Hi,
Recently I have been trying to retrieve the most common errors from a Virtual Machine.
I understand that this will need to use the analytic logs and KQL however I am not how to create this.
When running the script below, it unfortunately does not return any results:
// Reported errors
// Show error events from the last hour.
// To create an alert for this query, click '+ New alert rule'
union Event, Syslog // Event table stores Windows event records, Syslog stores Linux records
| where TimeGenerated > ago(1h)
| where EventLevelName == "Error" // EventLevelName is used in the Event (Windows) records
or SeverityLevel== "err" // SeverityLevel is used in Syslog (Linux) records
Any help would be appreciated.
@AidenBrennanCan you confirm how you enabled your Log Analytics WP? to collect the data of your vm's?
Home > analytics wp > advanced settings > data > windows event logs > select "system, setup" as per event logs tables/ columns in Windows Event Viewer.
Refer to the attached images.
When you run the query after the logs have been ingested into your analytics wp then you should be able to see the results.