLogs + +Windows365 Audit Logs. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.intune/operations| +|**Categories**|Audit| +|**Solutions**| LogManagement| +|**Basic log**|Yes| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [windows365auditlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/windows365auditlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/windowsclientassessmentrecommendation.md b/articles/azure-monitor/reference/tables/windowsclientassessmentrecommendation.md new file mode 100644 index 0000000000..692e09b96b --- /dev/null +++ b/articles/azure-monitor/reference/tables/windowsclientassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WindowsClientAssessmentRecommendation +description: Reference for WindowsClientAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WindowsClientAssessmentRecommendation + +Recommendations generated by Windows Client assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, WindowsClientAssessmentPlus| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [windowsclientassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/windowsclientassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/windowsevent.md b/articles/azure-monitor/reference/tables/windowsevent.md new file mode 100644 index 0000000000..73a4b1c46c --- /dev/null +++ b/articles/azure-monitor/reference/tables/windowsevent.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WindowsEvent +description: Reference for WindowsEvent table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WindowsEvent + +Windows events which are collected and sent by the agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Security| +|**Solutions**| CustomizedWindowsEventsFiltering, InternalWindowsEvent, SecurityInsights, WEFInternalUat, WEF_10x, WEF_10xDSRE, WinLog, WindowsEventForwarding| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/windowsevent)| + + + +## Columns + +[!INCLUDE [windowsevent](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/windowsevent-include.md)] diff --git a/articles/azure-monitor/reference/tables/windowsfirewall.md b/articles/azure-monitor/reference/tables/windowsfirewall.md new file mode 100644 index 0000000000..ffef51c36d --- /dev/null +++ b/articles/azure-monitor/reference/tables/windowsfirewall.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WindowsFirewall +description: Reference for WindowsFirewall table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WindowsFirewall + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Security| +|**Solutions**| Security, WindowsFirewall| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [windowsfirewall](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/windowsfirewall-include.md)] diff --git a/articles/azure-monitor/reference/tables/windowsserverassessmentrecommendation.md b/articles/azure-monitor/reference/tables/windowsserverassessmentrecommendation.md new file mode 100644 index 0000000000..68d18727ce --- /dev/null +++ b/articles/azure-monitor/reference/tables/windowsserverassessmentrecommendation.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WindowsServerAssessmentRecommendation +description: Reference for WindowsServerAssessmentRecommendation table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WindowsServerAssessmentRecommendation + +Recommendations generated by Windows Server assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| AzureResources, WindowsServerAssessment| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [windowsserverassessmentrecommendation](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/windowsserverassessmentrecommendation-include.md)] diff --git a/articles/azure-monitor/reference/tables/wiredata.md b/articles/azure-monitor/reference/tables/wiredata.md new file mode 100644 index 0000000000..74035e1746 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wiredata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WireData +description: Reference for WireData table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WireData + +Network data collected by the WireData solution using by the Dependency agent and Log analytics agent. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.compute/virtualmachines,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets| +|**Categories**|Virtual Machines, Security| +|**Solutions**| WireData, WireData2| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/wiredata)| + + + +## Columns + +[!INCLUDE [wiredata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wiredata-include.md)] diff --git a/articles/azure-monitor/reference/tables/workloaddiagnosticlogs.md b/articles/azure-monitor/reference/tables/workloaddiagnosticlogs.md new file mode 100644 index 0000000000..4a1288ec13 --- /dev/null +++ b/articles/azure-monitor/reference/tables/workloaddiagnosticlogs.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WorkloadDiagnosticLogs +description: Reference for WorkloadDiagnosticLogs table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WorkloadDiagnosticLogs + +Diagnostic logs from the Workload Monitoring data collection services running on the Monitoring VM. Includes logs from wli and ms-telegraf services. Used to troubleshoot configuration or data collection issues. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads, Azure Monitor| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/workloaddiagnosticlogs)| + + + +## Columns + +[!INCLUDE [workloaddiagnosticlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/workloaddiagnosticlogs-include.md)] diff --git a/articles/azure-monitor/reference/tables/workloadmonitoringperf.md b/articles/azure-monitor/reference/tables/workloadmonitoringperf.md new file mode 100644 index 0000000000..28e5ad54fe --- /dev/null +++ b/articles/azure-monitor/reference/tables/workloadmonitoringperf.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WorkloadMonitoringPerf +description: Reference for WorkloadMonitoringPerf table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WorkloadMonitoringPerf + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Workloads| +|**Solutions**| InfrastructureInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [workloadmonitoringperf](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/workloadmonitoringperf-include.md)] diff --git a/articles/azure-monitor/reference/tables/wudoaggregatedstatus.md b/articles/azure-monitor/reference/tables/wudoaggregatedstatus.md new file mode 100644 index 0000000000..d5839e4b49 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wudoaggregatedstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WUDOAggregatedStatus +description: Reference for WUDOAggregatedStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WUDOAggregatedStatus + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wudoaggregatedstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wudoaggregatedstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/wudostatus.md b/articles/azure-monitor/reference/tables/wudostatus.md new file mode 100644 index 0000000000..048c31159e --- /dev/null +++ b/articles/azure-monitor/reference/tables/wudostatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WUDOStatus +description: Reference for WUDOStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WUDOStatus + + + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|-| +|**Categories**|Desktop Analytics| +|**Solutions**| WaaSUpdateInsights| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wudostatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wudostatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdagenthealthstatus.md b/articles/azure-monitor/reference/tables/wvdagenthealthstatus.md new file mode 100644 index 0000000000..5c7bab29b2 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdagenthealthstatus.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDAgentHealthStatus +description: Reference for WVDAgentHealthStatus table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDAgentHealthStatus + +Azure Virtual Desktop agent health status. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Virtual Machines| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/wvdagenthealthstatus)| + + + +## Columns + +[!INCLUDE [wvdagenthealthstatus](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdagenthealthstatus-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdautoscaleevaluationpooled.md b/articles/azure-monitor/reference/tables/wvdautoscaleevaluationpooled.md new file mode 100644 index 0000000000..5d4f7b10aa --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdautoscaleevaluationpooled.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDAutoscaleEvaluationPooled +description: Reference for WVDAutoscaleEvaluationPooled table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDAutoscaleEvaluationPooled + +The results of an Azure Virtual Desktop Autoscale scaling plan evaluation on a hostpool. This includes information on the actions Autoscale took on the sessions hosts, such as starting or deallocating them, and why it took those actions. The column names that start with 'Config' contain the scaling plan configuration values for the current Autoscale schedule phase. If the ResultType column value is 'Failed' then join to the WVDErrors table using the CorrelationId column to get more details. For Autoscale documentation see https://go.microsoft.com/fwlink/?linkid=2169532 . + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wvdautoscaleevaluationpooled](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdautoscaleevaluationpooled-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdcheckpoints.md b/articles/azure-monitor/reference/tables/wvdcheckpoints.md new file mode 100644 index 0000000000..451f0e7c4e --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdcheckpoints.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDCheckpoints +description: Reference for WVDCheckpoints table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDCheckpoints + +Windows Virtual Desktop Checkpoint Activity + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/wvdcheckpoints)| + + + +## Columns + +[!INCLUDE [wvdcheckpoints](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdcheckpoints-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdconnectiongraphicsdatapreview.md b/articles/azure-monitor/reference/tables/wvdconnectiongraphicsdatapreview.md new file mode 100644 index 0000000000..a0389ea28e --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdconnectiongraphicsdatapreview.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDConnectionGraphicsDataPreview +description: Reference for WVDConnectionGraphicsDataPreview table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDConnectionGraphicsDataPreview + +Windows Virtual Desktop connection graphics data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wvdconnectiongraphicsdatapreview](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdconnectiongraphicsdatapreview-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdconnectionnetworkdata.md b/articles/azure-monitor/reference/tables/wvdconnectionnetworkdata.md new file mode 100644 index 0000000000..a5308b6ff9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdconnectionnetworkdata.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDConnectionNetworkData +description: Reference for WVDConnectionNetworkData table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDConnectionNetworkData + +Windows Virtual Desktop connection network data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/wvdconnectionnetworkdata)| + + + +## Columns + +[!INCLUDE [wvdconnectionnetworkdata](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdconnectionnetworkdata-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdconnections.md b/articles/azure-monitor/reference/tables/wvdconnections.md new file mode 100644 index 0000000000..d0b14a1ec9 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdconnections.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDConnections +description: Reference for WVDConnections table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDConnections + +Windows Virtual Desktop Connection Activity. