Jan 23 2018
09:48 AM
- last edited on
Apr 07 2022
04:52 PM
by
TechCommunityAP
Jan 23 2018
09:48 AM
- last edited on
Apr 07 2022
04:52 PM
by
TechCommunityAP
Hi,
I am running the following query
Jan 23 2018 11:33 PM
SolutionHi
AzureActivity table contains the azure activity log if you have configure it to be send to Log Analytics. This log does contain HTTP methods but only for certain operations so basically your Activity log needs to have such operations. HTTP method in AzureActivity table is located in json object called HTTPRequest. Inside the json object you have a few fields one of which is method. So in your case the query will look like this:
AzureActivity | summarize count(CallerIpAddress) by tostring(parsejson(HTTPRequest).method) , bin(TimeGenerated, 2m)
AzureDiagnostics table can contain diagnostics logs from multiple azure services. For a full list of supported services see here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-diagnostic-logs-schema . Of course with this log you will have to configure the resources you have to send the logs to Log Analytics.
The situation is the same with AzureMetrics table. See https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics
So both of these tables will depend on what services you've configured to send logs to Log Analytics. If any of the services does not have HttpMethod field than such will not be present in Log Analytics.
Jan 23 2018 11:33 PM
SolutionHi
AzureActivity table contains the azure activity log if you have configure it to be send to Log Analytics. This log does contain HTTP methods but only for certain operations so basically your Activity log needs to have such operations. HTTP method in AzureActivity table is located in json object called HTTPRequest. Inside the json object you have a few fields one of which is method. So in your case the query will look like this:
AzureActivity | summarize count(CallerIpAddress) by tostring(parsejson(HTTPRequest).method) , bin(TimeGenerated, 2m)
AzureDiagnostics table can contain diagnostics logs from multiple azure services. For a full list of supported services see here: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-diagnostic-logs-schema . Of course with this log you will have to configure the resources you have to send the logs to Log Analytics.
The situation is the same with AzureMetrics table. See https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics
So both of these tables will depend on what services you've configured to send logs to Log Analytics. If any of the services does not have HttpMethod field than such will not be present in Log Analytics.