Forum Discussion
Solved
Get listing of logs
It is easy to see all of the logs in Sentinel/Log Analytics workspace, but how can we easily export a listing of those logs? not the data, just the log names
- Did you just want the table names? If so -
union withsource= table *
| distinct table
And if you are interested in the busiest tables
union withsource= table *
| summarize count()by table
- Did you just want the table names? If so -
union withsource= table *
| distinct table
And if you are interested in the busiest tables
union withsource= table *
| summarize count()by tableOne other method is to use the Usage Table.
Usage is an aggregated Table that knows about all the other Tables, so you can query that for better performance (runs in less than half the time on my data).
This is not a big issue for a simple query like these examples, but can help if this ends up being frequent or the query more complex.Usage | summarize count() by DataType- Wouldn't you need to take into account the Quantity field to really determine which ones were busy or do you just care about the number of hits rather than how much data each table ingested?
