Jun 06 2019
04:40 AM
- last edited on
Apr 07 2022
05:51 PM
by
TechCommunityAP
Jun 06 2019
04:40 AM
- last edited on
Apr 07 2022
05:51 PM
by
TechCommunityAP
Jun 07 2019 09:48 AM
Do you know what Facility these would show up in? https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog
You probably have to collect the right facility first to get the data, so that we can query it.
Jun 07 2019 09:56 AM
Thank you for your response. Thanks for the share! I donot have any idea about this. But it looks to me that user related information can be queried from the Facility 'user', I am honestly not sure which Facility can help in collecting the information about disk errors and file sync errors.
Appreciate your response!
Thank you,
--Mayur
Jun 07 2019 10:54 AM
Sorry I cant help more, hopefully someone with more Linux knowledge can point us to the right area. Has you customer said which facility or custom log they are looking at?
When we have the data in a table, I can help again with the query side.
The public demo workspace has Syslog data (but any disk errors may have passed the retention period anyway).
Syslog | summarize count() by Facility
let dummyData = datatable(Date:datetime, dummyTxt:string) [ datetime(now) , "This is yet another test" , datetime(now) , "This is yet another test string" ]; dummyData | where dummyTxt == "This is yet another test string"which looks like this:
Date [UTC] | dummyTxt 2019-06-07T17:53:14.733 | This is yet another test string
Thanks