Forum Widgets
Latest Discussions
Effective Cloud Governance: Leveraging Azure Activity Logs with Power BI
We all generally accept that governance in the cloud is a continuous journey, not a destination. There's no one-size-fits-all solution and depending on the size of your Azure cloud estate, staying on top of things can be challenging even at the best of times. One way of keeping your finger on the pulse is to closely monitor your Azure Activity Log. This log contains a wealth of information ranging from noise to interesting to actionable data. One could set up alerts for delete and update signals however, that can result in a flood of notifications. To address this challenge, you could develop a Power Bi report, similar to this one, that pulls in the Azure Activity Log and allows you to group and summarize data by various dimensions. You still need someone to review the report regularly however consuming the data this way makes it a whole lot easier. This by no means replaces the need for setting up alerts for key signals, however it does give you a great view of what's happened in your environment. If you're interested, this is the KQL query I'm using in Power Bi let start_time = ago(24h); let end_time = now(); AzureActivity | where TimeGenerated > start_time and TimeGenerated < end_time | where OperationNameValue contains 'WRITE' or OperationNameValue contains 'DELETE' | project TimeGenerated, Properties_d.resource, ResourceGroup, OperationNameValue, Authorization_d.scope, Authorization_d.action, Caller, CallerIpAddress, ActivityStatusValue | order by TimeGenerated asc
Azure Alert ITSM Servicenow Connector Payload not appearing in ticket description
Hello, Trying to create ServiceNow tickets based on alerts from Azure alert rule in "Log Analytics Workspace" for Machine learning Job failures with ITSM connector based action group. In this process, in ServiceNow tickets are getting generated but issue is with Payload i.e., payload passed is not appearing in ticket description under the section <-- Log Entry --> as shown in screenshot below. I have gone through the documentation but I couldn't find exact reference in addressing this issue. It would be great if you can provide any suggestions / exact references in the documentation. Please let me know for any additional inputs. Thanks & Regards, Siva Kumar
Log Analytics dropping logs if the application shuts down immediately after
In my micronaut application, there is an error condition where I write the error to the logs and then I am forcing my application to shutdown. The shutdown happens as expected, but I do not see the error log that was fired just before the shutdown. Is it possible it is lost? Is it related to latency? My understanding is that even with the latency, I should get to see the error log.
Advanced hunting query for pulling browser extension details and email address.
Hello, I have created a query which pulls out users with lastpass on Edge browser extension, I'm not able to get email details from the "LoggedonUser". DeviceTvmBrowserExtensions | join DeviceInfo on DeviceId | where ExtensionName like "LastPass" | summarize TotalDevices=dcount(DeviceName), ExtensionOn = dcountif(DeviceId,IsActivated=="true") by BrowserName, ExtensionName, ExtensionRisk, ExtensionId, LoggedOnUsers, DeviceName | sort by ExtensionName asc | mv-expand todynamic(LoggedOnUsers) | where BrowserName == @"edge" | join kind=leftouter ( IdentityInfo | where EmailAddress != "" | project emailaddress = AccountUpn, Department | distinct emailaddress ) on emailaddress | summarize emailaddress = makeset(Department), Accounts = makeset(AccountName) by BrowserName I want to link the email address to the "Loggedonuser" , the first part works i can pull user information out, but soon as i add the join in it stops working.Missing Operation ID and name
We'd like to customize out log format, so we have a method to get the logger. However, when we use the logger, we found that the operation_Name and operation_Id disappeared. We'd like to know why the operation_Name and operation_Id disappear and how to make it show on the query result. Here' the sample code to get logger: FORMAT = json.dumps( { 'loggerName': '%(name)s', 'funcName': '%(funcName)s', 'message': '%(message)s', 'asctime': '%(asctime)s', 'level': '%(levelname)s', } ) def get_customized_json_logger(logger_name): logger = logging.getLogger(logger_name) logger.setLevel(logging.INFO) log_handler = logging.StreamHandler() log_handler.setLevel(logging.INFO) formatter = logging.Formatter(FORMAT) log_handler.setFormatter(formatter) logger.addHandler(log_handler) return loggerAzure Container Apps observability tools
Learn about the observability tools you can use to observe, debug, and diagnose your Azure Container Apps in the blog post below! https://techcommunity.microsoft.com/t5/apps-on-azure-blog/observability-with-azure-container-apps/ba-p/3627909 What observability features in Azure Container Apps do you use most frequently? Which are the most helpful for you?Log analytics - increase the column length
Hi In Azure Log Analytics I have noticed that the length of the column "Statement" is 4000 characters and we have queries written by some users longer than 4000 characters. Is there a configuration for column length in Log Analytics in order to store up to 8000 characters? Thank you
Azure monitor alert for CPU usage > 80% for 30 minutes or more?
I would really appreciate if someone could help me with this. I am trying to create an Azure monitor alert for CPU usage >= 80% for 30 mins or more I've attached a screenshot of the condition for the alert rule. Under 'Evaluated based' on does the 'Aggregation granularity (Period)' mean that the alert will be triggered only if the CPU average is greater thank 80% for 30 minutes or more?
