Reviewing logs from onprem virtual machine on Sentinel

lucianoARG 

1st - how long ago was the agent installed?

2nd - check to see make sure the agent is configured for the proper Log Analytics workspace.

3rd - which Data Connectors do you have enabled? The following support the agent:

• Windows Security Events
• DNS
• Windows Firewall
• Windows Event Forwarder (WEF)
• IIS
• Local files
• Wire Data
• Syslog

4th - Have you completed the agent configuration for the Log Analytics workspace? Go into the Data blade in Advanced Settings for the Log Analytics Workspace assigned to Sentinel:

• In Azure Sentinel, select Workspace Settings, Advanced Settings then select Data.
• You can add additional Windows event logs to be streamed to your Sentinel workspace.