![]() | summarize events_count=count() by bin(TimeGenerated, 1d) To use LAQueryLogs data when auditing in Microsoft Sentinel, first enable the LAQueryLogs in your Log Analytics workspace's Diagnostics settings area.įor more information, see Audit queries in Azure Monitor logs.įor example, the following query shows how many queries were run in the last week, on a per-day basis: LAQueryLogs The LAQueryLogs table isn't enabled by default in your Log Analytics workspace. We recommend waiting about 5 minutes to query the LAQueryLogs table for audit data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |