Forum Widgets
Latest Discussions
Audit user accessing entreprise App by SPN sign-in
I'm in a Hybrid Entra ID environment. Some users can use an "Entreprise Application" by utilizing IDs and a certificate. In the activity or sign-in logs, I can find the access entries, but I don't have the information on which user used the app registration or which certificate was used. I would like to have logs that allow me to identify WHO is using an SPN/App registration. Do you have any ideas? Thank you. Here an example: In this screenshot, I can see access made to an app using, for example, an appid+secret/certificate connection. So, it’s "logical" not to see a username since it's not required for this type of connection. However, I would really like to have this information or some indicator to identify which of my users accessed it. Currently, I only have the machine's IP address, but I would like more information. Maybe in Purview or with another service, but I haven't found anything.
Can I use regex in a DCR custom text logfile filepath?
Hi, I have about 50 servers attached to a DCR to collect a custom text log into a log analytics workspace custom table. Is it possible or if anyone has experience with using a regex filepath in the DCR situation? The logs are in the same format but paths differs slightly on each servers. There are two structures, but includes the servernames so we have 50 different filepaths: App Server c:\appserver\logs\<server Fully Qualified Name>\server\*.log App Portal c:\appportal\logs\<server Fully Qualified Name>\portal\*.log When I use static paths it works (there's a limit of 20 by the way). I have tried using the following regex filepath nothing comes in: c:\app(server|portal)\logs\SYS[a-zA-Z0-9]{4}wm[0-9]{2}.domain.net\(server|portal)\*.log Can someone confirm with me whether I can use regex in the filepath pattern in the DCR Data Source Tex log setup? If so, how do I get it to work please? Am I missing some escapes somewhere please? Many thanks in advance.Azure Monitor Alert for low disk space percent and MB
Hello, I am trying to create a KQL query that will alert me if the diskspace percentage exceeds a percentage threshold. But I also want the alert to show how much used space and free space is left in MB. I have the below query that shows the percentage. How can I get it to show theused space and free space is left in MB? Thank you. InsightsMetrics | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage" | summarize LogicalDiskSpacePercentageFreeAverage = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId
Help with LogAnalytics in Azure
I have a LogAnalytics Workspace and a workbook. I want to create custom tables. when I try to create a Custom DCR table on the 2nd screen it wants me to import a .json file. WTF? I have no .json file, I just want to create a few tables and then use PowerShell to write data to them. why is this asking for a .json file? How do I create this .json file? what is the format of this .json file? If I have 5 fields (or 5 tables I want to create) T1, T2, T3, T4, T5 Also, is there any really good YouTube vids on creating workbooks? What I really want to do is collect data from systems using PowerShell and then write that data to my workbook. Any detailed instruction on doing that would be nice. Thanks.MetricsQueryClient returning different results based on timespan
I'm using the PythonMetricsQueryClient to list out how many tokens were usedon certain days via the APIM policy "azure-openai-emit-token-metric". The problem is that when I call the query_resource() function with "timespan" set for the entire month of October, I get different results for token count usage for today's date than when I set the "timespan" to just the last 48 hours. For example, when setting the timespan to be from 10/20/2024 to 10/22/2024, I see 34 prompt tokens for today's date. But if I set the timespan to be 10/1/24 to 11/1/24, I see 0 prompt tokens for today's date. Is this a known issue? It is documented somewhere?
Azure Monitor agent sends logs to two LA workspaces in different accounts
Our company has many different Azure accounts and subscriptions. Can we install AMA on one server to support sending logs to LA workspaces under different accounts? For example, logs are sent to East Asia and China (East Asia and China are physically isolated)Unable to access Log analytics workspace even with Global admin.
Hi team, I am getting following error message. I am logged in with Global admin and trying to access log analytics table from Azure Portal. As per the error below it is referecning to AMPL but not sure how to remove the same. I tried creating new log anlaytics still facing the same error while accessing the table in it. {"error":{"message":"The provided credentials have insufficient access to perform the requested operation","code":"InsufficientAccessError","correlationId":"d7495369-b7a4-4c09-813d-58d3d392a568","innererror":{"code":"PrivateLinkValidationFailedError","message":"Private link connection does not allow querying resource '/subscriptions/0b7140c5-XXX-424058357e6e/resourceGroups/insight/providers/microsoft.operationalinsights/workspaces/avdins' not attached to the current scope"}}}Pushing Log Analytics Workspace tables into SQL databases
Hi, I am trying to push Log Analytics data into PowerBI with a custom refresh schedule. Since this is not already supported by PowerBI I am trying to push it into a SQL database instead which is then connected to PowerBI. Is there a specific script I can run to achieve this and then use a task scheduler to push the data regularly? Suggestions for a different approach will also be helpful. Thank YouAzure Monitor and Grafana
Hi All, Has anyone been able to setup Azure Monitor in Grafana to pull and display metric data? I have no issue connecting and finding log data (resources), but I cannot get any metric data to be discovered by the Grafana plugin. I can see and use the metric data in Azure, but not in Grafana. The account configured has read over the resources and will display log data fine. Any help and suggestions would be appreciated. Thanks.
