Forum Widgets
Latest Discussions
Audit user accessing entreprise App by SPN sign-in
I'm in a Hybrid Entra ID environment. Some users can use an "Entreprise Application" by utilizing IDs and a certificate. In the activity or sign-in logs, I can find the access entries, but I don't have the information on which user used the app registration or which certificate was used. I would like to have logs that allow me to identify WHO is using an SPN/App registration. Do you have any ideas? Thank you. Here an example: In this screenshot, I can see access made to an app using, for example, an appid+secret/certificate connection. So, it’s "logical" not to see a username since it's not required for this type of connection. However, I would really like to have this information or some indicator to identify which of my users accessed it. Currently, I only have the machine's IP address, but I would like more information. Maybe in Purview or with another service, but I haven't found anything.ArnaudDurandNov 08, 2024Occasional Reader16Views0likes2CommentsCan I use regex in a DCR custom text logfile filepath?
Hi, I have about 50 servers attached to a DCR to collect a custom text log into a log analytics workspace custom table. Is it possible or if anyone has experience with using a regex filepath in the DCR situation? The logs are in the same format but paths differs slightly on each servers. There are two structures, but includes the servernames so we have 50 different filepaths: App Server c:\appserver\logs\<server Fully Qualified Name>\server\*.log App Portal c:\appportal\logs\<server Fully Qualified Name>\portal\*.log When I use static paths it works (there's a limit of 20 by the way). I have tried using the following regex filepath nothing comes in: c:\app(server|portal)\logs\SYS[a-zA-Z0-9]{4}wm[0-9]{2}.domain.net\(server|portal)\*.log Can someone confirm with me whether I can use regex in the filepath pattern in the DCR Data Source Tex log setup? If so, how do I get it to work please? Am I missing some escapes somewhere please? Many thanks in advance.jt-jtNov 07, 2024Copper Contributor15Views0likes1CommentAzure Monitor Alert for low disk space percent and MB
Hello, I am trying to create a KQL query that will alert me if the diskspace percentage exceeds a percentage threshold. But I also want the alert to show how much used space and free space is left in MB. I have the below query that shows the percentage. How can I get it to show theused space and free space is left in MB? Thank you. InsightsMetrics | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage" | summarize LogicalDiskSpacePercentageFreeAverage = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceIdJoseO1335Nov 06, 2024Copper Contributor77Views0likes1CommentAzure Deployment Dashboard
Is there a way build dashboard view for Deployment status (Active, Successful, Failed) from activity logs across subscriptions on my tenant. I tried Azure Resource Graph table deploymentresources , but does not provide who (actor) and when details. Please advise.SolvedkudumumNov 04, 2024Copper Contributor80Views0likes1CommentHelp with LogAnalytics in Azure
I have a LogAnalytics Workspace and a workbook. I want to create custom tables. when I try to create a Custom DCR table on the 2nd screen it wants me to import a .json file. WTF? I have no .json file, I just want to create a few tables and then use PowerShell to write data to them. why is this asking for a .json file? How do I create this .json file? what is the format of this .json file? If I have 5 fields (or 5 tables I want to create) T1, T2, T3, T4, T5 Also, is there any really good YouTube vids on creating workbooks? What I really want to do is collect data from systems using PowerShell and then write that data to my workbook. Any detailed instruction on doing that would be nice. Thanks.MattH010101Nov 01, 2024Copper Contributor85Views0likes1CommentMetricsQueryClient returning different results based on timespan
I'm using the PythonMetricsQueryClient to list out how many tokens were usedon certain days via the APIM policy "azure-openai-emit-token-metric". The problem is that when I call the query_resource() function with "timespan" set for the entire month of October, I get different results for token count usage for today's date than when I set the "timespan" to just the last 48 hours. For example, when setting the timespan to be from 10/20/2024 to 10/22/2024, I see 34 prompt tokens for today's date. But if I set the timespan to be 10/1/24 to 11/1/24, I see 0 prompt tokens for today's date. Is this a known issue? It is documented somewhere?BenjaminN700Oct 21, 2024Copper Contributor70Views0likes0CommentsAzure Monitor agent sends logs to two LA workspaces in different accounts
Our company has many different Azure accounts and subscriptions. Can we install AMA on one server to support sending logs to LA workspaces under different accounts? For example, logs are sent to East Asia and China (East Asia and China are physically isolated)kimmytliuOct 21, 2024Copper Contributor86Views0likes0CommentsUnable to access Log analytics workspace even with Global admin.
Hi team, I am getting following error message. I am logged in with Global admin and trying to access log analytics table from Azure Portal. As per the error below it is referecning to AMPL but not sure how to remove the same. I tried creating new log anlaytics still facing the same error while accessing the table in it. {"error":{"message":"The provided credentials have insufficient access to perform the requested operation","code":"InsufficientAccessError","correlationId":"d7495369-b7a4-4c09-813d-58d3d392a568","innererror":{"code":"PrivateLinkValidationFailedError","message":"Private link connection does not allow querying resource '/subscriptions/0b7140c5-XXX-424058357e6e/resourceGroups/insight/providers/microsoft.operationalinsights/workspaces/avdins' not attached to the current scope"}}}amolpawar87Oct 03, 2024Copper Contributor1.2KViews1like3CommentsPushing Log Analytics Workspace tables into SQL databases
Hi, I am trying to push Log Analytics data into PowerBI with a custom refresh schedule. Since this is not already supported by PowerBI I am trying to push it into a SQL database instead which is then connected to PowerBI. Is there a specific script I can run to achieve this and then use a task scheduler to push the data regularly? Suggestions for a different approach will also be helpful. Thank YouMitali645Sep 11, 2024Copper Contributor3KViews0likes2CommentsAzure Monitor and Grafana
Hi All, Has anyone been able to setup Azure Monitor in Grafana to pull and display metric data? I have no issue connecting and finding log data (resources), but I cannot get any metric data to be discovered by the Grafana plugin. I can see and use the metric data in Azure, but not in Grafana. The account configured has read over the resources and will display log data fine. Any help and suggestions would be appreciated. Thanks.DavinderDSep 03, 2024Copper Contributor128Views0likes0Comments
Resources
Tags
- azure monitor1,092 Topics
- Azure Log Analytics394 Topics
- Query Language246 Topics
- Log Analytics58 Topics
- Custom Logs and Custom Fields17 Topics
- Solutions17 Topics
- Metrics14 Topics
- Workbooks13 Topics
- Powershell and Rest API12 Topics
- Alerts12 Topics