azure monitor
1092 TopicsAPIM ApiManagementGatewayLogs
Hi! I have published couple of APIs through APIM. Now I try to read some diagnostic logs. While I choose APIM -> Logs -> API Management services -> ApiManagementGatewayLogs -> preview data or fire query: ApiManagementGatewayLogs | where TimeGenerated > ago(24h) | limit 10 I got 'where' operator: Failed to resolve table or column expression named 'ApiManagementGatewayLogs' If issue persists, please open a support ticket. What I'm doing wrong? Thanks, Jani5.8KViews0likes3CommentsPushing Log Analytics Workspace tables into SQL databases
Hi, I am trying to push Log Analytics data into PowerBI with a custom refresh schedule. Since this is not already supported by PowerBI I am trying to push it into a SQL database instead which is then connected to PowerBI. Is there a specific script I can run to achieve this and then use a task scheduler to push the data regularly? Suggestions for a different approach will also be helpful. Thank You3KViews0likes2CommentsMulti Tenant Centralize Log Analytics
Hi, Has anyone tried centralizing events\metric\logs from other tenants, into one Log Analytics workspace? Or using other Azure Services like Cosmos, and creating reports or alerts from here? Having one centralized "management repository" for security events and performance counters++ from VM's will be pretty powerful. I've tried out the following guide: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-collect-tenants but as a CSP responsible for IaaS, PaaS to SaaS for our customer there must be an easier way.Solved16KViews0likes7CommentsSNMP Polling of Network Devices Using Azure Platform
Hi All, I am looking for SNMP polling capability in Azure platform so that will do network device fault monitoring. Currently using third party application for fault monitoring. Any suggestions would be highly appreciable. Alerts which we monitor currently using third party application are like threshold utilization, high error rate, device down/unresponsive, BGP session etc. There is no option i found in azure monitor for SNMP polling. Thanks, Neeraj Mohan2.6KViews0likes3CommentsHelp with Disk query in Log Analytics
Hi I was wondering if I could get some help with Log analytics. New to this so bear with me. I'm trying to create a query that will provide informtaion on disk utilisation in Azure. I've gottwo commands (below), however I'm not able to merge them as I would like one query which gives me % free space, overall size of disk, name of vm and name of disk. Anything else I can get in terms of disk usage would be great, not overly concerned with IOPs at the moment. The commands are: Thsi proivides info on free space: search ObjectName == "LogicalDisk" and CounterName == "% Free Space" This one provides information on free Mb remaining. search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes" I have tried this which helps, but again information is quite limited search ObjectName == "LogicalDisk" and CounterName == "Free Megabytes" and TimeGenerated > ago(1d) | summarize FreeSpace = min(CounterValue) by Computer, InstanceName | where strlen(InstanceName) ==2 and InstanceName contains ":" Thanks in advance 🙂Solved57KViews0likes15CommentsGeolocation query from IP address
Hi, Any idea if that's possible (and if yes - how) to add resolving of IP address to geolocationandany other IP information in a query in Log Analytics? For example, part of the message body I have in custom log is IP address, I would like to add a column (e.g. - extend) that resolves this IP address to its location in the world. Alternatively, if there was an option to call arest service during query, I could call something like ipstack, and receive the required information. An example of simple query: MyEvents | extend IPAddress = extractjson("$.request.ipaddress", Message) | extend Country = extractgeo("$.country", IPAddress) Hopefully that was clear enough 🙂 Thanks! P.S. In PowerBI this can be achieved with Json.Document(Web.Contents("rest service url")....42KViews0likes25CommentsData Collection Rule : XPath queries to filter 7036 without WMI etc
Hi, In PowerShell on server I’m trying to filter out some events from Event Id 7036 Service Control Manager Start stop services. I’m trying to filter out WMI Performance Adapter, so I don’t want to have those events imported in log analytic workspace with data collection rule. Can you help me what I’m doing wrong ? $XPath = 'System!*[System[(EventID="7036")]] and [EventData[Data[@Name="param1"]!="WMI Performance Adapter"]]' Get-WinEvent -FilterXPath $XPath Get-WinEvent : Could not retrieve information about the Security log. Error: Attempted to perform an unauthorized operation.. At line:3 char:1 + Get-WinEvent -FilterXPath $XPath + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-WinEvent], Exception + FullyQualifiedErrorId : LogInfoUnavailable,Microsoft.PowerShell.Commands.GetWinEventCommand Get-WinEvent : No events were found that match the specified selection criteria. At line:3 char:1 + Get-WinEvent -FilterXPath $XPath + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand $XPath = 'System!*[System[(EventID="7036")]] and [EventData[Data[@Name="param1"]!="WMI Performance Adapter"]]' Get-WinEvent -LogName 'System' -FilterXPath $XPath Get-WinEvent : The specified query is invalid At line:2 char:1 + Get-WinEvent -LogName 'System' -FilterXPath $XPath + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-WinEvent], EventLogException + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand375Views0likes0CommentsInclude workspace name in query output
Is there a way to systematically collect the workspace name and include it in the output of a log analytics query? We are working on an event management project and the json output includes the workspaceID but not the name. Our CMDB currently doesn't populate the workspaceID. I am looking for a way to map the triggered alerts to a support group without having to hardcode mappings. I was hoping I could use something like extend WS = workspace('uid').Name to add this data in.Solved3KViews0likes3Comments