Forum Discussion
Solved
'where' operator: Failed to resolve table or column expression named 'SecurityEvent'
Hello Community, Whenever I attempt to run the following Log Analytic query in Azure Log Analytics I get the following error: 'where' operator: Failed to resolve table or column expression named...
I posted a video with a walkthrough on log collection setup. The quick version is to go into the Log Analytics workspace in Azure, Go to Workspace Overview and Add. Scroll down to the Security and Compliance solution.
You could also try going into Logs (Preview) for Advanced Log Analytics and check what shows in the Schema.
http://www.ciraltos.com/azure-oms-step-by-step-log-collection-setup/
Travis,
The reason I asked how to " add the Security and Compliance solution to the log security events?" is because I believe I have already added it. However, when I run the query I get the same error
I posted a video with a walkthrough on log collection setup. The quick version is to go into the Log Analytics workspace in Azure, Go to Workspace Overview and Add. Scroll down to the Security and Compliance solution.
You could also try going into Logs (Preview) for Advanced Log Analytics and check what shows in the Schema.
http://www.ciraltos.com/azure-oms-step-by-step-log-collection-setup/
Hello Travis,
I tried to access the link you provided for the first time today, but the site appears to be down.
Can you provide another link?
If I don't hear from you I'll submit another question, as I'm not sure if you'll see this once it has been answered.
Cheers
Sorry about that. My site is hosted in the Azure South Central region and that seems to be offline this morning. Here is a link to the video in YouTube. https://www.youtube.com/watch?v=OI2iUIh340U&list=PLnWpsLZNgHzVXXyN9a0jm9xNNDrikHf8I&index=3&t=0s
Hi Travis,
Fantastic video .. very informative. Thanks
Unfortunately, the video doesn't cover adding Security Policy to allow the the following query from being added with the error:
'where' operator: Failed to resolve table or column expression named 'SecurityEvent'.
SecurityEvent
| where TimeGenerated > ago(30m)
| count
Hi Travis,
Thanks Travis
Hi Travis,
I haven't checked out the video yet, but just wanted to say thanks.
I will check it out later this afternoon.
Cheers
