Forum Discussion
OMS DNS Analytics solution - no data
Generally after you put the agent on the Windows Server that is running DNS, you will get the logs.
Is this the first time you've used Log Analytics - if not, do you have other data sources that are working (this can rule out proxy/firewall issues)?
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
Did you "Verify agent connectivity to Log Analytics" as per the above link?
https://docs.microsoft.com/en-us/services-hub/health/troubleshooting_mma_agent
I'm actually experiencing the same issue. Enabled the collection about 18 hours ago and nothing is coming in to Log Analytics. My connectivity is working properly and other events come in properly but nothing for DNS.
Hmm, when it says to reset the config or load the config page once in the portal, where, specifically, is it referring to? I've done changes within the Overview > DNS Analytics > DNS Analytics Configuration section so if that is it, that's been done with no change in the lack of events coming in.
yes it was that Config https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics#configuration it may take 5-15 mins work.
If you have ZERO entries (i.e. these queries don't work)DnsEvents
| sort by TimeGenerated
DnsEvents
| where SubType == 'LookupQuery'
Then can you check that the HeartBeat table is working for the specific DNS Servers (my DNS server is called DC01)?
Heartbeat | where Computer startswith "DC01" | summarize oldest_ = min(TimeGenerated), latest_ = max(TimeGenerated) | extend diff_in_hours = datetime_diff( 'hour', todatetime(latest_), todatetime(oldest_) )oldest_ latest_ diff_in_hours 2019-12-17T17:40:53.897Z 2019-12-18T17:40:08.81Z 23