Apr 11 2022 04:18 AM - edited Apr 11 2022 04:19 AM
Hey, for a couple of weeks now we can no longer query for CommonSecurityLog, just getting an error:
'order' operator: Failed to resolve table or column expression named 'CommonSecurityLog'
If issue persists, please open a support ticket.
Query:
CommonSecurityLog
| sort by TimeGenerated
I can run the same query in other tenants and I know it should work. Ms support have working on this for weeks, but we are getting nowhere.
I know the logs are beeing ingested, because incidents are triggered based on cef logs. We just cannot query them...
Any others seen similar errors?
Apr 11 2022 10:29 AM
Apr 12 2022 06:40 AM
Apr 12 2022 10:48 AM
Apr 13 2022 01:01 AM - edited Apr 13 2022 01:02 AM
@Gary BusheyThanks again Gary for responding! We are actually missing the Microsoft Sentinel Group. Starting to wonder if this somehow got deleted. Enabled the "show tables with no data"
Apr 13 2022 03:54 AM