Forum Discussion
Default Sentinel Overview dashboard widgets indicate no data. Where is the query for the map?
I'm monitoring IIS, Apache, RDP servers that are accessible from the Internet. The default Sentinel Overview dashboard sometimes displays a little information in the map, but so far that has been lim...
PeterSchawacker this might be too obvious, but the map it centered, so if you use your mouse to drag the view to SA or Thailand or zoom out do they show up? If not can you share your query, in case there is an issue with it?
If you click on the map (place cursor on the orange hotspot and click) you should see the query used?
For just IIS logs and as a quick test, you can use an example of:
W3CIISLog | extend TrafficDirection = "InboundOrUnknown", Country=RemoteIPCountry, Latitude=RemoteIPLatitude, Longitude=RemoteIPLongitude | where isnotempty(MaliciousIP) | summarize count() by TrafficDirection, MaliciousIP , RemoteIPCountry