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/wvdconnections)| + + + +## Columns + +[!INCLUDE [wvdconnections](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdconnections-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvderrors.md b/articles/azure-monitor/reference/tables/wvderrors.md new file mode 100644 index 0000000000..0c2fceadd4 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvderrors.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDErrors +description: Reference for WVDErrors table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDErrors + +Windows Virtual Desktop Error Activity + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/wvderrors)| + + + +## Columns + +[!INCLUDE [wvderrors](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvderrors-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdfeeds.md b/articles/azure-monitor/reference/tables/wvdfeeds.md new file mode 100644 index 0000000000..742d58481a --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdfeeds.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDFeeds +description: Reference for WVDFeeds table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDFeeds + +Windows Virtual Desktop Feed Activity + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/workspaces| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wvdfeeds](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdfeeds-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdhostregistrations.md b/articles/azure-monitor/reference/tables/wvdhostregistrations.md new file mode 100644 index 0000000000..dc7dad58bd --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdhostregistrations.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDHostRegistrations +description: Reference for WVDHostRegistrations table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDHostRegistrations + +Windows Virtual Desktop Host Registration Activity + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wvdhostregistrations](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdhostregistrations-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdmanagement.md b/articles/azure-monitor/reference/tables/wvdmanagement.md new file mode 100644 index 0000000000..8edb33e2ff --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdmanagement.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDManagement +description: Reference for WVDManagement table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDManagement + +Windows Virtual Desktop Management Activity + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|Yes| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wvdmanagement](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdmanagement-include.md)] diff --git a/articles/azure-monitor/reference/tables/wvdsessionhostmanagement.md b/articles/azure-monitor/reference/tables/wvdsessionhostmanagement.md new file mode 100644 index 0000000000..c2e276b387 --- /dev/null +++ b/articles/azure-monitor/reference/tables/wvdsessionhostmanagement.md @@ -0,0 +1,32 @@ +--- +title: Azure Monitor Logs reference - WVDSessionHostManagement +description: Reference for WVDSessionHostManagement table in Azure Monitor Logs. +ms.topic: reference +ms.service: azure-monitor +ms.subservice: logs +ms.author: orens +author: osalzberg +ms.date: 09/16/2024 +--- + +# WVDSessionHostManagement + +Windows Virtual Desktop session host management data. + + +## Table attributes + +|Attribute|Value| +|---|---| +|**Resource types**|microsoft.desktopvirtualization/hostpools| +|**Categories**|Azure Virtual Desktop| +|**Solutions**| LogManagement| +|**Basic log**|No| +|**Ingestion-time transformation**|No| +|**Sample Queries**|-| + + + +## Columns + +[!INCLUDE [wvdsessionhostmanagement](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/wvdsessionhostmanagement-include.md)] diff --git a/articles/azure-monitor/reference/toc.yml b/articles/azure-monitor/reference/toc.yml index e4826c9eaa..72f7ecc348 100644 --- a/articles/azure-monitor/reference/toc.yml +++ b/articles/azure-monitor/reference/toc.yml @@ -1147,3 +1147,2206 @@ items: - name: NGINX.NGINXPLUS/nginxDeployments href: supported-logs/nginx-nginxplus-nginxdeployments-logs.md displayName: NGINX Logs,NGINX Security Logs + - name: Azure Monitor Log Analytics tables + href: ./tables-index.md + items: + - name: Log Analytics tables by category + href: ./tables-category.md + - name: Log Analytics tables by resource type + expanded: false + items: + - name: microsoft.aad/domainservices + href: tables/microsoft-aad_domainservices.md + - name: microsoft.aadiam/tenants + href: tables/microsoft-aadiam_tenants.md + - name: microsoft.agfoodplatform/farmbeats + href: tables/microsoft-agfoodplatform_farmbeats.md + - name: microsoft.analysisservices/servers + href: tables/microsoft-analysisservices_servers.md + - name: microsoft.apimanagement/service + href: tables/microsoft-apimanagement_service.md + - name: microsoft.app/managedenvironments + href: tables/microsoft-app_managedenvironments.md + - name: microsoft.appconfiguration/configurationstores + href: tables/microsoft-appconfiguration_configurationstores.md + - name: microsoft.appplatform/spring + href: tables/microsoft-appplatform_spring.md + - name: microsoft.attestation/attestationproviders + href: tables/microsoft-attestation_attestationproviders.md + - name: microsoft.automation/automationaccounts + href: tables/microsoft-automation_automationaccounts.md + - name: microsoft.autonomousdevelopmentplatform/workspaces + href: tables/microsoft-autonomousdevelopmentplatform_workspaces.md + - name: microsoft.avs/privateclouds + href: tables/microsoft-avs_privateclouds.md + - name: microsoft.azuredatatransfer/connections + href: tables/microsoft-azuredatatransfer_connections.md + - name: microsoft.azureplaywrightservice/accounts + href: tables/microsoft-azureplaywrightservice_accounts.md + - name: microsoft.azuresphere/catalogs + href: tables/microsoft-azuresphere_catalogs.md + - name: microsoft.azurestackhci/clusters + href: tables/microsoft-azurestackhci_clusters.md + - name: microsoft.azurestackhci/virtualmachines + href: tables/microsoft-azurestackhci_virtualmachines.md + - name: microsoft.batch/batchaccounts + href: tables/microsoft-batch_batchaccounts.md + - name: microsoft.blockchain/blockchainmembers + href: tables/microsoft-blockchain_blockchainmembers.md + - name: microsoft.botservice/botservices + href: tables/microsoft-botservice_botservices.md + - name: microsoft.cache/redis + href: tables/microsoft-cache_redis.md + - name: microsoft.cache/redisenterprise + href: tables/microsoft-cache_redisenterprise.md + - name: microsoft.cdn/profiles + href: tables/microsoft-cdn_profiles.md + - name: microsoft.chaos/experiments + href: tables/microsoft-chaos_experiments.md + - name: microsoft.cognitiveservices/accounts + href: tables/microsoft-cognitiveservices_accounts.md + - name: microsoft.communication/communicationservices + href: tables/microsoft-communication_communicationservices.md + - name: microsoft.compute/virtualmachines + href: tables/microsoft-compute_virtualmachines.md + - name: microsoft.compute/virtualmachinescalesets + href: tables/microsoft-compute_virtualmachinescalesets.md + - name: microsoft.conenctedvmwarevsphere/virtualmachines + href: tables/microsoft-conenctedvmwarevsphere_virtualmachines.md + - name: microsoft.confidentialledger/managedccfs + href: tables/microsoft-confidentialledger_managedccfs.md + - name: microsoft.connectedcache/cachenodes + href: tables/microsoft-connectedcache_cachenodes.md + - name: microsoft.connectedvehicle/platformaccounts + href: tables/microsoft-connectedvehicle_platformaccounts.md + - name: microsoft.containerinstance/containergroups + href: tables/microsoft-containerinstance_containergroups.md + - name: microsoft.containerregistry/registries + href: tables/microsoft-containerregistry_registries.md + - name: microsoft.containerservice/managedclusters + href: tables/microsoft-containerservice_managedclusters.md + - name: microsoft.d365customerinsights/instances + href: tables/microsoft-d365customerinsights_instances.md + - name: microsoft.dashboard/grafana + href: tables/microsoft-dashboard_grafana.md + - name: microsoft.databricks/workspaces + href: tables/microsoft-databricks_workspaces.md + - name: microsoft.datacollaboration/workspaces + href: tables/microsoft-datacollaboration_workspaces.md + - name: microsoft.datafactory/factories + href: tables/microsoft-datafactory_factories.md + - name: microsoft.datalakeanalytics/accounts + href: tables/microsoft-datalakeanalytics_accounts.md + - name: microsoft.datalakestore/accounts + href: tables/microsoft-datalakestore_accounts.md + - name: microsoft.datashare/accounts + href: tables/microsoft-datashare_accounts.md + - name: microsoft.dbformariadb/servers + href: tables/microsoft-dbformariadb_servers.md + - name: microsoft.dbformysql/flexibleservers + href: tables/microsoft-dbformysql_flexibleservers.md + - name: microsoft.dbformysql/servers + href: tables/microsoft-dbformysql_servers.md + - name: microsoft.dbforpostgresql/flexibleservers + href: tables/microsoft-dbforpostgresql_flexibleservers.md + - name: microsoft.dbforpostgresql/servergroupsv2 + href: tables/microsoft-dbforpostgresql_servergroupsv2.md + - name: microsoft.dbforpostgresql/servers + href: tables/microsoft-dbforpostgresql_servers.md + - name: microsoft.dbforpostgresql/serversv2 + href: tables/microsoft-dbforpostgresql_serversv2.md + - name: microsoft.desktopvirtualization/applicationgroups + href: tables/microsoft-desktopvirtualization_applicationgroups.md + - name: microsoft.desktopvirtualization/hostpools + href: tables/microsoft-desktopvirtualization_hostpools.md + - name: microsoft.desktopvirtualization/workspaces + href: tables/microsoft-desktopvirtualization_workspaces.md + - name: microsoft.devcenter/devcenters + href: tables/microsoft-devcenter_devcenters.md + - name: microsoft.devices/iothubs + href: tables/microsoft-devices_iothubs.md + - name: microsoft.devices/provisioningservices + href: tables/microsoft-devices_provisioningservices.md + - name: microsoft.digitaltwins/digitaltwinsinstances + href: tables/microsoft-digitaltwins_digitaltwinsinstances.md + - name: microsoft.documentdb/cassandraclusters + href: tables/microsoft-documentdb_cassandraclusters.md + - name: microsoft.documentdb/databaseaccounts + href: tables/microsoft-documentdb_databaseaccounts.md + - name: microsoft.documentdb/mongoclusters + href: tables/microsoft-documentdb_mongoclusters.md + - name: microsoft.eventgrid/domains + href: tables/microsoft-eventgrid_domains.md + - name: microsoft.eventgrid/namespaces + href: tables/microsoft-eventgrid_namespaces.md + - name: microsoft.eventgrid/partnernamespaces + href: tables/microsoft-eventgrid_partnernamespaces.md + - name: microsoft.eventgrid/partnertopics + href: tables/microsoft-eventgrid_partnertopics.md + - name: microsoft.eventgrid/systemtopics + href: tables/microsoft-eventgrid_systemtopics.md + - name: microsoft.eventgrid/topics + href: tables/microsoft-eventgrid_topics.md + - name: microsoft.eventhub/namespaces + href: tables/microsoft-eventhub_namespaces.md + - name: microsoft.experimentation/experimentworkspaces + href: tables/microsoft-experimentation_experimentworkspaces.md + - name: microsoft.graph/tenants + href: tables/microsoft-graph_tenants.md + - name: microsoft.hardwaresecuritymodules/cloudhsmclusters + href: tables/microsoft-hardwaresecuritymodules_cloudhsmclusters.md + - name: microsoft.hdinsight/clusters + href: tables/microsoft-hdinsight_clusters.md + - name: microsoft.healthcareapis/services + href: tables/microsoft-healthcareapis_services.md + - name: microsoft.healthcareapis/workspaces + href: tables/microsoft-healthcareapis_workspaces.md + - name: microsoft.healthdataaiservices/deidservices + href: tables/microsoft-healthdataaiservices_deidservices.md + - name: microsoft.hybridcontainerservice/provisionedclusters + href: tables/microsoft-hybridcontainerservice_provisionedclusters.md + - name: microsoft.insights/autoscalesettings + href: tables/microsoft-insights_autoscalesettings.md + - name: microsoft.insights/components + href: tables/microsoft-insights_components.md + - name: microsoft.insights/datacollectionrules + href: tables/microsoft-insights_datacollectionrules.md + - name: microsoft.insights/workloadmonitoring + href: tables/microsoft-insights_workloadmonitoring.md + - name: microsoft.intune/operations + href: tables/microsoft-intune_operations.md + - name: microsoft.keyvault/vaults + href: tables/microsoft-keyvault_vaults.md + - name: microsoft.kubernetes/connectedclusters + href: tables/microsoft-kubernetes_connectedclusters.md + - name: microsoft.kusto/clusters + href: tables/microsoft-kusto_clusters.md + - name: microsoft.loadtestservice/loadtests + href: tables/microsoft-loadtestservice_loadtests.md + - name: microsoft.logic/integrationaccounts + href: tables/microsoft-logic_integrationaccounts.md + - name: microsoft.logic/workflows + href: tables/microsoft-logic_workflows.md + - name: microsoft.machinelearningservices/registries + href: tables/microsoft-machinelearningservices_registries.md + - name: microsoft.machinelearningservices/workspaces + href: tables/microsoft-machinelearningservices_workspaces.md + - name: microsoft.managednetworkfabric/networkdevices + href: tables/microsoft-managednetworkfabric_networkdevices.md + - name: microsoft.media/mediaservices + href: tables/microsoft-media_mediaservices.md + - name: microsoft.monitor/accounts + href: tables/microsoft-monitor_accounts.md + - name: microsoft.network/applicationgateways + href: tables/microsoft-network_applicationgateways.md + - name: microsoft.network/azurefirewalls + href: tables/microsoft-network_azurefirewalls.md + - name: microsoft.network/bastionhosts + href: tables/microsoft-network_bastionhosts.md + - name: microsoft.network/dnsresolverpolicies + href: tables/microsoft-network_dnsresolverpolicies.md + - name: microsoft.network/expressroutecircuits + href: tables/microsoft-network_expressroutecircuits.md + - name: microsoft.network/frontdoors + href: tables/microsoft-network_frontdoors.md + - name: microsoft.network/loadbalancers + href: tables/microsoft-network_loadbalancers.md + - name: microsoft.network/networkinterfaces + href: tables/microsoft-network_networkinterfaces.md + - name: microsoft.network/networkmanagers + href: tables/microsoft-network_networkmanagers.md + - name: microsoft.network/networksecuritygroups + href: tables/microsoft-network_networksecuritygroups.md + - name: microsoft.network/networksecurityperimeters + href: tables/microsoft-network_networksecurityperimeters.md + - name: microsoft.network/networkwatchers/connectionmonitors + href: tables/microsoft-network_networkwatchers_connectionmonitors.md + - name: microsoft.network/publicipaddresses + href: tables/microsoft-network_publicipaddresses.md + - name: microsoft.network/trafficmanagerprofiles + href: tables/microsoft-network_trafficmanagerprofiles.md + - name: microsoft.network/virtualnetworkgateways + href: tables/microsoft-network_virtualnetworkgateways.md + - name: microsoft.network/virtualnetworks + href: tables/microsoft-network_virtualnetworks.md + - name: microsoft.network/vpngateways + href: tables/microsoft-network_vpngateways.md + - name: microsoft.networkanalytics/dataproducts + href: tables/microsoft-networkanalytics_dataproducts.md + - name: microsoft.networkcloud/baremetalmachines + href: tables/microsoft-networkcloud_baremetalmachines.md + - name: microsoft.networkcloud/clustermanagers + href: tables/microsoft-networkcloud_clustermanagers.md + - name: microsoft.networkcloud/clusters + href: tables/microsoft-networkcloud_clusters.md + - name: microsoft.networkcloud/storageappliances + href: tables/microsoft-networkcloud_storageappliances.md + - name: microsoft.networkfunction/azuretrafficcollectors + href: tables/microsoft-networkfunction_azuretrafficcollectors.md + - name: microsoft.openenergyplatform/energyservices + href: tables/microsoft-openenergyplatform_energyservices.md + - name: microsoft.openlogisticsplatform/workspaces + href: tables/microsoft-openlogisticsplatform_workspaces.md + - name: microsoft.operationalinsights/workspaces + href: tables/microsoft-operationalinsights_workspaces.md + - name: microsoft.playfab/titles + href: tables/microsoft-playfab_titles.md + - name: microsoft.powerbi/tenants + href: tables/microsoft-powerbi_tenants.md + - name: microsoft.powerbi/tenants/workspaces + href: tables/microsoft-powerbi_tenants_workspaces.md + - name: microsoft.powerbidedicated/capacities + href: tables/microsoft-powerbidedicated_capacities.md + - name: microsoft.purview/accounts + href: tables/microsoft-purview_accounts.md + - name: microsoft.recoveryservices/vaults + href: tables/microsoft-recoveryservices_vaults.md + - name: microsoft.relay/namespaces + href: tables/microsoft-relay_namespaces.md + - name: microsoft.scvmm/virtualmachines + href: tables/microsoft-scvmm_virtualmachines.md + - name: microsoft.search/searchservices + href: tables/microsoft-search_searchservices.md + - name: microsoft.security/defenderforstoragesettings + href: tables/microsoft-security_defenderforstoragesettings.md + - name: microsoft.security/security + href: tables/microsoft-security_security.md + - name: microsoft.servicebus/namespaces + href: tables/microsoft-servicebus_namespaces.md + - name: microsoft.servicefabric/clusters + href: tables/microsoft-servicefabric_clusters.md + - name: microsoft.servicenetworking/trafficcontrollers + href: tables/microsoft-servicenetworking_trafficcontrollers.md + - name: microsoft.signalrservice/signalr + href: tables/microsoft-signalrservice_signalr.md + - name: microsoft.signalrservice/webpubsub + href: tables/microsoft-signalrservice_webpubsub.md + - name: microsoft.sql/managedinstances + href: tables/microsoft-sql_managedinstances.md + - name: microsoft.sql/servers + href: tables/microsoft-sql_servers.md + - name: microsoft.sql/servers/databases + href: tables/microsoft-sql_servers_databases.md + - name: microsoft.storage/storageaccounts + href: tables/microsoft-storage_storageaccounts.md + - name: microsoft.storagecache/amlfilesytems + href: tables/microsoft-storagecache_amlfilesytems.md + - name: microsoft.storagecache/caches + href: tables/microsoft-storagecache_caches.md + - name: microsoft.storagemover/storagemovers + href: tables/microsoft-storagemover_storagemovers.md + - name: microsoft.streamanalytics/streamingjobs + href: tables/microsoft-streamanalytics_streamingjobs.md + - name: microsoft.synapse/workspaces + href: tables/microsoft-synapse_workspaces.md + - name: microsoft.timeseriesinsights/environments + href: tables/microsoft-timeseriesinsights_environments.md + - name: microsoft.videoindexer/accounts + href: tables/microsoft-videoindexer_accounts.md + - name: microsoft.web/sites + href: tables/microsoft-web_sites.md + - name: microsoft.workloadmonitor/monitors + href: tables/microsoft-workloadmonitor_monitors.md + - name: nginx.nginxplus/nginxdeployments + href: tables/nginx-nginxplus_nginxdeployments.md + - name: Log Analytics tables by table name + expanded: false + items: + - name: AACAudit + href: tables/aacaudit.md + - name: AACHttpRequest + href: tables/aachttprequest.md + - name: AADB2CRequestLogs + href: tables/aadb2crequestlogs.md + - name: AADCustomSecurityAttributeAuditLogs + href: tables/aadcustomsecurityattributeauditlogs.md + - name: AADDomainServicesAccountLogon + href: tables/aaddomainservicesaccountlogon.md + - name: AADDomainServicesAccountManagement + href: tables/aaddomainservicesaccountmanagement.md + - name: AADDomainServicesDNSAuditsDynamicUpdates + href: tables/aaddomainservicesdnsauditsdynamicupdates.md + - name: AADDomainServicesDNSAuditsGeneral + href: tables/aaddomainservicesdnsauditsgeneral.md + - name: AADDomainServicesDirectoryServiceAccess + href: tables/aaddomainservicesdirectoryserviceaccess.md + - name: AADDomainServicesLogonLogoff + href: tables/aaddomainserviceslogonlogoff.md + - name: AADDomainServicesPolicyChange + href: tables/aaddomainservicespolicychange.md + - name: AADDomainServicesPrivilegeUse + href: tables/aaddomainservicesprivilegeuse.md + - name: AADManagedIdentitySignInLogs + href: tables/aadmanagedidentitysigninlogs.md + - name: AADNonInteractiveUserSignInLogs + href: tables/aadnoninteractiveusersigninlogs.md + - name: AADProvisioningLogs + href: tables/aadprovisioninglogs.md + - name: AADRiskyServicePrincipals + href: tables/aadriskyserviceprincipals.md + - name: AADRiskyUsers + href: tables/aadriskyusers.md + - name: AADServicePrincipalRiskEvents + href: tables/aadserviceprincipalriskevents.md + - name: AADServicePrincipalSignInLogs + href: tables/aadserviceprincipalsigninlogs.md + - name: AADUserRiskEvents + href: tables/aaduserriskevents.md + - name: ABSBotRequests + href: tables/absbotrequests.md + - name: ABSChannelToBotRequests + href: tables/abschanneltobotrequests.md + - name: ABSDependenciesRequests + href: tables/absdependenciesrequests.md + - name: ACICollaborationAudit + href: tables/acicollaborationaudit.md + - name: ACRConnectedClientList + href: tables/acrconnectedclientlist.md + - name: ACREntraAuthenticationAuditLog + href: tables/acrentraauthenticationauditlog.md + - name: ACSAdvancedMessagingOperations + href: tables/acsadvancedmessagingoperations.md + - name: ACSAuthIncomingOperations + href: tables/acsauthincomingoperations.md + - name: ACSBillingUsage + href: tables/acsbillingusage.md + - name: ACSCallAutomationIncomingOperations + href: tables/acscallautomationincomingoperations.md + - name: ACSCallAutomationMediaSummary + href: tables/acscallautomationmediasummary.md + - name: ACSCallClientMediaStatsTimeSeries + href: tables/acscallclientmediastatstimeseries.md + - name: ACSCallClientOperations + href: tables/acscallclientoperations.md + - name: ACSCallClosedCaptionsSummary + href: tables/acscallclosedcaptionssummary.md + - name: ACSCallDiagnostics + href: tables/acscalldiagnostics.md + - name: ACSCallRecordingIncomingOperations + href: tables/acscallrecordingincomingoperations.md + - name: ACSCallRecordingSummary + href: tables/acscallrecordingsummary.md + - name: ACSCallSummary + href: tables/acscallsummary.md + - name: ACSCallSurvey + href: tables/acscallsurvey.md + - name: ACSChatIncomingOperations + href: tables/acschatincomingoperations.md + - name: ACSEmailSendMailOperational + href: tables/acsemailsendmailoperational.md + - name: ACSEmailStatusUpdateOperational + href: tables/acsemailstatusupdateoperational.md + - name: ACSEmailUserEngagementOperational + href: tables/acsemailuserengagementoperational.md + - name: ACSJobRouterIncomingOperations + href: tables/acsjobrouterincomingoperations.md + - name: ACSRoomsIncomingOperations + href: tables/acsroomsincomingoperations.md + - name: ACSSMSIncomingOperations + href: tables/acssmsincomingoperations.md + - name: ADAssessmentRecommendation + href: tables/adassessmentrecommendation.md + - name: ADFActivityRun + href: tables/adfactivityrun.md + - name: ADFAirflowSchedulerLogs + href: tables/adfairflowschedulerlogs.md + - name: ADFAirflowTaskLogs + href: tables/adfairflowtasklogs.md + - name: ADFAirflowWebLogs + href: tables/adfairflowweblogs.md + - name: ADFAirflowWorkerLogs + href: tables/adfairflowworkerlogs.md + - name: ADFPipelineRun + href: tables/adfpipelinerun.md + - name: ADFSSISIntegrationRuntimeLogs + href: tables/adfssisintegrationruntimelogs.md + - name: ADFSSISPackageEventMessageContext + href: tables/adfssispackageeventmessagecontext.md + - name: ADFSSISPackageEventMessages + href: tables/adfssispackageeventmessages.md + - name: ADFSSISPackageExecutableStatistics + href: tables/adfssispackageexecutablestatistics.md + - name: ADFSSISPackageExecutionComponentPhases + href: tables/adfssispackageexecutioncomponentphases.md + - name: ADFSSISPackageExecutionDataStatistics + href: tables/adfssispackageexecutiondatastatistics.md + - name: ADFSSignInLogs + href: tables/adfssigninlogs.md + - name: ADFSandboxActivityRun + href: tables/adfsandboxactivityrun.md + - name: ADFSandboxPipelineRun + href: tables/adfsandboxpipelinerun.md + - name: ADFTriggerRun + href: tables/adftriggerrun.md + - name: ADPAudit + href: tables/adpaudit.md + - name: ADPDiagnostics + href: tables/adpdiagnostics.md + - name: ADPRequests + href: tables/adprequests.md + - name: ADReplicationResult + href: tables/adreplicationresult.md + - name: ADSecurityAssessmentRecommendation + href: tables/adsecurityassessmentrecommendation.md + - name: ADTDataHistoryOperation + href: tables/adtdatahistoryoperation.md + - name: ADTDigitalTwinsOperation + href: tables/adtdigitaltwinsoperation.md + - name: ADTEventRoutesOperation + href: tables/adteventroutesoperation.md + - name: ADTModelsOperation + href: tables/adtmodelsoperation.md + - name: ADTQueryOperation + href: tables/adtqueryoperation.md + - name: ADXCommand + href: tables/adxcommand.md + - name: ADXDataOperation + href: tables/adxdataoperation.md + - name: ADXIngestionBatching + href: tables/adxingestionbatching.md + - name: ADXJournal + href: tables/adxjournal.md + - name: ADXQuery + href: tables/adxquery.md + - name: ADXTableDetails + href: tables/adxtabledetails.md + - name: ADXTableUsageStatistics + href: tables/adxtableusagestatistics.md + - name: AEWAssignmentBlobLogs + href: tables/aewassignmentbloblogs.md + - name: AEWAuditLogs + href: tables/aewauditlogs.md + - name: AEWComputePipelinesLogs + href: tables/aewcomputepipelineslogs.md + - name: AFSAuditLogs + href: tables/afsauditlogs.md + - name: AGCAccessLogs + href: tables/agcaccesslogs.md + - name: AGSGrafanaLoginEvents + href: tables/agsgrafanaloginevents.md + - name: AGWAccessLogs + href: tables/agwaccesslogs.md + - name: AGWFirewallLogs + href: tables/agwfirewalllogs.md + - name: AGWPerformanceLogs + href: tables/agwperformancelogs.md + - name: AHDSDeidAuditLogs + href: tables/ahdsdeidauditlogs.md + - name: AHDSDicomAuditLogs + href: tables/ahdsdicomauditlogs.md + - name: AHDSDicomDiagnosticLogs + href: tables/ahdsdicomdiagnosticlogs.md + - name: AHDSMedTechDiagnosticLogs + href: tables/ahdsmedtechdiagnosticlogs.md + - name: AKSAudit + href: tables/aksaudit.md + - name: AKSAuditAdmin + href: tables/aksauditadmin.md + - name: AKSControlPlane + href: tables/akscontrolplane.md + - name: ALBHealthEvent + href: tables/albhealthevent.md + - name: AMSKeyDeliveryRequests + href: tables/amskeydeliveryrequests.md + - name: AMSLiveEventOperations + href: tables/amsliveeventoperations.md + - name: AMSMediaAccountHealth + href: tables/amsmediaaccounthealth.md + - name: AMSStreamingEndpointRequests + href: tables/amsstreamingendpointrequests.md + - name: AMWMetricsUsageDetails + href: tables/amwmetricsusagedetails.md + - name: AOIDatabaseQuery + href: tables/aoidatabasequery.md + - name: AOIDigestion + href: tables/aoidigestion.md + - name: AOIStorage + href: tables/aoistorage.md + - name: APIMDevPortalAuditDiagnosticLog + href: tables/apimdevportalauditdiagnosticlog.md + - name: ASCAuditLogs + href: tables/ascauditlogs.md + - name: ASCDeviceEvents + href: tables/ascdeviceevents.md + - name: ASRJobs + href: tables/asrjobs.md + - name: ASRReplicatedItems + href: tables/asrreplicateditems.md + - name: ATCExpressRouteCircuitIpfix + href: tables/atcexpressroutecircuitipfix.md + - name: ATCPrivatePeeringMetadata + href: tables/atcprivatepeeringmetadata.md + - name: AUIEventsAudit + href: tables/auieventsaudit.md + - name: AUIEventsOperational + href: tables/auieventsoperational.md + - name: AVNMConnectivityConfigurationChange + href: tables/avnmconnectivityconfigurationchange.md + - name: AVNMIPAMPoolAllocationChange + href: tables/avnmipampoolallocationchange.md + - name: AVNMNetworkGroupMembershipChange + href: tables/avnmnetworkgroupmembershipchange.md + - name: AVNMRuleCollectionChange + href: tables/avnmrulecollectionchange.md + - name: AVSSyslog + href: tables/avssyslog.md + - name: AWSCloudTrail + href: tables/awscloudtrail.md + - name: AWSCloudWatch + href: tables/awscloudwatch.md + - name: AWSGuardDuty + href: tables/awsguardduty.md + - name: AWSVPCFlow + href: tables/awsvpcflow.md + - name: AWSWAF + href: tables/awswaf.md + - name: AZFWApplicationRule + href: tables/azfwapplicationrule.md + - name: AZFWApplicationRuleAggregation + href: tables/azfwapplicationruleaggregation.md + - name: AZFWDnsQuery + href: tables/azfwdnsquery.md + - name: AZFWFatFlow + href: tables/azfwfatflow.md + - name: AZFWFlowTrace + href: tables/azfwflowtrace.md + - name: AZFWIdpsSignature + href: tables/azfwidpssignature.md + - name: AZFWInternalFqdnResolutionFailure + href: tables/azfwinternalfqdnresolutionfailure.md + - name: AZFWNatRule + href: tables/azfwnatrule.md + - name: AZFWNatRuleAggregation + href: tables/azfwnatruleaggregation.md + - name: AZFWNetworkRule + href: tables/azfwnetworkrule.md + - name: AZFWNetworkRuleAggregation + href: tables/azfwnetworkruleaggregation.md + - name: AZFWThreatIntel + href: tables/azfwthreatintel.md + - name: AZKVAuditLogs + href: tables/azkvauditlogs.md + - name: AZKVPolicyEvaluationDetailsLogs + href: tables/azkvpolicyevaluationdetailslogs.md + - name: AZMSApplicationMetricLogs + href: tables/azmsapplicationmetriclogs.md + - name: AZMSArchiveLogs + href: tables/azmsarchivelogs.md + - name: AZMSAutoscaleLogs + href: tables/azmsautoscalelogs.md + - name: AZMSCustomerManagedKeyUserLogs + href: tables/azmscustomermanagedkeyuserlogs.md + - name: AZMSDiagnosticErrorLogs + href: tables/azmsdiagnosticerrorlogs.md + - name: AZMSHybridConnectionsEvents + href: tables/azmshybridconnectionsevents.md + - name: AZMSKafkaCoordinatorLogs + href: tables/azmskafkacoordinatorlogs.md + - name: AZMSKafkaUserErrorLogs + href: tables/azmskafkausererrorlogs.md + - name: AZMSOperationalLogs + href: tables/azmsoperationallogs.md + - name: AZMSRunTimeAuditLogs + href: tables/azmsruntimeauditlogs.md + - name: AZMSVnetConnectionEvents + href: tables/azmsvnetconnectionevents.md + - name: AddonAzureBackupAlerts + href: tables/addonazurebackupalerts.md + - name: AddonAzureBackupJobs + href: tables/addonazurebackupjobs.md + - name: AddonAzureBackupProtectedInstance + href: tables/addonazurebackupprotectedinstance.md + - name: AddonAzureBackupStorage + href: tables/addonazurebackupstorage.md + - name: AegDataPlaneRequests + href: tables/aegdataplanerequests.md + - name: AegDeliveryFailureLogs + href: tables/aegdeliveryfailurelogs.md + - name: AegPublishFailureLogs + href: tables/aegpublishfailurelogs.md + - name: AgriFoodApplicationAuditLogs + href: tables/agrifoodapplicationauditlogs.md + - name: AgriFoodFarmManagementLogs + href: tables/agrifoodfarmmanagementlogs.md + - name: AgriFoodFarmOperationLogs + href: tables/agrifoodfarmoperationlogs.md + - name: AgriFoodInsightLogs + href: tables/agrifoodinsightlogs.md + - name: AgriFoodJobProcessedLogs + href: tables/agrifoodjobprocessedlogs.md + - name: AgriFoodModelInferenceLogs + href: tables/agrifoodmodelinferencelogs.md + - name: AgriFoodProviderAuthLogs + href: tables/agrifoodproviderauthlogs.md + - name: AgriFoodSatelliteLogs + href: tables/agrifoodsatellitelogs.md + - name: AgriFoodSensorManagementLogs + href: tables/agrifoodsensormanagementlogs.md + - name: AgriFoodWeatherLogs + href: tables/agrifoodweatherlogs.md + - name: AirflowDagProcessingLogs + href: tables/airflowdagprocessinglogs.md + - name: Alert + href: tables/alert.md + - name: AlertEvidence + href: tables/alertevidence.md + - name: AlertHistory + href: tables/alerthistory.md + - name: AlertInfo + href: tables/alertinfo.md + - name: AmlComputeClusterEvent + href: tables/amlcomputeclusterevent.md + - name: AmlComputeClusterNodeEvent + href: tables/amlcomputeclusternodeevent.md + - name: AmlComputeCpuGpuUtilization + href: tables/amlcomputecpugpuutilization.md + - name: AmlComputeInstanceEvent + href: tables/amlcomputeinstanceevent.md + - name: AmlComputeJobEvent + href: tables/amlcomputejobevent.md + - name: AmlDataLabelEvent + href: tables/amldatalabelevent.md + - name: AmlDataSetEvent + href: tables/amldatasetevent.md + - name: AmlDataStoreEvent + href: tables/amldatastoreevent.md + - name: AmlDeploymentEvent + href: tables/amldeploymentevent.md + - name: AmlEnvironmentEvent + href: tables/amlenvironmentevent.md + - name: AmlInferencingEvent + href: tables/amlinferencingevent.md + - name: AmlModelsEvent + href: tables/amlmodelsevent.md + - name: AmlOnlineEndpointConsoleLog + href: tables/amlonlineendpointconsolelog.md + - name: AmlOnlineEndpointEventLog + href: tables/amlonlineendpointeventlog.md + - name: AmlOnlineEndpointTrafficLog + href: tables/amlonlineendpointtrafficlog.md + - name: AmlPipelineEvent + href: tables/amlpipelineevent.md + - name: AmlRegistryReadEventsLog + href: tables/amlregistryreadeventslog.md + - name: AmlRegistryWriteEventsLog + href: tables/amlregistrywriteeventslog.md + - name: AmlRunEvent + href: tables/amlrunevent.md + - name: AmlRunStatusChangedEvent + href: tables/amlrunstatuschangedevent.md + - name: Anomalies + href: tables/anomalies.md + - name: ApiManagementGatewayLogs + href: tables/apimanagementgatewaylogs.md + - name: ApiManagementWebSocketConnectionLogs + href: tables/apimanagementwebsocketconnectionlogs.md + - name: AppAvailabilityResults + href: tables/appavailabilityresults.md + - name: AppBrowserTimings + href: tables/appbrowsertimings.md + - name: AppCenterError + href: tables/appcentererror.md + - name: AppDependencies + href: tables/appdependencies.md + - name: AppEnvSpringAppConsoleLogs + href: tables/appenvspringappconsolelogs.md + - name: AppEvents + href: tables/appevents.md + - name: AppExceptions + href: tables/appexceptions.md + - name: AppMetrics + href: tables/appmetrics.md + - name: AppPageViews + href: tables/apppageviews.md + - name: AppPerformanceCounters + href: tables/appperformancecounters.md + - name: AppPlatformBuildLogs + href: tables/appplatformbuildlogs.md + - name: AppPlatformContainerEventLogs + href: tables/appplatformcontainereventlogs.md + - name: AppPlatformIngressLogs + href: tables/appplatformingresslogs.md + - name: AppPlatformLogsforSpring + href: tables/appplatformlogsforspring.md + - name: AppPlatformSystemLogs + href: tables/appplatformsystemlogs.md + - name: AppRequests + href: tables/apprequests.md + - name: AppServiceAntivirusScanAuditLogs + href: tables/appserviceantivirusscanauditlogs.md + - name: AppServiceAppLogs + href: tables/appserviceapplogs.md + - name: AppServiceAuditLogs + href: tables/appserviceauditlogs.md + - name: AppServiceAuthenticationLogs + href: tables/appserviceauthenticationlogs.md + - name: AppServiceConsoleLogs + href: tables/appserviceconsolelogs.md + - name: AppServiceEnvironmentPlatformLogs + href: tables/appserviceenvironmentplatformlogs.md + - name: AppServiceFileAuditLogs + href: tables/appservicefileauditlogs.md + - name: AppServiceHTTPLogs + href: tables/appservicehttplogs.md + - name: AppServiceIPSecAuditLogs + href: tables/appserviceipsecauditlogs.md + - name: AppServicePlatformLogs + href: tables/appserviceplatformlogs.md + - name: AppServiceServerlessSecurityPluginData + href: tables/appserviceserverlesssecurityplugindata.md + - name: AppSystemEvents + href: tables/appsystemevents.md + - name: AppTraces + href: tables/apptraces.md + - name: ArcK8sAudit + href: tables/arck8saudit.md + - name: ArcK8sAuditAdmin + href: tables/arck8sauditadmin.md + - name: ArcK8sControlPlane + href: tables/arck8scontrolplane.md + - name: AuditLogs + href: tables/auditlogs.md + - name: AutoscaleEvaluationsLog + href: tables/autoscaleevaluationslog.md + - name: AutoscaleScaleActionsLog + href: tables/autoscalescaleactionslog.md + - name: AzureActivity + href: tables/azureactivity.md + - name: AzureAssessmentRecommendation + href: tables/azureassessmentrecommendation.md + - name: AzureAttestationDiagnostics + href: tables/azureattestationdiagnostics.md + - name: AzureBackupOperations + href: tables/azurebackupoperations.md + - name: AzureDevOpsAuditing + href: tables/azuredevopsauditing.md + - name: AzureDiagnostics + href: tables/azurediagnostics.md + - name: AzureLoadTestingOperation + href: tables/azureloadtestingoperation.md + - name: AzureMetrics + href: tables/azuremetrics.md + - name: BehaviorAnalytics + href: tables/behavioranalytics.md + - name: BlockchainApplicationLog + href: tables/blockchainapplicationlog.md + - name: BlockchainProxyLog + href: tables/blockchainproxylog.md + - name: CCFApplicationLogs + href: tables/ccfapplicationlogs.md + - name: CDBCassandraRequests + href: tables/cdbcassandrarequests.md + - name: CDBControlPlaneRequests + href: tables/cdbcontrolplanerequests.md + - name: CDBDataPlaneRequests + href: tables/cdbdataplanerequests.md + - name: CDBGremlinRequests + href: tables/cdbgremlinrequests.md + - name: CDBMongoRequests + href: tables/cdbmongorequests.md + - name: CDBPartitionKeyRUConsumption + href: tables/cdbpartitionkeyruconsumption.md + - name: CDBPartitionKeyStatistics + href: tables/cdbpartitionkeystatistics.md + - name: CDBQueryRuntimeStatistics + href: tables/cdbqueryruntimestatistics.md + - name: CDBTableApiRequests + href: tables/cdbtableapirequests.md + - name: CHSMManagementAuditLogs + href: tables/chsmmanagementauditlogs.md + - name: CHSMServiceOperationAuditLogs + href: tables/chsmserviceoperationauditlogs.md + - name: CIEventsAudit + href: tables/cieventsaudit.md + - name: CIEventsOperational + href: tables/cieventsoperational.md + - name: CassandraAudit + href: tables/cassandraaudit.md + - name: CassandraLogs + href: tables/cassandralogs.md + - name: ChaosStudioExperimentEventLogs + href: tables/chaosstudioexperimenteventlogs.md + - name: CloudAppEvents + href: tables/cloudappevents.md + - name: CommonSecurityLog + href: tables/commonsecuritylog.md + - name: ComputerGroup + href: tables/computergroup.md + - name: ConfidentialWatchlist + href: tables/confidentialwatchlist.md + - name: ConfigurationChange + href: tables/configurationchange.md + - name: ConfigurationData + href: tables/configurationdata.md + - name: ContainerAppConsoleLogs + href: tables/containerappconsolelogs.md + - name: ContainerAppSystemLogs + href: tables/containerappsystemlogs.md + - name: ContainerEvent + href: tables/containerevent.md + - name: ContainerImageInventory + href: tables/containerimageinventory.md + - name: ContainerInstanceLog + href: tables/containerinstancelog.md + - name: ContainerInventory + href: tables/containerinventory.md + - name: ContainerLog + href: tables/containerlog.md + - name: ContainerLogV2 + href: tables/containerlogv2.md + - name: ContainerNodeInventory + href: tables/containernodeinventory.md + - name: ContainerRegistryLoginEvents + href: tables/containerregistryloginevents.md + - name: ContainerRegistryRepositoryEvents + href: tables/containerregistryrepositoryevents.md + - name: ContainerServiceLog + href: tables/containerservicelog.md + - name: DCRLogErrors + href: tables/dcrlogerrors.md + - name: DCRLogTroubleshooting + href: tables/dcrlogtroubleshooting.md + - name: DHAppReliability + href: tables/dhappreliability.md + - name: DHDriverReliability + href: tables/dhdriverreliability.md + - name: DHLogonFailures + href: tables/dhlogonfailures.md + - name: DHLogonMetrics + href: tables/dhlogonmetrics.md + - name: DHOSCrashData + href: tables/dhoscrashdata.md + - name: DHOSReliability + href: tables/dhosreliability.md + - name: DHWipAppLearning + href: tables/dhwipapplearning.md + - name: DNSQueryLogs + href: tables/dnsquerylogs.md + - name: DSMAzureBlobStorageLogs + href: tables/dsmazureblobstoragelogs.md + - name: DSMDataClassificationLogs + href: tables/dsmdataclassificationlogs.md + - name: DSMDataLabelingLogs + href: tables/dsmdatalabelinglogs.md + - name: DataTransferOperations + href: tables/datatransferoperations.md + - name: DatabricksAccounts + href: tables/databricksaccounts.md + - name: DatabricksBrickStoreHttpGateway + href: tables/databricksbrickstorehttpgateway.md + - name: DatabricksCapsule8Dataplane + href: tables/databrickscapsule8dataplane.md + - name: DatabricksClamAVScan + href: tables/databricksclamavscan.md + - name: DatabricksCloudStorageMetadata + href: tables/databrickscloudstoragemetadata.md + - name: DatabricksClusterLibraries + href: tables/databricksclusterlibraries.md + - name: DatabricksClusters + href: tables/databricksclusters.md + - name: DatabricksDBFS + href: tables/databricksdbfs.md + - name: DatabricksDashboards + href: tables/databricksdashboards.md + - name: DatabricksDataMonitoring + href: tables/databricksdatamonitoring.md + - name: DatabricksDatabricksSQL + href: tables/databricksdatabrickssql.md + - name: DatabricksDeltaPipelines + href: tables/databricksdeltapipelines.md + - name: DatabricksFeatureStore + href: tables/databricksfeaturestore.md + - name: DatabricksFilesystem + href: tables/databricksfilesystem.md + - name: DatabricksGenie + href: tables/databricksgenie.md + - name: DatabricksGitCredentials + href: tables/databricksgitcredentials.md + - name: DatabricksGlobalInitScripts + href: tables/databricksglobalinitscripts.md + - name: DatabricksIAMRole + href: tables/databricksiamrole.md + - name: DatabricksIngestion + href: tables/databricksingestion.md + - name: DatabricksInstancePools + href: tables/databricksinstancepools.md + - name: DatabricksJobs + href: tables/databricksjobs.md + - name: DatabricksLineageTracking + href: tables/databrickslineagetracking.md + - name: DatabricksMLflowAcledArtifact + href: tables/databricksmlflowacledartifact.md + - name: DatabricksMLflowExperiment + href: tables/databricksmlflowexperiment.md + - name: DatabricksMarketplaceConsumer + href: tables/databricksmarketplaceconsumer.md + - name: DatabricksModelRegistry + href: tables/databricksmodelregistry.md + - name: DatabricksNotebook + href: tables/databricksnotebook.md + - name: DatabricksPartnerHub + href: tables/databrickspartnerhub.md + - name: DatabricksPredictiveOptimization + href: tables/databrickspredictiveoptimization.md + - name: DatabricksRemoteHistoryService + href: tables/databricksremotehistoryservice.md + - name: DatabricksRepos + href: tables/databricksrepos.md + - name: DatabricksSQL + href: tables/databrickssql.md + - name: DatabricksSQLPermissions + href: tables/databrickssqlpermissions.md + - name: DatabricksSSH + href: tables/databricksssh.md + - name: DatabricksSecrets + href: tables/databrickssecrets.md + - name: DatabricksServerlessRealTimeInference + href: tables/databricksserverlessrealtimeinference.md + - name: DatabricksUnityCatalog + href: tables/databricksunitycatalog.md + - name: DatabricksWebTerminal + href: tables/databrickswebterminal.md + - name: DatabricksWorkspace + href: tables/databricksworkspace.md + - name: DatabricksWorkspaceLogs + href: tables/databricksworkspacelogs.md + - name: DataverseActivity + href: tables/dataverseactivity.md + - name: DefenderIoTRawEvent + href: tables/defenderiotrawevent.md + - name: DevCenterBillingEventLogs + href: tables/devcenterbillingeventlogs.md + - name: DevCenterDiagnosticLogs + href: tables/devcenterdiagnosticlogs.md + - name: DevCenterResourceOperationLogs + href: tables/devcenterresourceoperationlogs.md + - name: DeviceAppCrash + href: tables/deviceappcrash.md + - name: DeviceAppLaunch + href: tables/deviceapplaunch.md + - name: DeviceCalendar + href: tables/devicecalendar.md + - name: DeviceCleanup + href: tables/devicecleanup.md + - name: DeviceConnectSession + href: tables/deviceconnectsession.md + - name: DeviceEtw + href: tables/deviceetw.md + - name: DeviceEvents + href: tables/deviceevents.md + - name: DeviceFileCertificateInfo + href: tables/devicefilecertificateinfo.md + - name: DeviceFileEvents + href: tables/devicefileevents.md + - name: DeviceHardwareHealth + href: tables/devicehardwarehealth.md + - name: DeviceHealth + href: tables/devicehealth.md + - name: DeviceHeartbeat + href: tables/deviceheartbeat.md + - name: DeviceImageLoadEvents + href: tables/deviceimageloadevents.md + - name: DeviceInfo + href: tables/deviceinfo.md + - name: DeviceLogonEvents + href: tables/devicelogonevents.md + - name: DeviceNetworkEvents + href: tables/devicenetworkevents.md + - name: DeviceNetworkInfo + href: tables/devicenetworkinfo.md + - name: DeviceProcessEvents + href: tables/deviceprocessevents.md + - name: DeviceRegistryEvents + href: tables/deviceregistryevents.md + - name: DeviceSkypeHeartbeat + href: tables/deviceskypeheartbeat.md + - name: DeviceSkypeSignIn + href: tables/deviceskypesignin.md + - name: DeviceTvmSecureConfigurationAssessment + href: tables/devicetvmsecureconfigurationassessment.md + - name: DeviceTvmSecureConfigurationAssessmentKB + href: tables/devicetvmsecureconfigurationassessmentkb.md + - name: DeviceTvmSoftwareInventory + href: tables/devicetvmsoftwareinventory.md + - name: DeviceTvmSoftwareVulnerabilities + href: tables/devicetvmsoftwarevulnerabilities.md + - name: DeviceTvmSoftwareVulnerabilitiesKB + href: tables/devicetvmsoftwarevulnerabilitieskb.md + - name: DnsEvents + href: tables/dnsevents.md + - name: DnsInventory + href: tables/dnsinventory.md + - name: DynamicEventCollection + href: tables/dynamiceventcollection.md + - name: DynamicSummary + href: tables/dynamicsummary.md + - name: Dynamics365Activity + href: tables/dynamics365activity.md + - name: EGNFailedHttpDataPlaneOperations + href: tables/egnfailedhttpdataplaneoperations.md + - name: EGNFailedMqttConnections + href: tables/egnfailedmqttconnections.md + - name: EGNFailedMqttPublishedMessages + href: tables/egnfailedmqttpublishedmessages.md + - name: EGNFailedMqttSubscriptions + href: tables/egnfailedmqttsubscriptions.md + - name: EGNMqttDisconnections + href: tables/egnmqttdisconnections.md + - name: EGNSuccessfulHttpDataPlaneOperations + href: tables/egnsuccessfulhttpdataplaneoperations.md + - name: EGNSuccessfulMqttConnections + href: tables/egnsuccessfulmqttconnections.md + - name: ETWEvent + href: tables/etwevent.md + - name: EmailAttachmentInfo + href: tables/emailattachmentinfo.md + - name: EmailEvents + href: tables/emailevents.md + - name: EmailPostDeliveryEvents + href: tables/emailpostdeliveryevents.md + - name: EmailUrlInfo + href: tables/emailurlinfo.md + - name: EnrichedMicrosoft365AuditLogs + href: tables/enrichedmicrosoft365auditlogs.md + - name: Event + href: tables/event.md + - name: ExchangeAssessmentRecommendation + href: tables/exchangeassessmentrecommendation.md + - name: ExchangeOnlineAssessmentRecommendation + href: tables/exchangeonlineassessmentrecommendation.md + - name: FailedIngestion + href: tables/failedingestion.md + - name: FunctionAppLogs + href: tables/functionapplogs.md + - name: GCPAuditLogs + href: tables/gcpauditlogs.md + - name: GoogleCloudSCC + href: tables/googlecloudscc.md + - name: HDInsightAmbariClusterAlerts + href: tables/hdinsightambariclusteralerts.md + - name: HDInsightAmbariSystemMetrics + href: tables/hdinsightambarisystemmetrics.md + - name: HDInsightGatewayAuditLogs + href: tables/hdinsightgatewayauditlogs.md + - name: HDInsightHBaseLogs + href: tables/hdinsighthbaselogs.md + - name: HDInsightHBaseMetrics + href: tables/hdinsighthbasemetrics.md + - name: HDInsightHadoopAndYarnLogs + href: tables/hdinsighthadoopandyarnlogs.md + - name: HDInsightHadoopAndYarnMetrics + href: tables/hdinsighthadoopandyarnmetrics.md + - name: HDInsightHiveAndLLAPLogs + href: tables/hdinsighthiveandllaplogs.md + - name: HDInsightHiveAndLLAPMetrics + href: tables/hdinsighthiveandllapmetrics.md + - name: HDInsightHiveQueryAppStats + href: tables/hdinsighthivequeryappstats.md + - name: HDInsightHiveTezAppStats + href: tables/hdinsighthivetezappstats.md + - name: HDInsightJupyterNotebookEvents + href: tables/hdinsightjupyternotebookevents.md + - name: HDInsightKafkaLogs + href: tables/hdinsightkafkalogs.md + - name: HDInsightKafkaMetrics + href: tables/hdinsightkafkametrics.md + - name: HDInsightKafkaServerLog + href: tables/hdinsightkafkaserverlog.md + - name: HDInsightOozieLogs + href: tables/hdinsightoozielogs.md + - name: HDInsightRangerAuditLogs + href: tables/hdinsightrangerauditlogs.md + - name: HDInsightSecurityLogs + href: tables/hdinsightsecuritylogs.md + - name: HDInsightSparkApplicationEvents + href: tables/hdinsightsparkapplicationevents.md + - name: HDInsightSparkBlockManagerEvents + href: tables/hdinsightsparkblockmanagerevents.md + - name: HDInsightSparkEnvironmentEvents + href: tables/hdinsightsparkenvironmentevents.md + - name: HDInsightSparkExecutorEvents + href: tables/hdinsightsparkexecutorevents.md + - name: HDInsightSparkExtraEvents + href: tables/hdinsightsparkextraevents.md + - name: HDInsightSparkJobEvents + href: tables/hdinsightsparkjobevents.md + - name: HDInsightSparkLogs + href: tables/hdinsightsparklogs.md + - name: HDInsightSparkSQLExecutionEvents + href: tables/hdinsightsparksqlexecutionevents.md + - name: HDInsightSparkStageEvents + href: tables/hdinsightsparkstageevents.md + - name: HDInsightSparkStageTaskAccumulables + href: tables/hdinsightsparkstagetaskaccumulables.md + - name: HDInsightSparkTaskEvents + href: tables/hdinsightsparktaskevents.md + - name: HDInsightStormLogs + href: tables/hdinsightstormlogs.md + - name: HDInsightStormMetrics + href: tables/hdinsightstormmetrics.md + - name: HDInsightStormTopologyMetrics + href: tables/hdinsightstormtopologymetrics.md + - name: HealthStateChangeEvent + href: tables/healthstatechangeevent.md + - name: Heartbeat + href: tables/heartbeat.md + - name: HuntingBookmark + href: tables/huntingbookmark.md + - name: IISAssessmentRecommendation + href: tables/iisassessmentrecommendation.md + - name: IdentityDirectoryEvents + href: tables/identitydirectoryevents.md + - name: IdentityInfo + href: tables/identityinfo.md + - name: IdentityLogonEvents + href: tables/identitylogonevents.md + - name: IdentityQueryEvents + href: tables/identityqueryevents.md + - name: InsightsMetrics + href: tables/insightsmetrics.md + - name: IntuneAuditLogs + href: tables/intuneauditlogs.md + - name: IntuneDeviceComplianceOrg + href: tables/intunedevicecomplianceorg.md + - name: IntuneDevices + href: tables/intunedevices.md + - name: IntuneOperationalLogs + href: tables/intuneoperationallogs.md + - name: IoTHubDistributedTracing + href: tables/iothubdistributedtracing.md + - name: KubeEvents + href: tables/kubeevents.md + - name: KubeHealth + href: tables/kubehealth.md + - name: KubeMonAgentEvents + href: tables/kubemonagentevents.md + - name: KubeNodeInventory + href: tables/kubenodeinventory.md + - name: KubePVInventory + href: tables/kubepvinventory.md + - name: KubePodInventory + href: tables/kubepodinventory.md + - name: KubeServices + href: tables/kubeservices.md + - name: LAQueryLogs + href: tables/laquerylogs.md + - name: LASummaryLogs + href: tables/lasummarylogs.md + - name: LogicAppWorkflowRuntime + href: tables/logicappworkflowruntime.md + - name: MAApplication + href: tables/maapplication.md + - name: MAApplicationHealth + href: tables/maapplicationhealth.md + - name: MAApplicationHealthAlternativeVersions + href: tables/maapplicationhealthalternativeversions.md + - name: MAApplicationHealthIssues + href: tables/maapplicationhealthissues.md + - name: MAApplicationInstance + href: tables/maapplicationinstance.md + - name: MAApplicationInstanceReadiness + href: tables/maapplicationinstancereadiness.md + - name: MAApplicationReadiness + href: tables/maapplicationreadiness.md + - name: MADeploymentPlan + href: tables/madeploymentplan.md + - name: MADeviceNRT + href: tables/madevicenrt.md + - name: MADeviceNotEnrolled + href: tables/madevicenotenrolled.md + - name: MADeviceReadiness + href: tables/madevicereadiness.md + - name: MADriverInstanceReadiness + href: tables/madriverinstancereadiness.md + - name: MADriverReadiness + href: tables/madriverreadiness.md + - name: MAOfficeAddin + href: tables/maofficeaddin.md + - name: MAOfficeAddinInstance + href: tables/maofficeaddininstance.md + - name: MAOfficeAddinReadiness + href: tables/maofficeaddinreadiness.md + - name: MAOfficeAppInstance + href: tables/maofficeappinstance.md + - name: MAOfficeAppReadiness + href: tables/maofficeappreadiness.md + - name: MAOfficeBuildInfo + href: tables/maofficebuildinfo.md + - name: MAOfficeCurrencyAssessment + href: tables/maofficecurrencyassessment.md + - name: MAOfficeSuiteInstance + href: tables/maofficesuiteinstance.md + - name: MAProposedPilotDevices + href: tables/maproposedpilotdevices.md + - name: MAWindowsBuildInfo + href: tables/mawindowsbuildinfo.md + - name: MAWindowsCurrencyAssessment + href: tables/mawindowscurrencyassessment.md + - name: MAWindowsCurrencyAssessmentDailyCounts + href: tables/mawindowscurrencyassessmentdailycounts.md + - name: MAWindowsDeploymentStatus + href: tables/mawindowsdeploymentstatus.md + - name: MAWindowsDeploymentStatusNRT + href: tables/mawindowsdeploymentstatusnrt.md + - name: MCCEventLogs + href: tables/mcceventlogs.md + - name: MCVPAuditLogs + href: tables/mcvpauditlogs.md + - name: MCVPOperationLogs + href: tables/mcvpoperationlogs.md + - name: MDCDetectionDNSEvents + href: tables/mdcdetectiondnsevents.md + - name: MDCDetectionFimEvents + href: tables/mdcdetectionfimevents.md + - name: MDCFileIntegrityMonitoringEvents + href: tables/mdcfileintegritymonitoringevents.md + - name: MDECustomCollectionDeviceFileEvents + href: tables/mdecustomcollectiondevicefileevents.md + - name: MNFDeviceUpdates + href: tables/mnfdeviceupdates.md + - name: MNFSystemSessionHistoryUpdates + href: tables/mnfsystemsessionhistoryupdates.md + - name: MNFSystemStateMessageUpdates + href: tables/mnfsystemstatemessageupdates.md + - name: McasShadowItReporting + href: tables/mcasshadowitreporting.md + - name: MicrosoftAzureBastionAuditLogs + href: tables/microsoftazurebastionauditlogs.md + - name: MicrosoftDataShareReceivedSnapshotLog + href: tables/microsoftdatasharereceivedsnapshotlog.md + - name: MicrosoftDataShareSentSnapshotLog + href: tables/microsoftdatasharesentsnapshotlog.md + - name: MicrosoftDataShareShareLog + href: tables/microsoftdatasharesharelog.md + - name: MicrosoftDynamicsTelemetryPerformanceLogs + href: tables/microsoftdynamicstelemetryperformancelogs.md + - name: MicrosoftDynamicsTelemetrySystemMetricsLogs + href: tables/microsoftdynamicstelemetrysystemmetricslogs.md + - name: MicrosoftGraphActivityLogs + href: tables/microsoftgraphactivitylogs.md + - name: MicrosoftHealthcareApisAuditLogs + href: tables/microsofthealthcareapisauditlogs.md + - name: MicrosoftPurviewInformationProtection + href: tables/microsoftpurviewinformationprotection.md + - name: NCBMBreakGlassAuditLogs + href: tables/ncbmbreakglassauditlogs.md + - name: NCBMSecurityDefenderLogs + href: tables/ncbmsecuritydefenderlogs.md + - name: NCBMSecurityLogs + href: tables/ncbmsecuritylogs.md + - name: NCBMSystemLogs + href: tables/ncbmsystemlogs.md + - name: NCCKubernetesLogs + href: tables/ncckuberneteslogs.md + - name: NCCVMOrchestrationLogs + href: tables/nccvmorchestrationlogs.md + - name: NCMClusterOperationsLogs + href: tables/ncmclusteroperationslogs.md + - name: NCSStorageAlerts + href: tables/ncsstoragealerts.md + - name: NCSStorageAudits + href: tables/ncsstorageaudits.md + - name: NCSStorageLogs + href: tables/ncsstoragelogs.md + - name: NGXOperationLogs + href: tables/ngxoperationlogs.md + - name: NGXSecurityLogs + href: tables/ngxsecuritylogs.md + - name: NSPAccessLogs + href: tables/nspaccesslogs.md + - name: NTAInsights + href: tables/ntainsights.md + - name: NTAIpDetails + href: tables/ntaipdetails.md + - name: NTANetAnalytics + href: tables/ntanetanalytics.md + - name: NTATopologyDetails + href: tables/ntatopologydetails.md + - name: NWConnectionMonitorDNSResult + href: tables/nwconnectionmonitordnsresult.md + - name: NWConnectionMonitorDestinationListenerResult + href: tables/nwconnectionmonitordestinationlistenerresult.md + - name: NWConnectionMonitorPathResult + href: tables/nwconnectionmonitorpathresult.md + - name: NWConnectionMonitorTestResult + href: tables/nwconnectionmonitortestresult.md + - name: NetworkAccessAlerts + href: tables/networkaccessalerts.md + - name: NetworkAccessTraffic + href: tables/networkaccesstraffic.md + - name: NetworkSessions + href: tables/networksessions.md + - name: OEPAirFlowTask + href: tables/oepairflowtask.md + - name: OEPAuditLogs + href: tables/oepauditlogs.md + - name: OEPDataplaneLogs + href: tables/oepdataplanelogs.md + - name: OEPElasticOperator + href: tables/oepelasticoperator.md + - name: OEPElasticsearch + href: tables/oepelasticsearch.md + - name: OLPSupplyChainEntityOperations + href: tables/olpsupplychainentityoperations.md + - name: OLPSupplyChainEvents + href: tables/olpsupplychainevents.md + - name: OfficeActivity + href: tables/officeactivity.md + - name: Operation + href: tables/operation.md + - name: PFTitleAuditLogs + href: tables/pftitleauditlogs.md + - name: Perf + href: tables/perf.md + - name: PowerAppsActivity + href: tables/powerappsactivity.md + - name: PowerAutomateActivity + href: tables/powerautomateactivity.md + - name: PowerBIActivity + href: tables/powerbiactivity.md + - name: PowerBIAuditTenant + href: tables/powerbiaudittenant.md + - name: PowerBIDatasetsTenant + href: tables/powerbidatasetstenant.md + - name: PowerBIDatasetsTenantPreview + href: tables/powerbidatasetstenantpreview.md + - name: PowerBIDatasetsWorkspace + href: tables/powerbidatasetsworkspace.md + - name: PowerBIDatasetsWorkspacePreview + href: tables/powerbidatasetsworkspacepreview.md + - name: PowerBIReportUsageTenant + href: tables/powerbireportusagetenant.md + - name: PowerBIReportUsageWorkspace + href: tables/powerbireportusageworkspace.md + - name: PowerPlatformAdminActivity + href: tables/powerplatformadminactivity.md + - name: PowerPlatformConnectorActivity + href: tables/powerplatformconnectoractivity.md + - name: PowerPlatformDlpActivity + href: tables/powerplatformdlpactivity.md + - name: ProjectActivity + href: tables/projectactivity.md + - name: ProtectionStatus + href: tables/protectionstatus.md + - name: PurviewDataSensitivityLogs + href: tables/purviewdatasensitivitylogs.md + - name: PurviewScanStatusLogs + href: tables/purviewscanstatuslogs.md + - name: PurviewSecurityLogs + href: tables/purviewsecuritylogs.md + - name: REDConnectionEvents + href: tables/redconnectionevents.md + - name: RemoteNetworkHealthLogs + href: tables/remotenetworkhealthlogs.md + - name: ResourceManagementPublicAccessLogs + href: tables/resourcemanagementpublicaccesslogs.md + - name: SCCMAssessmentRecommendation + href: tables/sccmassessmentrecommendation.md + - name: SCOMAssessmentRecommendation + href: tables/scomassessmentrecommendation.md + - name: SPAssessmentRecommendation + href: tables/spassessmentrecommendation.md + - name: SQLAssessmentRecommendation + href: tables/sqlassessmentrecommendation.md + - name: SQLSecurityAuditEvents + href: tables/sqlsecurityauditevents.md + - name: SecureScoreControls + href: tables/securescorecontrols.md + - name: SecureScores + href: tables/securescores.md + - name: SecurityAttackPathData + href: tables/securityattackpathdata.md + - name: SecurityBaseline + href: tables/securitybaseline.md + - name: SecurityBaselineSummary + href: tables/securitybaselinesummary.md + - name: SecurityDetection + href: tables/securitydetection.md + - name: SecurityEvent + href: tables/securityevent.md + - name: SecurityIncident + href: tables/securityincident.md + - name: SecurityIoTRawEvent + href: tables/securityiotrawevent.md + - name: SecurityNestedRecommendation + href: tables/securitynestedrecommendation.md + - name: SecurityRecommendation + href: tables/securityrecommendation.md + - name: SecurityRegulatoryCompliance + href: tables/securityregulatorycompliance.md + - name: SentinelAudit + href: tables/sentinelaudit.md + - name: SentinelHealth + href: tables/sentinelhealth.md + - name: ServiceFabricOperationalEvent + href: tables/servicefabricoperationalevent.md + - name: ServiceFabricReliableActorEvent + href: tables/servicefabricreliableactorevent.md + - name: ServiceFabricReliableServiceEvent + href: tables/servicefabricreliableserviceevent.md + - name: SfBAssessmentRecommendation + href: tables/sfbassessmentrecommendation.md + - name: SfBOnlineAssessmentRecommendation + href: tables/sfbonlineassessmentrecommendation.md + - name: SharePointOnlineAssessmentRecommendation + href: tables/sharepointonlineassessmentrecommendation.md + - name: SignalRServiceDiagnosticLogs + href: tables/signalrservicediagnosticlogs.md + - name: SigninLogs + href: tables/signinlogs.md + - name: SqlAtpStatus + href: tables/sqlatpstatus.md + - name: SqlDataClassification + href: tables/sqldataclassification.md + - name: SqlVulnerabilityAssessmentResult + href: tables/sqlvulnerabilityassessmentresult.md + - name: SqlVulnerabilityAssessmentScanStatus + href: tables/sqlvulnerabilityassessmentscanstatus.md + - name: StorageBlobLogs + href: tables/storagebloblogs.md + - name: StorageCacheOperationEvents + href: tables/storagecacheoperationevents.md + - name: StorageCacheUpgradeEvents + href: tables/storagecacheupgradeevents.md + - name: StorageCacheWarningEvents + href: tables/storagecachewarningevents.md + - name: StorageFileLogs + href: tables/storagefilelogs.md + - name: StorageMalwareScanningResults + href: tables/storagemalwarescanningresults.md + - name: StorageMoverCopyLogsFailed + href: tables/storagemovercopylogsfailed.md + - name: StorageMoverCopyLogsTransferred + href: tables/storagemovercopylogstransferred.md + - name: StorageMoverJobRunLogs + href: tables/storagemoverjobrunlogs.md + - name: StorageQueueLogs + href: tables/storagequeuelogs.md + - name: StorageTableLogs + href: tables/storagetablelogs.md + - name: SucceededIngestion + href: tables/succeededingestion.md + - name: SynapseBigDataPoolApplicationsEnded + href: tables/synapsebigdatapoolapplicationsended.md + - name: SynapseBuiltinSqlPoolRequestsEnded + href: tables/synapsebuiltinsqlpoolrequestsended.md + - name: SynapseDXCommand + href: tables/synapsedxcommand.md + - name: SynapseDXFailedIngestion + href: tables/synapsedxfailedingestion.md + - name: SynapseDXIngestionBatching + href: tables/synapsedxingestionbatching.md + - name: SynapseDXQuery + href: tables/synapsedxquery.md + - name: SynapseDXSucceededIngestion + href: tables/synapsedxsucceededingestion.md + - name: SynapseDXTableDetails + href: tables/synapsedxtabledetails.md + - name: SynapseDXTableUsageStatistics + href: tables/synapsedxtableusagestatistics.md + - name: SynapseGatewayApiRequests + href: tables/synapsegatewayapirequests.md + - name: SynapseGatewayEvents + href: tables/synapsegatewayevents.md + - name: SynapseIntegrationActivityRuns + href: tables/synapseintegrationactivityruns.md + - name: SynapseIntegrationPipelineRuns + href: tables/synapseintegrationpipelineruns.md + - name: SynapseIntegrationTriggerRuns + href: tables/synapseintegrationtriggerruns.md + - name: SynapseLinkEvent + href: tables/synapselinkevent.md + - name: SynapseRBACEvents + href: tables/synapserbacevents.md + - name: SynapseRbacOperations + href: tables/synapserbacoperations.md + - name: SynapseScopePoolScopeJobsEnded + href: tables/synapsescopepoolscopejobsended.md + - name: SynapseScopePoolScopeJobsStateChange + href: tables/synapsescopepoolscopejobsstatechange.md + - name: SynapseSqlPoolDmsWorkers + href: tables/synapsesqlpooldmsworkers.md + - name: SynapseSqlPoolExecRequests + href: tables/synapsesqlpoolexecrequests.md + - name: SynapseSqlPoolRequestSteps + href: tables/synapsesqlpoolrequeststeps.md + - name: SynapseSqlPoolSqlRequests + href: tables/synapsesqlpoolsqlrequests.md + - name: SynapseSqlPoolWaits + href: tables/synapsesqlpoolwaits.md + - name: Syslog + href: tables/syslog.md + - name: TSIIngress + href: tables/tsiingress.md + - name: ThreatIntelligenceIndicator + href: tables/threatintelligenceindicator.md + - name: UAApp + href: tables/uaapp.md + - name: UAComputer + href: tables/uacomputer.md + - name: UAComputerRank + href: tables/uacomputerrank.md + - name: UADriver + href: tables/uadriver.md + - name: UADriverProblemCodes + href: tables/uadriverproblemcodes.md + - name: UAFeedback + href: tables/uafeedback.md + - name: UAIESiteDiscovery + href: tables/uaiesitediscovery.md + - name: UAOfficeAddIn + href: tables/uaofficeaddin.md + - name: UAProposedActionPlan + href: tables/uaproposedactionplan.md + - name: UASysReqIssue + href: tables/uasysreqissue.md + - name: UAUpgradedComputer + href: tables/uaupgradedcomputer.md + - name: UCClient + href: tables/ucclient.md + - name: UCClientReadinessStatus + href: tables/ucclientreadinessstatus.md + - name: UCClientUpdateStatus + href: tables/ucclientupdatestatus.md + - name: UCDOAggregatedStatus + href: tables/ucdoaggregatedstatus.md + - name: UCDOStatus + href: tables/ucdostatus.md + - name: UCDeviceAlert + href: tables/ucdevicealert.md + - name: UCServiceUpdateStatus + href: tables/ucserviceupdatestatus.md + - name: UCUpdateAlert + href: tables/ucupdatealert.md + - name: Update + href: tables/update.md + - name: UpdateRunProgress + href: tables/updaterunprogress.md + - name: UpdateSummary + href: tables/updatesummary.md + - name: UrlClickEvents + href: tables/urlclickevents.md + - name: Usage + href: tables/usage.md + - name: UserAccessAnalytics + href: tables/useraccessanalytics.md + - name: UserPeerAnalytics + href: tables/userpeeranalytics.md + - name: VCoreMongoRequests + href: tables/vcoremongorequests.md + - name: VIAudit + href: tables/viaudit.md + - name: VIIndexing + href: tables/viindexing.md + - name: VMBoundPort + href: tables/vmboundport.md + - name: VMComputer + href: tables/vmcomputer.md + - name: VMConnection + href: tables/vmconnection.md + - name: VMProcess + href: tables/vmprocess.md + - name: W3CIISLog + href: tables/w3ciislog.md + - name: WDAVStatus + href: tables/wdavstatus.md + - name: WDAVThreat + href: tables/wdavthreat.md + - name: WUDOAggregatedStatus + href: tables/wudoaggregatedstatus.md + - name: WUDOStatus + href: tables/wudostatus.md + - name: WVDAgentHealthStatus + href: tables/wvdagenthealthstatus.md + - name: WVDAutoscaleEvaluationPooled + href: tables/wvdautoscaleevaluationpooled.md + - name: WVDCheckpoints + href: tables/wvdcheckpoints.md + - name: WVDConnectionGraphicsDataPreview + href: tables/wvdconnectiongraphicsdatapreview.md + - name: WVDConnectionNetworkData + href: tables/wvdconnectionnetworkdata.md + - name: WVDConnections + href: tables/wvdconnections.md + - name: WVDErrors + href: tables/wvderrors.md + - name: WVDFeeds + href: tables/wvdfeeds.md + - name: WVDHostRegistrations + href: tables/wvdhostregistrations.md + - name: WVDManagement + href: tables/wvdmanagement.md + - name: WVDSessionHostManagement + href: tables/wvdsessionhostmanagement.md + - name: WaaSDeploymentStatus + href: tables/waasdeploymentstatus.md + - name: WaaSInsiderStatus + href: tables/waasinsiderstatus.md + - name: WaaSUpdateStatus + href: tables/waasupdatestatus.md + - name: Watchlist + href: tables/watchlist.md + - name: WebPubSubConnectivity + href: tables/webpubsubconnectivity.md + - name: WebPubSubHttpRequest + href: tables/webpubsubhttprequest.md + - name: WebPubSubMessaging + href: tables/webpubsubmessaging.md + - name: Windows365AuditLogs + href: tables/windows365auditlogs.md + - name: WindowsClientAssessmentRecommendation + href: tables/windowsclientassessmentrecommendation.md + - name: WindowsEvent + href: tables/windowsevent.md + - name: WindowsFirewall + href: tables/windowsfirewall.md + - name: WindowsServerAssessmentRecommendation + href: tables/windowsserverassessmentrecommendation.md + - name: WireData + href: tables/wiredata.md + - name: WorkloadDiagnosticLogs + href: tables/workloaddiagnosticlogs.md + - name: WorkloadMonitoringPerf + href: tables/workloadmonitoringperf.md + - name: Log Analytics sample queries + href: ./queries-by-table.md + items: + - name: Sample queries by table + expanded: false + items: + - name: AACAudit + href: queries/AACAudit.md + - name: AACHttpRequest + href: queries/AACHttpRequest.md + - name: AADCustomSecurityAttributeAuditLogs + href: queries/AADCustomSecurityAttributeAuditLogs.md + - name: AADDomainServicesAccountLogon + href: queries/AADDomainServicesAccountLogon.md + - name: AADDomainServicesAccountManagement + href: queries/AADDomainServicesAccountManagement.md + - name: AADDomainServicesDirectoryServiceAccess + href: queries/AADDomainServicesDirectoryServiceAccess.md + - name: AADDomainServicesLogonLogoff + href: queries/AADDomainServicesLogonLogoff.md + - name: AADDomainServicesPolicyChange + href: queries/AADDomainServicesPolicyChange.md + - name: AADDomainServicesPrivilegeUse + href: queries/AADDomainServicesPrivilegeUse.md + - name: AADManagedIdentitySignInLogs + href: queries/AADManagedIdentitySignInLogs.md + - name: AADNonInteractiveUserSignInLogs + href: queries/AADNonInteractiveUserSignInLogs.md + - name: AADProvisioningLogs + href: queries/AADProvisioningLogs.md + - name: AADRiskyUsers + href: queries/AADRiskyUsers.md + - name: AADServicePrincipalRiskEvents + href: queries/AADServicePrincipalRiskEvents.md + - name: AADServicePrincipalSignInLogs + href: queries/AADServicePrincipalSignInLogs.md + - name: AADUserRiskEvents + href: queries/AADUserRiskEvents.md + - name: ABSBotRequests + href: queries/ABSBotRequests.md + - name: ACICollaborationAudit + href: queries/ACICollaborationAudit.md + - name: ACRConnectedClientList + href: queries/ACRConnectedClientList.md + - name: ACREntraAuthenticationAuditLog + href: queries/ACREntraAuthenticationAuditLog.md + - name: ACSAdvancedMessagingOperations + href: queries/ACSAdvancedMessagingOperations.md + - name: ACSAuthIncomingOperations + href: queries/ACSAuthIncomingOperations.md + - name: ACSBillingUsage + href: queries/ACSBillingUsage.md + - name: ACSCallAutomationIncomingOperations + href: queries/ACSCallAutomationIncomingOperations.md + - name: ACSCallAutomationMediaSummary + href: queries/ACSCallAutomationMediaSummary.md + - name: ACSCallClientMediaStatsTimeSeries + href: queries/ACSCallClientMediaStatsTimeSeries.md + - name: ACSCallClientOperations + href: queries/ACSCallClientOperations.md + - name: ACSCallDiagnostics + href: queries/ACSCallDiagnostics.md + - name: ACSCallRecordingIncomingOperations + href: queries/ACSCallRecordingIncomingOperations.md + - name: ACSCallRecordingSummary + href: queries/ACSCallRecordingSummary.md + - name: ACSCallSummary + href: queries/ACSCallSummary.md + - name: ACSCallSurvey + href: queries/ACSCallSurvey.md + - name: ACSChatIncomingOperations + href: queries/ACSChatIncomingOperations.md + - name: ACSEmailSendMailOperational + href: queries/ACSEmailSendMailOperational.md + - name: ACSEmailStatusUpdateOperational + href: queries/ACSEmailStatusUpdateOperational.md + - name: ACSJobRouterIncomingOperations + href: queries/ACSJobRouterIncomingOperations.md + - name: ACSRoomsIncomingOperations + href: queries/ACSRoomsIncomingOperations.md + - name: ACSSMSIncomingOperations + href: queries/ACSSMSIncomingOperations.md + - name: ADAssessmentRecommendation + href: queries/ADAssessmentRecommendation.md + - name: ADFActivityRun + href: queries/ADFActivityRun.md + - name: ADFPipelineRun + href: queries/ADFPipelineRun.md + - name: ADFSSignInLogs + href: queries/ADFSSignInLogs.md + - name: ADFTriggerRun + href: queries/ADFTriggerRun.md + - name: ADTDataHistoryOperation + href: queries/ADTDataHistoryOperation.md + - name: ADTDigitalTwinsOperation + href: queries/ADTDigitalTwinsOperation.md + - name: ADTEventRoutesOperation + href: queries/ADTEventRoutesOperation.md + - name: ADTModelsOperation + href: queries/ADTModelsOperation.md + - name: ADTQueryOperation + href: queries/ADTQueryOperation.md + - name: ADXIngestionBatching + href: queries/ADXIngestionBatching.md + - name: ADXTableUsageStatistics + href: queries/ADXTableUsageStatistics.md + - name: AEWComputePipelinesLogs + href: queries/AEWComputePipelinesLogs.md + - name: AFSAuditLogs + href: queries/AFSAuditLogs.md + - name: AGCAccessLogs + href: queries/AGCAccessLogs.md + - name: AGSGrafanaLoginEvents + href: queries/AGSGrafanaLoginEvents.md + - name: AHDSDicomAuditLogs + href: queries/AHDSDicomAuditLogs.md + - name: AHDSDicomDiagnosticLogs + href: queries/AHDSDicomDiagnosticLogs.md + - name: AHDSMedTechDiagnosticLogs + href: queries/AHDSMedTechDiagnosticLogs.md + - name: AKSAudit + href: queries/AKSAudit.md + - name: AKSAuditAdmin + href: queries/AKSAuditAdmin.md + - name: AKSControlPlane + href: queries/AKSControlPlane.md + - name: ALBHealthEvent + href: queries/ALBHealthEvent.md + - name: AMSKeyDeliveryRequests + href: queries/AMSKeyDeliveryRequests.md + - name: AMSLiveEventOperations + href: queries/AMSLiveEventOperations.md + - name: AMSMediaAccountHealth + href: queries/AMSMediaAccountHealth.md + - name: AMSStreamingEndpointRequests + href: queries/AMSStreamingEndpointRequests.md + - name: AOIDatabaseQuery + href: queries/AOIDatabaseQuery.md + - name: AOIDigestion + href: queries/AOIDigestion.md + - name: AOIStorage + href: queries/AOIStorage.md + - name: ASCDeviceEvents + href: queries/ASCDeviceEvents.md + - name: ASRJobs + href: queries/ASRJobs.md + - name: ASRReplicatedItems + href: queries/ASRReplicatedItems.md + - name: ASimDnsActivityLogs + href: queries/ASimDnsActivityLogs.md + - name: AVNMConnectivityConfigurationChange + href: queries/AVNMConnectivityConfigurationChange.md + - name: AVNMIPAMPoolAllocationChange + href: queries/AVNMIPAMPoolAllocationChange.md + - name: AVNMNetworkGroupMembershipChange + href: queries/AVNMNetworkGroupMembershipChange.md + - name: AVNMRuleCollectionChange + href: queries/AVNMRuleCollectionChange.md + - name: AVSSyslog + href: queries/AVSSyslog.md + - name: AWSCloudTrail + href: queries/AWSCloudTrail.md + - name: AWSGuardDuty + href: queries/AWSGuardDuty.md + - name: AWSVPCFlow + href: queries/AWSVPCFlow.md + - name: AZFWApplicationRule + href: queries/AZFWApplicationRule.md + - name: AZFWDnsQuery + href: queries/AZFWDnsQuery.md + - name: AZFWFatFlow + href: queries/AZFWFatFlow.md + - name: AZFWFlowTrace + href: queries/AZFWFlowTrace.md + - name: AZFWIdpsSignature + href: queries/AZFWIdpsSignature.md + - name: AZFWInternalFqdnResolutionFailure + href: queries/AZFWInternalFqdnResolutionFailure.md + - name: AZFWNatRule + href: queries/AZFWNatRule.md + - name: AZFWNetworkRule + href: queries/AZFWNetworkRule.md + - name: AZFWThreatIntel + href: queries/AZFWThreatIntel.md + - name: AZKVAuditLogs + href: queries/AZKVAuditLogs.md + - name: AZMSDiagnosticErrorLogs + href: queries/AZMSDiagnosticErrorLogs.md + - name: AZMSHybridConnectionsEvents + href: queries/AZMSHybridConnectionsEvents.md + - name: AZMSOperationalLogs + href: queries/AZMSOperationalLogs.md + - name: AZMSRunTimeAuditLogs + href: queries/AZMSRunTimeAuditLogs.md + - name: AZMSVnetConnectionEvents + href: queries/AZMSVnetConnectionEvents.md + - name: AddonAzureBackupJobs + href: queries/AddonAzureBackupJobs.md + - name: AddonAzureBackupStorage + href: queries/AddonAzureBackupStorage.md + - name: AegDataPlaneRequests + href: queries/AegDataPlaneRequests.md + - name: AegDeliveryFailureLogs + href: queries/AegDeliveryFailureLogs.md + - name: AegPublishFailureLogs + href: queries/AegPublishFailureLogs.md + - name: AgriFoodApplicationAuditLogs + href: queries/AgriFoodApplicationAuditLogs.md + - name: AgriFoodFarmManagementLogs + href: queries/AgriFoodFarmManagementLogs.md + - name: AgriFoodJobProcessedLogs + href: queries/AgriFoodJobProcessedLogs.md + - name: AlertEvidence + href: queries/AlertEvidence.md + - name: AlertInfo + href: queries/AlertInfo.md + - name: AmlComputeClusterEvent + href: queries/AmlComputeClusterEvent.md + - name: AmlComputeCpuGpuUtilization + href: queries/AmlComputeCpuGpuUtilization.md + - name: AmlComputeJobEvent + href: queries/AmlComputeJobEvent.md + - name: AmlDataSetEvent + href: queries/AmlDataSetEvent.md + - name: AmlEnvironmentEvent + href: queries/AmlEnvironmentEvent.md + - name: AmlModelsEvent + href: queries/AmlModelsEvent.md + - name: AmlOnlineEndpointConsoleLog + href: queries/AmlOnlineEndpointConsoleLog.md + - name: AmlOnlineEndpointEventLog + href: queries/AmlOnlineEndpointEventLog.md + - name: AmlOnlineEndpointTrafficLog + href: queries/AmlOnlineEndpointTrafficLog.md + - name: AmlRegistryWriteEventsLog + href: queries/AmlRegistryWriteEventsLog.md + - name: Anomalies + href: queries/Anomalies.md + - name: ApiManagementGatewayLogs + href: queries/ApiManagementGatewayLogs.md + - name: AppDependencies + href: queries/AppDependencies.md + - name: AppEnvSpringAppConsoleLogs + href: queries/AppEnvSpringAppConsoleLogs.md + - name: AppExceptions + href: queries/AppExceptions.md + - name: AppPageViews + href: queries/AppPageViews.md + - name: AppPlatformLogsforSpring + href: queries/AppPlatformLogsforSpring.md + - name: AppPlatformSystemLogs + href: queries/AppPlatformSystemLogs.md + - name: AppRequests + href: queries/AppRequests.md + - name: AppServiceAppLogs + href: queries/AppServiceAppLogs.md + - name: AppServiceAuditLogs + href: queries/AppServiceAuditLogs.md + - name: AppServiceAuthenticationLogs + href: queries/AppServiceAuthenticationLogs.md + - name: AppServiceConsoleLogs + href: queries/AppServiceConsoleLogs.md + - name: AppServiceFileAuditLogs + href: queries/AppServiceFileAuditLogs.md + - name: AppServiceHTTPLogs + href: queries/AppServiceHTTPLogs.md + - name: AutoscaleEvaluationsLog + href: queries/AutoscaleEvaluationsLog.md + - name: AutoscaleScaleActionsLog + href: queries/AutoscaleScaleActionsLog.md + - name: AzureActivity + href: queries/AzureActivity.md + - name: AzureAttestationDiagnostics + href: queries/AzureAttestationDiagnostics.md + - name: AzureBackupOperations + href: queries/AzureBackupOperations.md + - name: AzureDiagnostics + href: queries/AzureDiagnostics.md + - name: AzureLoadTestingOperation + href: queries/AzureLoadTestingOperation.md + - name: AzureMetrics + href: queries/AzureMetrics.md + - name: CCFApplicationLogs + href: queries/CCFApplicationLogs.md + - name: CHSMManagementAuditLogs + href: queries/CHSMManagementAuditLogs.md + - name: CHSMServiceOperationAuditLogs + href: queries/CHSMServiceOperationAuditLogs.md + - name: CIEventsAudit + href: queries/CIEventsAudit.md + - name: CIEventsOperational + href: queries/CIEventsOperational.md + - name: CassandraLogs + href: queries/CassandraLogs.md + - name: ChaosStudioExperimentEventLogs + href: queries/ChaosStudioExperimentEventLogs.md + - name: CloudAppEvents + href: queries/CloudAppEvents.md + - name: CommonSecurityLog + href: queries/CommonSecurityLog.md + - name: ConfidentialWatchlist + href: queries/ConfidentialWatchlist.md + - name: ConfigurationChange + href: queries/ConfigurationChange.md + - name: ConfigurationData + href: queries/ConfigurationData.md + - name: ContainerAppConsoleLogs + href: queries/ContainerAppConsoleLogs.md + - name: ContainerImageInventory + href: queries/ContainerImageInventory.md + - name: ContainerInventory + href: queries/ContainerInventory.md + - name: ContainerLog + href: queries/ContainerLog.md + - name: ContainerLogV2 + href: queries/ContainerLogV2.md + - name: ContainerNodeInventory + href: queries/ContainerNodeInventory.md + - name: ContainerRegistryLoginEvents + href: queries/ContainerRegistryLoginEvents.md + - name: ContainerRegistryRepositoryEvents + href: queries/ContainerRegistryRepositoryEvents.md + - name: ContainerServiceLog + href: queries/ContainerServiceLog.md + - name: CoreAzureBackup + href: queries/CoreAzureBackup.md + - name: DCRLogErrors + href: queries/DCRLogErrors.md + - name: DNSQueryLogs + href: queries/DNSQueryLogs.md + - name: DataTransferOperations + href: queries/DataTransferOperations.md + - name: DatabricksWorkspaceLogs + href: queries/DatabricksWorkspaceLogs.md + - name: DataverseActivity + href: queries/DataverseActivity.md + - name: DevCenterDiagnosticLogs + href: queries/DevCenterDiagnosticLogs.md + - name: DevCenterResourceOperationLogs + href: queries/DevCenterResourceOperationLogs.md + - name: DeviceCalendar + href: queries/DeviceCalendar.md + - name: DeviceCleanup + href: queries/DeviceCleanup.md + - name: DeviceHardwareHealth + href: queries/DeviceHardwareHealth.md + - name: DeviceHealth + href: queries/DeviceHealth.md + - name: DeviceSkypeHeartbeat + href: queries/DeviceSkypeHeartbeat.md + - name: DeviceTvmSecureConfigurationAssessment + href: queries/DeviceTvmSecureConfigurationAssessment.md + - name: DeviceTvmSoftwareInventory + href: queries/DeviceTvmSoftwareInventory.md + - name: DeviceTvmSoftwareVulnerabilities + href: queries/DeviceTvmSoftwareVulnerabilities.md + - name: DnsEvents + href: queries/DnsEvents.md + - name: EGNFailedHttpDataPlaneOperations + href: queries/EGNFailedHttpDataPlaneOperations.md + - name: EGNFailedMqttConnections + href: queries/EGNFailedMqttConnections.md + - name: EGNMqttDisconnections + href: queries/EGNMqttDisconnections.md + - name: EGNSuccessfulHttpDataPlaneOperations + href: queries/EGNSuccessfulHttpDataPlaneOperations.md + - name: EGNSuccessfulMqttConnections + href: queries/EGNSuccessfulMqttConnections.md + - name: EmailAttachmentInfo + href: queries/EmailAttachmentInfo.md + - name: EmailEvents + href: queries/EmailEvents.md + - name: EmailPostDeliveryEvents + href: queries/EmailPostDeliveryEvents.md + - name: EmailUrlInfo + href: queries/EmailUrlInfo.md + - name: Event + href: queries/Event.md + - name: FailedIngestion + href: queries/FailedIngestion.md + - name: FunctionAppLogs + href: queries/FunctionAppLogs.md + - name: GCPAuditLogs + href: queries/GCPAuditLogs.md + - name: Heartbeat + href: queries/Heartbeat.md + - name: IdentityDirectoryEvents + href: queries/IdentityDirectoryEvents.md + - name: IdentityLogonEvents + href: queries/IdentityLogonEvents.md + - name: IdentityQueryEvents + href: queries/IdentityQueryEvents.md + - name: InsightsMetrics + href: queries/InsightsMetrics.md + - name: KubeEvents + href: queries/KubeEvents.md + - name: KubeMonAgentEvents + href: queries/KubeMonAgentEvents.md + - name: KubeNodeInventory + href: queries/KubeNodeInventory.md + - name: KubePodInventory + href: queries/KubePodInventory.md + - name: KubeServices + href: queries/KubeServices.md + - name: LAQueryLogs + href: queries/LAQueryLogs.md + - name: LASummaryLogs + href: queries/LASummaryLogs.md + - name: LogicAppWorkflowRuntime + href: queries/LogicAppWorkflowRuntime.md + - name: MDCDetectionDNSEvents + href: queries/MDCDetectionDNSEvents.md + - name: MDCDetectionFimEvents + href: queries/MDCDetectionFimEvents.md + - name: MNFDeviceUpdates + href: queries/MNFDeviceUpdates.md + - name: MNFSystemSessionHistoryUpdates + href: queries/MNFSystemSessionHistoryUpdates.md + - name: MNFSystemStateMessageUpdates + href: queries/MNFSystemStateMessageUpdates.md + - name: MicrosoftDataShareReceivedSnapshotLog + href: queries/MicrosoftDataShareReceivedSnapshotLog.md + - name: MicrosoftDataShareSentSnapshotLog + href: queries/MicrosoftDataShareSentSnapshotLog.md + - name: MicrosoftGraphActivityLogs + href: queries/MicrosoftGraphActivityLogs.md + - name: MicrosoftPurviewInformationProtection + href: queries/MicrosoftPurviewInformationProtection.md + - name: NGXOperationLogs + href: queries/NGXOperationLogs.md + - name: NGXSecurityLogs + href: queries/NGXSecurityLogs.md + - name: NWConnectionMonitorPathResult + href: queries/NWConnectionMonitorPathResult.md + - name: NWConnectionMonitorTestResult + href: queries/NWConnectionMonitorTestResult.md + - name: NetworkSessions + href: queries/NetworkSessions.md + - name: OEPAirFlowTask + href: queries/OEPAirFlowTask.md + - name: OLPSupplyChainEntityOperations + href: queries/OLPSupplyChainEntityOperations.md + - name: OfficeActivity + href: queries/OfficeActivity.md + - name: Perf + href: queries/Perf.md + - name: PowerAppsActivity + href: queries/PowerAppsActivity.md + - name: PowerAutomateActivity + href: queries/PowerAutomateActivity.md + - name: PowerBIActivity + href: queries/PowerBIActivity.md + - name: PowerPlatformAdminActivity + href: queries/PowerPlatformAdminActivity.md + - name: PowerPlatformConnectorActivity + href: queries/PowerPlatformConnectorActivity.md + - name: PowerPlatformDlpActivity + href: queries/PowerPlatformDlpActivity.md + - name: ProjectActivity + href: queries/ProjectActivity.md + - name: ProtectionStatus + href: queries/ProtectionStatus.md + - name: PurviewSecurityLogs + href: queries/PurviewSecurityLogs.md + - name: REDConnectionEvents + href: queries/REDConnectionEvents.md + - name: ResourceManagementPublicAccessLogs + href: queries/ResourceManagementPublicAccessLogs.md + - name: SQLAssessmentRecommendation + href: queries/SQLAssessmentRecommendation.md + - name: SecurityAttackPathData + href: queries/SecurityAttackPathData.md + - name: SecurityEvent + href: queries/SecurityEvent.md + - name: SentinelAudit + href: queries/SentinelAudit.md + - name: SignalRServiceDiagnosticLogs + href: queries/SignalRServiceDiagnosticLogs.md + - name: SigninLogs + href: queries/SigninLogs.md + - name: StorageBlobLogs + href: queries/StorageBlobLogs.md + - name: StorageCacheOperationEvents + href: queries/StorageCacheOperationEvents.md + - name: StorageCacheUpgradeEvents + href: queries/StorageCacheUpgradeEvents.md + - name: StorageCacheWarningEvents + href: queries/StorageCacheWarningEvents.md + - name: StorageMalwareScanningResults + href: queries/StorageMalwareScanningResults.md + - name: SucceededIngestion + href: queries/SucceededIngestion.md + - name: SynapseLinkEvent + href: queries/SynapseLinkEvent.md + - name: Syslog + href: queries/Syslog.md + - name: TSIIngress + href: queries/TSIIngress.md + - name: UCDOAggregatedStatus + href: queries/UCDOAggregatedStatus.md + - name: UCDOStatus + href: queries/UCDOStatus.md + - name: Update + href: queries/Update.md + - name: UpdateRunProgress + href: queries/UpdateRunProgress.md + - name: UpdateSummary + href: queries/UpdateSummary.md + - name: UrlClickEvents + href: queries/UrlClickEvents.md + - name: Usage + href: queries/Usage.md + - name: VCoreMongoRequests + href: queries/VCoreMongoRequests.md + - name: VIAudit + href: queries/VIAudit.md + - name: VIIndexing + href: queries/VIIndexing.md + - name: W3CIISLog + href: queries/W3CIISLog.md + - name: WVDAgentHealthStatus + href: queries/WVDAgentHealthStatus.md + - name: WVDCheckpoints + href: queries/WVDCheckpoints.md + - name: WVDConnectionNetworkData + href: queries/WVDConnectionNetworkData.md + - name: WVDConnections + href: queries/WVDConnections.md + - name: WVDErrors + href: queries/WVDErrors.md + - name: WaaSDeploymentStatus + href: queries/WaaSDeploymentStatus.md + - name: WaaSUpdateStatus + href: queries/WaaSUpdateStatus.md + - name: Watchlist + href: queries/Watchlist.md + - name: WindowsEvent + href: queries/WindowsEvent.md + - name: WireData + href: queries/WireData.md + - name: WorkloadDiagnosticLogs + href: queries/WorkloadDiagnosticLogs.md