Forum Widgets
Latest Discussions
'where' operator: Failed to resolve table or column expression named 'SecurityEvent'
Hello Community, Whenever I attempt to run the following Log Analytic query in Azure Log Analytics I get the following error: 'where' operator: Failed to resolve table or column expression named 'SecurityEvent' I think it's because I need to enable 'SecurityEvent' in Log Analytics but I'm not sure. I was wondering if someone could provide a guide; SecurityEvent | where AccountType == "User" and EventID == 4625 and TimeGenerated > ago(6h) | summarize IPCount = dcount(IpAddress), makeset(IpAddress) by Account | where IPCount > 5 | sort by IPCount desc Any ideas would be much appreciated. CheersSolvedCarlton PattersonSep 02, 2018Copper Contributor162KViews0likes10Commentsquery multiple "contains"
Greetings Community, I'm trying to come up with a way to query for multiple computers, but I have different strings to search for. For example: Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'ACOMPUTER1' | summarize max(TimeGenerated) by Computer I can run this query but I have to execute it for a different string each time: Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'ACOMPUTER1' | summarize max(TimeGenerated) by Computer Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'SERVERABC' | summarize max(TimeGenerated) by Computer Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'THISMACHINE_B' | summarize max(TimeGenerated) by Computer Is there a way to go through multiple "contains" or "has" statements in a single query? Was thinking that I'd have to build an array in a function or something... any help is appreciated.SolvedScottAllisonFeb 10, 2020Iron Contributor109KViews0likes11CommentsRemove duplicates from query
Hi, hope somebody can help me as I'm a bit stuck in my understanding of the query language. So I'm trying to get some creation events for App Services, though there seems to be multiple entries for the same App. Therefore I'm trying to find a way to remove duplicates on a column but retain the rest of the columns in the output / or a defined set of columns. Though after dodging distinct on a specific column only this is retained in the output. This is my query: AzureActivity | where OperationName == 'Delete website' and ActivityStatus == 'Succeeded' and ResourceProvider == 'Azure Web Sites' Though this produces two entires for the same deletion, so I tired this: AzureActivity | where OperationName == 'Delete website' and ActivityStatus == 'Succeeded' and ResourceProvider == 'Azure Web Sites' | distinct CorrelationId Though this only leaves the CorrelationId in the output but I need the Resource, ResourceID,OperationName also to be shown in the output. Any tips on how to get the syntax correct? ThanksSolvedMorten LerudjordetNov 30, 2017Copper Contributor102KViews1like11Comments
'summarize' operator: Failed to resolve scalar expression named 'TimeGenerated'
I got the error as title, when execute below query, anyone know about this? let containerNames = Perf | where InstanceName like 'shenzhou-tts-829bbd20-3e9e-43a0-a7d7-35252d5ef498' | where ObjectName == 'K8SContainer' | where CounterName == "memoryRssBytes" | distinct InstanceName; containerNames | join ( Perf ) on InstanceName | where CounterName == "memoryRssBytes" | extend usage = tolong(CounterValue) | summarize max(usage) by InstanceName, Computer | extend maxUsageMB = max_usage * 1.0/(1024*1024) | summarize sum(maxUsageMB) by Computer, bin(TimeGenerated, 2h)Solved67KViews0likes2Comments
Difference between Log Analytics and Monitor
New to Azure. What is the difference between Azure Monitor and Log Analytics?SolvedshockotechcomApr 07, 2020Iron Contributor63KViews0likes2CommentsHelp with Disk query in Log Analytics
Hi I was wondering if I could get some help with Log analytics. New to this so bear with me. I'm trying to create a query that will provide informtaion on disk utilisation in Azure. I've gottwo commands (below), however I'm not able to merge them as I would like one query which gives me % free space, overall size of disk, name of vm and name of disk. Anything else I can get in terms of disk usage would be great, not overly concerned with IOPs at the moment. The commands are: Thsi proivides info on free space: search ObjectName == "LogicalDisk" and CounterName == "% Free Space" This one provides information on free Mb remaining. search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes" I have tried this which helps, but again information is quite limited search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes" and TimeGenerated > ago(1d) | summarize FreeSpace = min(CounterValue) by Computer, InstanceName | where strlen(InstanceName) ==2 and InstanceName contains ":" Thanks in advance 🙂SolvedRajinder RahulFeb 17, 2018Copper Contributor58KViews0likes15Comments
Log Analytics Workspace with Multiple subscription
Hi Everyone, Good Day! I have couple doubts in Log analytics could you please help me to understand! 1. to my understanding we can created a workspace with only one subscription. Which means the log analytics will monitor only the resource are part of that subscriptions. Am i right? 2. if i have multiple workspaces for multiple subscriptions then is that possible to bring all of them under one Dashboard? Thanks in advanceSolvedS_I_KaleelJan 24, 2019Copper Contributor50KViews0likes18Comments
I want see an alert when my disk space less than 5Gb in virtual machine.
I want see an alert when my disk space less than 5Gb in virtual machine. Please provide the steps that need to be configured. I want to get the email notification when my VM disk space less than 5GB.kasunthMar 15, 2021Copper Contributor50KViews0likes7Comments
Resources
Tags
- azure monitor1,092 Topics
- Azure Log Analytics398 Topics
- Query Language246 Topics
- Log Analytics62 Topics
- Custom Logs and Custom Fields18 Topics
- solutions17 Topics
- Metrics15 Topics
- Workbooks14 Topics
- alerts14 Topics
- application insights13 Topics