Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
1 answer
Settings in mdsd.xml ignored by azure monitor agent
I have relatively small disks which are constantly filled by Azure Monitor Agent. After configuring 7 days and max 100MB logs in mdsd.xml, <Management eventVolume="Large" defaultRetentionInDays="7" > <AgentResourceUsage…
Azure Monitor
asked 2025-07-01T10:00:22.0633333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 40%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
David P
0
Reputation points
answered 2025-07-01T15:51:25.2666667+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 63%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashok Gandhi Kotnana
10,115
Reputation points Microsoft External Staff
Moderator
1 answer
How to interpret the OriginHealthPercentage metric values in Log Analytics Workspace
It seems as though there might be a bug in the export of the OriginHealthPercentage metric of a Premium Front Door to a Log Analytics Workspace. When graphed in Azure Metrics at a one minute interval to match the PT1M granularity in the Log Analytics…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-30T20:58:52.4566667+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 31%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Matt Dubois (HE/HIM)
0
Reputation points Microsoft Employee
commented 2025-07-01T15:12:41.6633333+00:00
Matt Dubois (HE/HIM)
0
Reputation points Microsoft Employee
1 answer
Azure Monitor Alert execution log
I know there is a Monitor | Alerts page that shows those alerts that have been "Fired" as they alert query has met the criteria configured for the alert, but is there a log or page that shows all of the executions of the alert rule that shows…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-07-01T12:32:06.7+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 94%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Conrad, Patrick
0
Reputation points
answered 2025-07-01T14:31:34.9166667+00:00
Alex Burlachenko
9,780
Reputation points
1 answer
One of the answers was accepted by the question author.
How do collection rules work in Microsoft Sentinel for filtering Windows Event IDs?
Hi everyone, I'm trying to better understand how collection rules work in Microsoft Sentinel when ingesting Windows security events. For now, I receive all the Windows security events because I created a rule that is set up to "AllEvents" (as…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-30T13:03:17.1666667+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 36%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rayane Morslaoui
20
Reputation points
commented 2025-07-01T13:13:12.6666667+00:00
Rayane Morslaoui
20
Reputation points
1 answer
How does azure calculate billing for azure log analytics workspace.
Hello Team, I’ve recently observed a significant spike in my Azure billing, specifically related to the Log Analytics workspace. A large volume of logs has started ingesting unexpectedly, primarily from Azure-managed resources. Most of this data appears…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-07-01T10:22:08.92+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 75%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Azure Sarai
0
Reputation points
commented 2025-07-01T10:41:56.71+00:00
Azure Sarai
0
Reputation points
0 answers
We need the cost estimation for azure managed grafana for cluster monitoring.
We have currently using AKS we need the monitoring enabled from Grafana also we need the logging we currently storing the application logs in azure file shares which are running in the same cluster we want to access those logs from storage account. so…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-30T11:31:58.9033333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 33%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Punit katnalli
25
Reputation points
commented 2025-07-01T05:30:44.2233333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 31%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Vinod Pittala
3,770
Reputation points Microsoft External Staff
Moderator
1 answer
DCR based custom tables are not working
Hello All, I have a Linux server vm in Azure as my syslog server. My Meraki MX devices are sending logs to the syslog server into their individual folders, and they are flowing. I used to have custom logs in Azure Log Analytics that pulls these logs…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-25T13:59:59.66+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Sing Kit Cheng
96
Reputation points
answered 2025-06-30T21:42:54.0933333+00:00
Sing Kit Cheng
96
Reputation points
1 answer
Need help to correct my KQL in Azure
I have created below KQL for APP to get the login count but output always coming as 0, I need help what to update here: AuditLogs | where AdditionalDetails contains "B2C_1A_RPBT_SignIn" //| where LoggedByService == "B2C" and…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-26T18:11:36.21+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 78%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sonika Sahu
20
Reputation points
commented 2025-06-30T10:03:47.2766667+00:00
Sonika Sahu
20
Reputation points
1 answer
API keys for querying data from Azure Monitor application insights will be retired
We received an email with the following title: API keys for querying data from Azure Monitor application insights will be retired on 31 March 2026 — transition to using Azure AD. We're currently using connection strings when sending data to Application…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-04-24T11:01:29.45+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 54%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDF%3C/text%3E%3C/svg%3E)
Danny Fournier
0
Reputation points
edited a comment 2025-06-30T03:10:23.0633333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Naveena Patlolla
3,605
Reputation points Microsoft External Staff
Moderator
0 answers
Log analytics workspace archive restore data not working
Hi, I'm trying to access data older than 1 month from a Log Analytics Workspace where the total retention period is as follows: I've been following this guide from MS docs: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1 …
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-24T23:05:13.2333333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 64%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAO%3C/text%3E%3C/svg%3E)
Alejandro Ochoa
0
Reputation points
