Forum Widgets
Latest Discussions
Behavior when Batch Send Failed
Hi All, I am looking to send messages in batches to both Log Analytics and Event Hub services. My solution requires that the sent batches be all-or-none, meaning either all messages are sent successfully, or all messages are dropped in case of failure. Could you please clarify how Log Analytics and Event Hub handle failures during batch sends?SolvedbtsuiDec 30, 2024Copper Contributor49Views0likes1Comment
Azure Deployment Dashboard
Is there a way build dashboard view for Deployment status (Active, Successful, Failed) from activity logs across subscriptions on my tenant. I tried Azure Resource Graph table deploymentresources , but does not provide who (actor) and when details. Please advise.SolvedkudumumNov 04, 2024Copper Contributor92Views0likes1Comment
AMA Migration: Adding VMs in DCR while onboarding
Hello Everyone, We are in our organisation is in process of AMA Migration but right now facing one challenge if we can find assistance on. While migration, we can add all our current VMs in defined DCR but the concern is what if we are installing a new VM or multiple VMs at a time, do we need add those VMs to DCR manually? Is this the only option? Also do we need to add VMs manually in the DCR always for Security Events via AMA data connector? Is there any way in which while creating or onboarding the VMs, those can be added into defined DCR?SolvedJulfiMar 20, 2024Copper Contributor481Views0likes1Comment
Azure monitor - prevent alarm on service restart
Hi, A simple script is used, which works in the event that the service stops or that the service stops and starts. Is there a possibility, or how to make a query so that the alarm is not triggered if the service is restarted and the restart take lets say, 1 minute. I don't mean maintenance here, because it can be done randomly when someone applied something… Event | where EventLog == 'System' and EventID ==7036 and Source == 'Service Control Manager' | where Computer == "**********************" | where RenderedDescription contains "The Windows Search service entered" | parse kind = relaxed EventData with *'</Data><Data Name="param2">' Windows_Service_State "</Data>" * | sort by TimeGenerated desc | project Windows_Service_StateSolvedMali_StaneFeb 27, 2024Copper Contributor565Views0likes2CommentsLog Analytics Workspace - Minimum Permissions to submit custom events?
I am trying to set up a LA Workspace intended to collect custom events submitted from custom powershell scripts (i.e, via Invoke-WebRequest). I don't want to use the workspace's Shared Key - I want to use either an app principal and/or a managed identity. What are the minimum RBAC permissions that I need to assign to successfully submit custom events? (I tried reading up and down here, it doesn't seem to tackle permissions for writing log events). Manage access to Log Analytics workspaces - Azure Monitor | Microsoft LearnSolvedmindfulrantsFeb 10, 2024Copper Contributor669Views0likes2Commentsquery multiple "contains"
Greetings Community, I'm trying to come up with a way to query for multiple computers, but I have different strings to search for. For example: Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'ACOMPUTER1' | summarize max(TimeGenerated) by Computer I can run this query but I have to execute it for a different string each time: Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'ACOMPUTER1' | summarize max(TimeGenerated) by Computer Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'SERVERABC' | summarize max(TimeGenerated) by Computer Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'THISMACHINE_B' | summarize max(TimeGenerated) by Computer Is there a way to go through multiple "contains" or "has" statements in a single query? Was thinking that I'd have to build an array in a function or something... any help is appreciated.SolvedScottAllisonNov 09, 2023Iron Contributor107KViews0likes11Comments
How to have a time chart show zero for missing/null data.
Hi, I have a data set that when I use the summarize/bin over a 1 min interval has gaps in the data (hours) and when the timechart renders the graph the line goes directly from the last value in one set to the first value in the next set (so it looks like there is some data there). Is there a way to have the summarize/bin function or the timechart to use zero (or some default value) for the buckets that I don't have data for? -thanksSolved35KViews0likes6Comments
Azure Logs: KQL Custom function with parameters
This is driving me absolutely insane. I have a case stmt which would be incredibly useful to reuse and yet I can't break it into an KQL custom user function!!! When I "save as" a new function, the screen gives me no options for parameters. When the created function is invoked, the UI indicates "this function expects no parameters". What in the heck is going on??? So, example from another area: // Query that appends a question mark to a provided name parameter let nameWithQuestionMark = (name:string) { print strcat(name, " is it you?") }; let name = "John"; print nameWithQuestionMark(name); When I save, I see a window like this: When I try to use it I get: nameWithQuestionMark(): function expects 0 argument(s). If the issue persists, please open a support ticket. Request id: "someguid" EVEN when I check the regular functions here, I see the "add function" screens allow you to specify parameters?!?!?!? https://learn.microsoft.com/en-us/azure/azure-monitor/logs/functions Thank you for any help, there must be something simple I'm missing. *** EDITED TO ADD this is an app insights insights that's been migrated to workspace based. in Overview I see the workspace specified.SolvedFrank_AndrusiewiczJul 07, 2023Copper Contributor1.7KViews0likes3CommentsMicrosoft Sentinel Logs "Display Timezone" does not work as expected
I set the "Display Timezone" to "Eastern Time", but the logs continue to show UTC time, both in the table or query results, and in the drop-down filter for the date/time range. Am I missing something? or what is the "Display Timezone" field for?Solveddaniel1610Apr 11, 2023Copper Contributor1.3KViews0likes2Comments
Kusto Query for troubleshooting the Network Security Group
Hi Team, i need some help on Kusto Query for troubleshooting the Network Security Group connectivity between source IP and Destination IP, can someone please help in Kusto Query to check the NSG logs for source and destination to check connectivity is allowed between source and destination. I'm very new to Kusto Query so posted here, appreciate for help Source Ip : 10.226.16.165 destination : 159.123.12.3Solvedvenu15Apr 06, 2023Copper Contributor1.5KViews0likes2Comments
Resources
Tags
- azure monitor1,092 Topics
- Azure Log Analytics398 Topics
- Query Language246 Topics
- Log Analytics62 Topics
- Custom Logs and Custom Fields18 Topics
- Solutions17 Topics
- Metrics15 Topics
- alerts14 Topics
- Workbooks14 Topics
- application insights13 Topics
