Forum Discussion
How to get all logs for a specific user in sentinel
Hi Community, Help me out how to get all the logs for an user in sentinel. I was using the below quire but it is not written the expected results UserAccessAnalytics | where SourceEntityName...
Hi kishore_soc,
Try this command,
search "user email address"
This will give you all the logs for a specific user from all tables.
search "name"
| summarize count() by Type
// type will list the tables that are matched, in my example this finds name in the table "LAQueryLogs", so now use that, in the next query
LAQueryLogs
| where AADEmail == "name"
// or just get the last record in each Table
search "name"
| summarize arg_max(TimeGenerated,*) by Type