It is easy to see all of the logs in Sentinel/Log Analytics workspace, but how can we easily export a listing of those logs? not the data, just the log names
Usage is an aggregated Table that knows about all the other Tables, so you can query that for better performance (runs in less than half the time on my data). This is not a big issue for a simple query like these examples, but can help if this ends up being frequent or the query more complex.
Wouldn't you need to take into account the Quantity field to really determine which ones were busy or do you just care about the number of hits rather than how much data each table ingested?
The ask was for just the Tables, but if you need to judge 'busy' - you could use quantity and or count. Usage is good for this as its quick but you do lack some detail...for most cases it's normally fine. For more complex KQL it's a trade between perf and detail
1 best response
Accepted Solutions
best response confirmed by
VI_Migration (Silver Contributor)
