Not receiving Error, only Warnings from 1 out of 6 VM
Hi. I have 6 VMs on Azure all with the Azure Monitor Agent installed and In Data Collection Rules all 6 machines are selected, and from them I've set up to Collect Errors and Warnings from EventViewer to my Azure Log Analytics. This work, and I get errors and Warnings from All machines, except 1... On that I for some reason only get Warnings but not Errors (despite there being errors if I log into the machine and check the Event-log)... I've checked the various machines and they all seems to have exactly the same settings. Anyone able to give some hints why this might be, or ideas how to troubleshoot?
Device logs not coming in to Workspace
Create a Log Analytics Workspace Agent management I set Data Collection Rules, Basic and Select everything, Application, Security, System. Install the agent manually on my Windows 11 test device. Check so agent is running, also check Heartbeat in Logs in Workspace, I can see the device connected to the Workspace. Under LogManagment I only see Heartbeat and Usage I don't see Events. I check the test device Event viewer and I can see the events triggered. Nothing comes in to the workspace logs, I can pull nothing using Event or search * or time. Anyone know why no logs are coming in?
Dynamic parsing of logs in Azure using KQL
I have a couple of Custom Logs in Log-Analytics. I want to parse columns of one log using columns from another log. Using join I can get to the stage where all the data is in a single table. Like: Label Data First First=abc , Second=def , Third= ghi Second First=abc , Second=def , Third= ghi I want another column with the respective data mapped like: Label Data Value First First=abc , Second=def , Third= ghi abc Second First=abc , Second=def , Third= ghi def Is there a way I can parse this. I have tried using the KQL's parse function and regex. But they only work to parse fixed statements. Here the **Label** is not fixed. Any tips?
