Azure Log Analytics
409 Topics
'where' operator: Failed to resolve table or column expression named 'SecurityEvent'
Hello Community, Whenever I attempt to run the following Log Analytic query in Azure Log Analytics I get the following error: 'where' operator: Failed to resolve table or column expression named 'SecurityEvent' I think it's because I need to enable 'SecurityEvent' in Log Analytics but I'm not sure. I was wondering if someone could provide a guide; SecurityEvent | where AccountType == "User" and EventID == 4625 and TimeGenerated > ago(6h) | summarize IPCount = dcount(IpAddress), makeset(IpAddress) by Account | where IPCount > 5 | sort by IPCount desc Any ideas would be much appreciated. CheersSolved163KViews0likes10Comments
'summarize' operator: Failed to resolve scalar expression named 'TimeGenerated'
I got the error as title, when execute below query, anyone know about this? let containerNames = Perf | where InstanceName like 'shenzhou-tts-829bbd20-3e9e-43a0-a7d7-35252d5ef498' | where ObjectName == 'K8SContainer' | where CounterName == "memoryRssBytes" | distinct InstanceName; containerNames | join ( Perf ) on InstanceName | where CounterName == "memoryRssBytes" | extend usage = tolong(CounterValue) | summarize max(usage) by InstanceName, Computer | extend maxUsageMB = max_usage * 1.0/(1024*1024) | summarize sum(maxUsageMB) by Computer, bin(TimeGenerated, 2h)Solved68KViews0likes2Comments
Log Analytics Workspace with Multiple subscription
Hi Everyone, Good Day! I have couple doubts in Log analytics could you please help me to understand! 1. to my understanding we can created a workspace with only one subscription. Which means the log analytics will monitor only the resource are part of that subscriptions. Am i right? 2. if i have multiple workspaces for multiple subscriptions then is that possible to bring all of them under one Dashboard? Thanks in advanceSolved50KViews0likes18Comments
How to give Alias Name for Column
Hi, Can you please help me how to give Alias name for expression column ? Below is code in Azure LogAnalytics log query: AzureQuota_CL | project Name_s,CurrentValue_d,Limit_d, ((CurrentValue_d/Limit_d)*100) By default it is taking as column1 but I want to customize column name. Thanks, BrahmaSolved44KViews0likes2Comments
How to have a time chart show zero for missing/null data.
Hi, I have a data set that when I use the summarize/bin over a 1 min interval has gaps in the data (hours) and when the timechart renders the graph the line goes directly from the last value in one set to the first value in the next set (so it looks like there is some data there). Is there a way to have the summarize/bin function or the timechart to use zero (or some default value) for the buckets that I don't have data for? -thanksSolved36KViews0likes6CommentsHow to monitor windows services
Hi All, How to monitor services in Azure VMs like IIS, MSSQL or any other Windows service. Here we already have integration with service-now and want to achieve if Windows service is down we will get alert and then once service is online it will resolve the alert or it will not regenerate alert at frequency. Thanks in advance.Solved36KViews0likes14Comments
