Forum Discussion
Carlton Patterson
Sep 02, 2018Copper Contributor
'where' operator: Failed to resolve table or column expression named 'SecurityEvent'
Hello Community,
Whenever I attempt to run the following Log Analytic query in Azure Log Analytics I get the following error:
'where' operator: Failed to resolve table or column expression named 'SecurityEvent'
I think it's because I need to enable 'SecurityEvent' in Log Analytics but I'm not sure. I was wondering if someone could provide a guide;
SecurityEvent
| where AccountType == "User" and EventID == 4625 and TimeGenerated > ago(6h)
| summarize IPCount = dcount(IpAddress), makeset(IpAddress) by Account
| where IPCount > 5
| sort by IPCount desc
Any ideas would be much appreciated.
Cheers
I posted a video with a walkthrough on log collection setup. The quick version is to go into the Log Analytics workspace in Azure, Go to Workspace Overview and Add. Scroll down to the Security and Compliance solution.
You could also try going into Logs (Preview) for Advanced Log Analytics and check what shows in the Schema.
http://www.ciraltos.com/azure-oms-step-by-step-log-collection-setup/
- yharish2008Copper Contributor
Carlton Patterson select scope beside run query button and scope to your resource.
- TravisRobertsIron Contributor
The Security and Compliance solution has to be added to log security events.
- Carlton PattersonCopper Contributor
Hi Travis,
Thanks for getting in touch.
Can you let me know how to add the Security and Compliance solution to the log security events?
Will I then be able to get a result from the script from Log Analytics?
Cheers
- Carlton PattersonCopper Contributor
Travis,
The reason I asked how to " add the Security and Compliance solution to the log security events?" is because I believe I have already added it. However, when I run the query I get the same error