Forum Discussion
OMS DNS Analytics solution - no data
I'm actually experiencing the same issue. Enabled the collection about 18 hours ago and nothing is coming in to Log Analytics. My connectivity is working properly and other events come in properly but nothing for DNS.
Hmm, when it says to reset the config or load the config page once in the portal, where, specifically, is it referring to? I've done changes within the Overview > DNS Analytics > DNS Analytics Configuration section so if that is it, that's been done with no change in the lack of events coming in.
yes it was that Config https://docs.microsoft.com/en-us/azure/azure-monitor/insights/dns-analytics#configuration it may take 5-15 mins work.
If you have ZERO entries (i.e. these queries don't work)DnsEvents
| sort by TimeGenerated
DnsEvents
| where SubType == 'LookupQuery'
Then can you check that the HeartBeat table is working for the specific DNS Servers (my DNS server is called DC01)?
Heartbeat | where Computer startswith "DC01" | summarize oldest_ = min(TimeGenerated), latest_ = max(TimeGenerated) | extend diff_in_hours = datetime_diff( 'hour', todatetime(latest_), todatetime(oldest_) )oldest_ latest_ diff_in_hours 2019-12-17T17:40:53.897Z 2019-12-18T17:40:08.81Z 23 CliveWatsonI have been 'enrolled' in the DNS Analytics preview for weeks but have never had any query events captured.
I have events of type ConfigurationChange and DynamicRegistration only.
I also have hearbeat from around a dozen Windows DCs running DNS.
As per your suggestion I have made a configuration change in order to 'reset` the config. I have then waited for a while, done some web searches to obscure websites on a member server and waited for these to show up in Log Analytics - they have not.
