Forum Discussion

Carlton Patterson's avatar
Carlton Patterson
Copper Contributor
Sep 02, 2018
Solved

'where' operator: Failed to resolve table or column expression named 'SecurityEvent'

Hello Community,   Whenever I attempt to run the following Log Analytic query in Azure Log Analytics I get the following error: 'where' operator: Failed to resolve table or column expression named...
Azure Log Analytics
azure monitor
  • TravisRoberts's avatar
    TravisRoberts
    Sep 02, 2018

    I posted a video with a walkthrough on log collection setup. The quick version is to go into the Log Analytics workspace in Azure, Go to Workspace Overview and Add.  Scroll down to the Security and Compliance solution.   

     

    You could also try going into Logs (Preview) for Advanced Log Analytics and check what shows in the Schema.

     

    http://www.ciraltos.com/azure-oms-step-by-step-log-collection-setup/

Carlton Patterson's avatar
Carlton Patterson
Copper Contributor
Sep 04, 2018

Hi Travis,

 

Fantastic video .. very informative. Thanks

 

Unfortunately, the video doesn't cover adding Security Policy to allow the the following query from being added with the error:

 

'where' operator: Failed to resolve table or column expression named 'SecurityEvent'.

 

SecurityEvent
| where TimeGenerated > ago(30m)
| count

 

 

Resources