cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to view Signin logs in Log Analytics Workspace

mohanravindran20
Copper Contributor

‎Oct 06 2019 08:17 AM - last edited on ‎Apr 08 2022 10:08 AM by

‎Oct 06 2019 08:17 AM - last edited on ‎Apr 08 2022 10:08 AM by

Unable to view Signin logs in Log Analytics Workspace

Hi

I've setup the Audit logs and Sign-in logs from AAD to be sent to Log Analytics Workspace. The user has EMS E5 license. I could see the sign in logs being populated when i view it from the Azure AD tile. However ,when i click on LA workspace and filter for Sign-in logs, there are no results. I could see the Auditlogs in this LA workspace just fine. Not sure if there are any configuration i'm missing which blocks me to see the logs under LA workspace. Any suggestions?

Thank You!

Regards

Mohan

6,392 Views
0 Likes
8 Replies
Reply
8 Replies
MohanRavindran

‎Jan 30 2020 11:17 PM

‎Jan 30 2020 11:17 PM

Re: Unable to view Signin logs in Log Analytics Workspace

@CliveWatson 

I've checked all the pre-req's . All of them are met. I could see the Audit logs just not the Sign in logs.

0 Likes
Reply
CliveWatson

‎Jan 31 2020 08:51 AM

‎Jan 31 2020 08:51 AM

Re: Unable to view Signin logs in Log Analytics Workspace

@MohanRavindran 

 

If you have recent logs (within 12hrs) but nothing on this screen for sign-in a support call may be needed - unless anyone else has an idea?  I assume you have RBAC right to the Signinlogs table as well as Auditlogs?

 

clipboard_image_0.png

0 Likes
Reply
Jukesnthings

‎Jan 13 2021 12:55 PM

‎Jan 13 2021 12:55 PM

Re: Unable to view Signin logs in Log Analytics Workspace

@CliveWatson 

 

I have the same issue on a brand new tenant. I am able to see the SignIn logs from the AAD > Monitoring > Sign-ins blade, but it won't stream to my Log Workspace. I replicated the process with AuditLogs and it worked fine within 5 minutes.

 

The account is a Global Admin, so permissions shouldn't be an issue. I tried fixing it via Support today, but we were unable to resolve and it has been escalated. I'll respond here if I find a resolution.

0 Likes
Reply
ChrisBrumm

‎Apr 19 2021 12:06 AM

‎Apr 19 2021 12:06 AM

Re: Unable to view Signin logs in Log Analytics Workspace

Seems like I have the same issue. Was anyone of you successful in fixing the problem?
0 Likes
Reply
jackytwt17

‎May 18 2021 03:53 PM

‎May 18 2021 03:53 PM

Re: Unable to view Signin logs in Log Analytics Workspace

I have the same issue also. I have a free trial Azure account to test some capabilities on Sentinel. P2 license and Azure Sentinel have been setup. I have activated the Azure Active Directory and the Azure Activity connectors through the data connector page.

Audit logs, Usage and Azure Activity have been flow into the Sentinel successfully however no Signin logs have been seen so far. I have gone through the prerequisites in the connecting Azure AD to the Sentinel link (https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory) quite a few times. I have given myself a role of Contributor, Azure Sentinel Contributor, and Global admin, still no luck. Not sure what else I have missing, but it has been passed 48 hours. Support ticket has been raised but still no solid feedback.
0 Likes
Reply
VPIDev

‎Jun 28 2021 02:02 PM

‎Jun 28 2021 02:02 PM

Re: Unable to view Signin logs in Log Analytics Workspace

@JukesnthingsWere you able to find a solution? 

0 Likes
Reply
ChrisBrumm

‎Jun 29 2021 01:05 AM

‎Jun 29 2021 01:05 AM

Re: Unable to view Signin logs in Log Analytics Workspace

@VPIDev In my environment the problem was solved by itself after some days. I've raised a support ticket but they haven't found anything and were happy after the "self-healing" ;)

0 Likes
Reply