Forum Discussion
No data was found
I activated sentinel yesterday but get no data was found like in the image below. Is there anything I have missed?
3 Replies
What [Data Connectors] have you added?
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources1. Cases (top right) needs you to have created an Alert entry in [Analytics] - see https://docs.microsoft.com/en-us/azure/sentinel/quickstart-get-visibility#create-new-detections
2. The map (middle bottom) needs data from at least one of these data sources:
- W3CIISLog (enable in Log Analytics)
- Wiredata (enable in Log Analytics)
- WindowsFirewall (Sentinel Connector)
- CommonSecurityLog (Sentinel Connector)
- VMConnection (Enable in Log Analytics)
or DnsEvents (Sentinel Connector)
You can see your Data in your workspace from the Schema items
CliveWatsonOk, Thanks, Have made some progress with the IIS log. I am trying to get this into the Grafana Worldmap but I suppose this is another issute. Having problems with country codes and that IIS writes the full country instead of US or SE. Will try more and thanks for your response.
CliveWatson wrote:What [Data Connectors] have you added?
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources1. Cases (top right) needs you to have created an Alert entry in [Analytics] - see https://docs.microsoft.com/en-us/azure/sentinel/quickstart-get-visibility#create-new-detections
2. The map (middle bottom) needs data from at least one of these data sources:
- W3CIISLog (enable in Log Analytics)
- Wiredata (enable in Log Analytics)
- WindowsFirewall (Sentinel Connector)
- CommonSecurityLog (Sentinel Connector)
- VMConnection (Enable in Log Analytics)
or DnsEvents (Sentinel Connector)
You can see your Data in your workspace from the Schema items
If you don't mind creating your own list?
W3CIISLog | extend countrycode = case(RemoteIPCountry == "UnitedStates","US", RemoteIPCountry == "United Kingdom","UK", // add others here "Unknown Country") | where isnotempty(RemoteIPCountry) | project RemoteIPCountry, countrycode
