Recently I have been trying to retrieve the most common errors from a Virtual Machine.
I understand that this will need to use the analytic logs and KQL however I am not how to create this.
When running the script below, it unfortunately does not return any results:
// Reported errors
// Show error events from the last hour.
// To create an alert for this query, click '+ New alert rule'
union Event, Syslog // Event table stores Windows event records, Syslog stores Linux records
| where TimeGenerated > ago(1h)
| where EventLevelName == "Error" // EventLevelName is used in the Event (Windows) records
or SeverityLevel== "err" // SeverityLevel is used in Syslog (Linux) records