cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to get all logs for a specific user in sentinel

kishore_soc
Copper Contributor

‎Aug 25 2021 08:08 AM

‎Aug 25 2021 08:08 AM

How to get all logs for a specific user in sentinel

Hi Community,

 

Help me out how to get all the logs for an user in sentinel. I was using the below quire but it is not written the expected results

 

UserAccessAnalytics
| where SourceEntityName ==  user email address.

 

Thanks,

Kishore

21.2K Views
0 Likes
3 Replies
Reply
3 Replies
deshantshukla

‎Aug 25 2021 11:11 AM

‎Aug 25 2021 11:11 AM

Re: How to get all logs for a specific user in sentinel

Hi @kishore_soc,

 

Try this command, 

 

search "user email address"

 

This will give you all the logs for a specific user from all tables. 

2 Likes
Reply
CliveWatson

‎Aug 31 2021 06:05 AM

‎Aug 31 2021 06:05 AM

Re: How to get all logs for a specific user in sentinel

@deshantshukla 

search "name"
| summarize count() by Type
// type will list the tables that are matched, in my example this finds name in the table "LAQueryLogs", so now use that, in the next query

LAQueryLogs
| where AADEmail == "name"

// or just get the last record in each Table
search "name"  
| summarize arg_max(TimeGenerated,*) by Type
2 Likes
Reply
Jose Sisto

‎Dec 22 2022 10:52 PM

‎Dec 22 2022 10:52 PM

Re: How to get all logs for a specific user in sentinel

It worked pretty well
0 Likes
Reply