Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
All workspace audit events
Lists all audit events for Discovery workspaces, showing the operation performed and the acting principal.
// All audit events for Discovery workspaces
// Shows the operation performed and the acting principal
DiscoveryWorkspaceAuditLogs
| project TimeGenerated, OperationName, ObjectId, Tenant, _ResourceId
| sort by TimeGenerated desc
Workspace operations by user
Summarizes audit operations grouped by the acting principal to identify who is performing actions on Discovery workspaces.
// Workspace operations grouped by user
// Identifies who is performing actions on Discovery workspaces
DiscoveryWorkspaceAuditLogs
| summarize OperationCount = count() by ObjectId
| sort by OperationCount desc
Workspace operations by type
Summarizes audit events grouped by operation name to identify the most frequently performed actions on Discovery workspaces.
// Workspace operations grouped by operation type
// Identifies the most frequently performed actions on Discovery workspaces
DiscoveryWorkspaceAuditLogs
| summarize OperationCount = count() by OperationName
| sort by OperationCount desc