Log Analytics / Sentinel - Dictionary of Solutions, Schemas and Variables

%3CLINGO-SUB%20id%3D%22lingo-sub-998153%22%20slang%3D%22en-US%22%3ELog%20Analytics%20%2F%20Sentinel%20-%20Dictionary%20of%20Solutions%2C%20Schemas%20and%20Variables%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-998153%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%20does%20anyone%20know%20of%20a%20good%20centralised%20repository%20(like%20a%20dictionary)%20of%20Azure%20Solutions%20mapped%20to%20their%20Log%20Schemas%2C%20and%20a%20definition%20of%20the%20fields%20within%20each%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%2C%20if%20you%20take%20a%20look%20at%20the%20following%20LA%20workspace%20logs%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F155976i14034B45A746737F%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe'd%20like%20the%20full%20list%20of%20potentially%20available%20sources%2C%20with%20a%20mapping%20to%20which%20component%20provides%20%2F%20feeds%20into%20each%20one%20of%20these%20logs%2C%20and%20a%20clear%20explanation%20of%20the%20fields%20within%20each%20of%20these.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-998153%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-999041%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20%2F%20Sentinel%20-%20Dictionary%20of%20Solutions%2C%20Schemas%20and%20Variables%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-999041%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20looking%20for%20the%20same.%20This%20would%20be%20extremely%20helpful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-999122%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20%2F%20Sentinel%20-%20Dictionary%20of%20Solutions%2C%20Schemas%20and%20Variables%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-999122%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F431506%22%20target%3D%22_blank%22%3E%40stijsseling%3C%2FA%3Eone%20of%20my%20analysts%20is%20starting%20to%20pull%20together%20a%20repository%20that%20we%20plan%20to%20open-source%20to%20the%20community%20-%20I'll%20tell%20them%20to%20share%20the%20github%20repo%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1000835%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20%2F%20Sentinel%20-%20Dictionary%20of%20Solutions%2C%20Schemas%20and%20Variables%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1000835%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375190%22%20target%3D%22_blank%22%3E%40fedecharosky%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDoes%20this%20help%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FDataSource-Schema-Reference%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FDataSource-Schema-Reference%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1003333%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20%2F%20Sentinel%20-%20Dictionary%20of%20Solutions%2C%20Schemas%20and%20Variables%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1003333%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3Esuper%20helpful%3B%20do%20you%20know%20if%20there%20are%20plans%20to%20include%20all%20other%20schemas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi Team, does anyone know of a good centralised repository (like a dictionary) of Azure Solutions mapped to their Log Schemas, and a definition of the fields within each?

 

For example, if you take a look at the following LA workspace logs:

 

clipboard_image_0.png

 

We'd like the full list of potentially available sources, with a mapping to which component provides / feeds into each one of these logs, and a clear explanation of the fields within each of these.

 

Thanks

 

4 Replies

I am looking for the same. This would be extremely helpful.

@stijsselingone of my analysts is starting to pull together a repository that we plan to open-source to the community - I'll tell them to share the github repo here.

@Clive Watsonsuper helpful; do you know if there are plans to include all other schemas?