Forum Discussion
LogAnalytics Queries For/ Disk Failures, inode errors...
- Detect inode errors or file sync errors
- Detect any types of disk errors : In the recent times my customer has seen disk entries being missed out in fstab (File System Table) and it has been resulting into disk not being detected when the VM reboots
- Users logged in at any time and also the processes run by each user
--Mayur
3 Replies
Do you know what Facility these would show up in? https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
You probably have to collect the right facility first to get the data, so that we can query it.
Thank you for your response. Thanks for the share! I donot have any idea about this. But it looks to me that user related information can be queried from the Facility 'user', I am honestly not sure which Facility can help in collecting the information about disk errors and file sync errors.
Appreciate your response!
Thank you,
--Mayur
Sorry I cant help more, hopefully someone with more Linux knowledge can point us to the right area. Has you customer said which facility or custom log they are looking at?
When we have the data in a table, I can help again with the query side.
The public demo workspace has Syslog data (but any disk errors may have passed the retention period anyway).
Syslog | summarize count() by Facility
If your customer has the data, they they could produce a sample using the datatable KQL operator. Like this, but with some extra columns added.let dummyData = datatable(Date:datetime, dummyTxt:string) [ datetime(now) , "This is yet another test" , datetime(now) , "This is yet another test string" ]; dummyData | where dummyTxt == "This is yet another test string"which looks like this:Date [UTC] | dummyTxt 2019-06-07T17:53:14.733 | This is yet another test string
Thanks