commented 2025-06-30T02:16:11.83+00:00
Ashok Gandhi Kotnana
10,115
Reputation points Microsoft External Staff
Moderator
3 answers
Unable to run query in log analytics workspace
Hi, I was trying to run some queries to fetch some logs in my log analytics workspace. I am simply trying with queries like "perf" or a query to get the heartbeat of a VM, and its showing the below errors respectively: '' operator: Failed…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2020-11-25T11:06:47.793+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 67%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ananya Sarkar
311
Reputation points
answered 2025-06-29T05:42:46.5933333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 77%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFD%3C/text%3E%3C/svg%3E)
Friedrich Dibbert
0
Reputation points
1 answer
Share dashboard that shows data from workspace in log analytics without giving access to log analytics
I have an issue with setting up shared dashboard built from Log Analytics Workspace. I was wondering if you can help us with something else related to Azure. We are using Log Analytics so that Azure SQL Server can push events to it and we use workbooks…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-23T13:11:17.5433333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 91%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Alaa Abouzeid
0
Reputation points
commented 2025-06-28T02:08:20.0566667+00:00
Ashok Gandhi Kotnana
10,115
Reputation points Microsoft External Staff
Moderator
0 answers
Why the Logs being ingested using a DCR is not showing up in the table in log analytics workspace
Hi Everyone, I am trying to get a log analytics workspace set up and as part of the process I created workspace, DCR and data collection endpoints. When creating DCR i uploaded a sample file to create a transform and added extra column timegenerated.…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-27T19:59:14.7566667+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 64%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
Jobin Joseph
0
Reputation points
asked 2025-06-27T19:59:14.7566667+00:00
Jobin Joseph
0
Reputation points
2 answers
One of the answers was accepted by the question author.
Hide informational message on the Dashboard
When using the following query: // exception count by problem ID let start=ago(90m); let end=ago(30m); let timeGrain=1m; let dataset=exceptions // additional filters can be applied heret | where timestamp > start and…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2021-04-30T11:28:53.12+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 55.00000000000001%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Bogdan Dragu
56
Reputation points Microsoft Employee
answered 2025-06-27T14:37:28.3733333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 4%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Johnston, Anthony
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure monitor alert mail for azure local VM is not working as expected [Getting multiple mail for the same rule]
Hello Team, I have configured an alert in azure monitor for azure local VM[arc enabled VM] as below below is the custom query that i am using to trigger the alert //KQL Query for heartbeat InsightsMetrics | where TimeGenerated > ago(1h) | where Origin…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
2 answers
How to find underutilised/not even used azure resources like vm,db, storage,logicapp and more
How to find underutilised/not even used azure resources like vm,db, storage,logic app and more. I'm trying to preparing inventory for all resources in the subscription and in that I want to know the each resources usage to find how those resources are…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-25T01:23:12.5666667+00:00
Rajkumar R
1
Reputation point
answered 2025-06-26T08:57:11.21+00:00
Clive Watson
7,866
Reputation points MVP
Volunteer Moderator
0 answers
AzureWindowsBaseline Guest Assignment started to break the VM. What to do?
I applied AzureWindowsBaseline Guest Assignment using ApplyAndMonitor mode, but the following items return non-compliant state. | Name | Compliance State | Reason …
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-18T07:46:02.0133333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 93%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Marcin Słowikowski
10
Reputation points
edited the question 2025-06-26T01:42:21.3133333+00:00
Ashok Gandhi Kotnana
10,115
Reputation points Microsoft External Staff
Moderator
0 answers
Monitor Logs view from start Time to end Time.
need to view Azure Monitor logs from start Time to end Time. In portal it showing in opposite way and unable to sort it. Need to view in Azure monitor without sending to Log analytics workspace. or is there any API support for this ?
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-19T06:37:42.1433333+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 5%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
balaji r
0
Reputation points
commented 2025-06-25T09:13:32.64+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 56.00000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Rahul Jorrigala
655
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Clarification regarding alert rule recreation after migrating to Scheduled Query Rules API
Dear Azure Support Team, I hope this message finds you well. We are currently considering migrating our Azure Monitor log alert rules from the legacy Log Analytics Alert API to the Scheduled Query Rules API. The following documentation appears to suggest…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-24T00:06:49.0966667+00:00
![](https://learn.microsoft.com/data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 15%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
sb-toryo-pjt
40
Reputation points
accepted 2025-06-25T05:07:32.7433333+00:00
sb-toryo-pjt
40
Reputation points
1 answer
Need help for KQL query
I have 2 KQL : 1st is: AppEvents | where Name contains "MANAGEPASSKEYS_ADDPROCESS_INITIATED" | project Event = Name, obj = tostring(Properties.ObjectId), session = tostring(Properties.CorrelationId) | distinct Event, obj,…
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,651 questions
asked 2025-06-23T07:09:15.88+00:00
Sonika Sahu
20
Reputation points
commented 2025-06-24T15:56:10.1966667+00:00
Rahul Jorrigala
655
Reputation points Microsoft External Staff
Moderator