Retrieving errors from a Virtual Machine

Visitor

Hi,

 

Recently I have been trying to retrieve the most common errors from a Virtual Machine.

 

I understand that this will need to use the analytic logs and KQL however I am not how to create this.

 

When running the script below, it unfortunately does not return any results:

 

// Reported errors 
// Show error events from the last hour. 
// To create an alert for this query, click '+ New alert rule'
union Event, Syslog // Event table stores Windows event records, Syslog stores Linux records
| where TimeGenerated > ago(1h)
| where EventLevelName == "Error" // EventLevelName is used in the Event (Windows) records
or SeverityLevel== "err" // SeverityLevel is used in Syslog (Linux) records

AidenBrennan_0-1605717132535.png

 

Any help would be appreciated.

1 Reply

@AidenBrennanCan you confirm how you enabled your Log Analytics WP? to collect the data of your vm's?

 

Home > analytics wp > advanced settings > data > windows event logs > select "system, setup" as per event logs tables/ columns in Windows Event Viewer.
Refer to the attached images.
Screenshot from 2020-11-19 18-30-28.png

 

When you run the query after the logs have been ingested into your analytics wp then you should be able to see the results.