Forum Widgets
Latest Discussions
Azure Deployment Dashboard
Is there a way build dashboard view for Deployment status (Active, Successful, Failed) from activity logs across subscriptions on my tenant. I tried Azure Resource Graph table deploymentresources , but does not provide who (actor) and when details. Please advise.SolvedkudumumNov 04, 2024Copper Contributor85Views0likes1Comment
AMA Migration: Adding VMs in DCR while onboarding
Hello Everyone, We are in our organisation is in process of AMA Migration but right now facing one challenge if we can find assistance on. While migration, we can add all our current VMs in defined DCR but the concern is what if we are installing a new VM or multiple VMs at a time, do we need add those VMs to DCR manually? Is this the only option? Also do we need to add VMs manually in the DCR always for Security Events via AMA data connector? Is there any way in which while creating or onboarding the VMs, those can be added into defined DCR?SolvedJulfiMar 20, 2024Copper Contributor478Views0likes1Comment
Azure monitor - prevent alarm on service restart
Hi, A simple script is used, which works in the event that the service stops or that the service stops and starts. Is there a possibility, or how to make a query so that the alarm is not triggered if the service is restarted and the restart take lets say, 1 minute. I don't mean maintenance here, because it can be done randomly when someone applied something… Event | where EventLog == 'System' and EventID ==7036 and Source == 'Service Control Manager' | where Computer == "**********************" | where RenderedDescription contains "The Windows Search service entered" | parse kind = relaxed EventData with *'</Data><Data Name="param2">' Windows_Service_State "</Data>" * | sort by TimeGenerated desc | project Windows_Service_StateSolvedMali_StaneFeb 27, 2024Copper Contributor559Views0likes2CommentsLog Analytics Workspace - Minimum Permissions to submit custom events?
I am trying to set up a LA Workspace intended to collect custom events submitted from custom powershell scripts (i.e, via Invoke-WebRequest). I don't want to use the workspace's Shared Key - I want to use either an app principal and/or a managed identity. What are the minimum RBAC permissions that I need to assign to successfully submit custom events? (I tried reading up and down here, it doesn't seem to tackle permissions for writing log events). Manage access to Log Analytics workspaces - Azure Monitor | Microsoft LearnSolvedmindfulrantsFeb 10, 2024Copper Contributor654Views0likes2Commentsquery multiple "contains"
Greetings Community, I'm trying to come up with a way to query for multiple computers, but I have different strings to search for. For example: Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'ACOMPUTER1' | summarize max(TimeGenerated) by Computer I can run this query but I have to execute it for a different string each time: Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'ACOMPUTER1' | summarize max(TimeGenerated) by Computer Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'SERVERABC' | summarize max(TimeGenerated) by Computer Heartbeat | where TimeGenerated >= ago(1h) | where Computer contains 'THISMACHINE_B' | summarize max(TimeGenerated) by Computer Is there a way to go through multiple "contains" or "has" statements in a single query? Was thinking that I'd have to build an array in a function or something... any help is appreciated.SolvedScottAllisonNov 09, 2023Iron Contributor106KViews0likes11Comments
How to have a time chart show zero for missing/null data.
Hi, I have a data set that when I use the summarize/bin over a 1 min interval has gaps in the data (hours) and when the timechart renders the graph the line goes directly from the last value in one set to the first value in the next set (so it looks like there is some data there). Is there a way to have the summarize/bin function or the timechart to use zero (or some default value) for the buckets that I don't have data for? -thanksSolved35KViews0likes6CommentsAzure Logs: KQL Custom function with parameters
This is driving me absolutely insane. I have a case stmt which would be incredibly useful to reuse and yet I can't break it into an KQL custom user function!!! When I "save as" a new function, the screen gives me no options for parameters. When the created function is invoked, the UI indicates "this function expects no parameters". What in the heck is going on??? So, example from another area: // Query that appends a question mark to a provided name parameter let nameWithQuestionMark = (name:string) { print strcat(name, " is it you?") }; let name = "John"; print nameWithQuestionMark(name); When I save, I see a window like this: When I try to use it I get: nameWithQuestionMark(): function expects 0 argument(s). If the issue persists, please open a support ticket. Request id: "someguid" EVEN when I check the regular functions here, I see the "add function" screens allow you to specify parameters?!?!?!? https://learn.microsoft.com/en-us/azure/azure-monitor/logs/functions Thank you for any help, there must be something simple I'm missing. *** EDITED TO ADD this is an app insights insights that's been migrated to workspace based. in Overview I see the workspace specified.SolvedFrank_AndrusiewiczJul 07, 2023Copper Contributor1.7KViews0likes3Comments
Microsoft Sentinel Logs "Display Timezone" does not work as expected
I set the "Display Timezone" to "Eastern Time", but the logs continue to show UTC time, both in the table or query results, and in the drop-down filter for the date/time range. Am I missing something? or what is the "Display Timezone" field for?Solveddaniel1610Apr 11, 2023Copper Contributor1.3KViews0likes2Comments
Kusto Query for troubleshooting the Network Security Group
Hi Team, i need some help on Kusto Query for troubleshooting the Network Security Group connectivity between source IP and Destination IP, can someone please help in Kusto Query to check the NSG logs for source and destination to check connectivity is allowed between source and destination. I'm very new to Kusto Query so posted here, appreciate for help Source Ip :10.226.16.165 destination : 159.123.12.3Solvedvenu15Apr 06, 2023Copper Contributor1.4KViews0likes2CommentsService Principal - Applications ... - Monitoring Certificates and Secrets Expiration
This is an example: We need to monitoring the expiration time for our certificates and secrets, and receive an alert when there are a few weeks left until it expires. How can we do it? Any idea? Thanks!SolvedmgfealMar 14, 2023Brass Contributor2.9KViews1like4Comments
Resources
Tags
- azure monitor1,092 Topics
- Azure Log Analytics394 Topics
- Query Language246 Topics
- Log Analytics58 Topics
- Custom Logs and Custom Fields17 Topics
- Solutions17 Topics
- Metrics14 Topics
- Workbooks13 Topics
- Alerts12 Topics
- Application Insights12 Topics
