Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
| Table | Categories | Solutions | Supports basic log plan | Queries |
|---|---|---|---|---|
| AzureActivity Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. |
resources, audit, security | LogManagement | No | Yes |
| AzureMetrics Metric data emitted by Azure services that measure their health and performance. |
resources, monitor | LogManagement | Yes | Yes |
| CommonSecurityLog This table is for collecting events in the Common Event Format, that are most often sent from different security appliances such as Check Point, Palo Alto and more. |
security | Security, SecurityInsights | Yes | Yes |
| ConfigurationChange View changes to in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons |
management | ChangeTracking | No | Yes |
| ConfigurationData View the last reported state for in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons |
management | ChangeTracking | No | Yes |
| ContainerLog Log lines collected from stdout and stderr streams for containers. |
container, applications | AzureResources, ContainerInsights, Containers | No | Yes |
| DataSetOutput The raw collected data from DCR datasets. |
resources, virtualmachines | LogManagement | Yes | Yes |
| DataSetRuns This table contains status and other information about data sources that were collected as part of DCR datasets. |
resources, virtualmachines | LogManagement | Yes | Yes |
| Event Events from Windows Event Log on Windows computers using the Log Analytics agent. |
security, virtualmachines | LogManagement | No | Yes |
| Heartbeat Records logged by Log Analytics agents once per minute to report on agent health. |
virtualmachines, container, management | LogManagement | No | Yes |
| InsightsMetrics Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics for Azure Monitor Solutions |
virtualmachines, container, resources | AzureResources, ContainerInsights, InfrastructureInsights, LogManagement, ServiceMap, VMInsights | No | Yes |
| Perf Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. |
virtualmachines, container | LogManagement | No | Yes |
| PerfInsightsFindings This table contains information about individual PerfInsights findings. |
resources, virtualmachines | LogManagement | Yes | - |
| PerfInsightsImpactedResources This table contains information about resources impacted by an individual PerfInsights finding. |
resources, virtualmachines | LogManagement | Yes | Yes |
| PerfInsightsRun This table contains information about PerfInsights runs. |
resources, virtualmachines | LogManagement | Yes | - |
| ProtectionStatus Antimalware installation info and security health status of the machine: |
security | AntiMalware, Security, SecurityCenter, SecurityCenterFree | No | Yes |
| SecurityBaseline | security | Security, SecurityCenter, SecurityCenterFree | No | - |
| SecurityEvent Security events collected from windows machines by Azure Security Center or Azure Sentinel. |
security | Security, SecurityInsights | Yes | Yes |
| Syslog Syslog events on Linux computers using the Log Analytics agent. |
security, virtualmachines | LogManagement | No | Yes |
| Update Details for update schedule run. Includes information such as which updates where available and which were installed. |
management, security | Security, SecurityCenter, SecurityCenterFree, Updates | No | Yes |
| UpdateRunProgress Breaks down each run of your update schedule by the patches available at the time with details on the installation status of each patch. |
management | Updates | No | Yes |
| UpdateSummary Summary for each update schedule run. Includes information such as how many updates were not installed. |
virtualmachines | Security, SecurityCenter, SecurityCenterFree, Updates | No | Yes |
| VMBoundPort Traffic for open server ports on the monitored machine. |
virtualmachines | AzureResources, InfrastructureInsights, ServiceMap, VMInsights | No | - |
| VMComputer Inventory data for servers collected by the Service Map and VM Insights solutions using the Dependency agent and Log analytics agent. |
virtualmachines | AzureResources, ServiceMap, VMInsights | No | - |
| VMConnection Traffic for inbound and outbound connections to and from monitored computers. |
virtualmachines | AzureResources, InfrastructureInsights, ServiceMap, VMInsights | No | - |
| VMProcess Process data for servers collected by the Service Map and VM Insights solutions using the Dependency agent and Log analytics agent. |
virtualmachines | AzureResources, ServiceMap, VMInsights | No | - |
| W3CIISLog Internet Information Server (IIS) log on Windows computers using the Log Analytics agent. |
management, virtualmachines | LogManagement | No | Yes |
| WindowsFirewall | security | Security, WindowsFirewall | No | - |
| WireData Network data collected by the WireData solution using by the Dependency agent and Log analytics agent. |
virtualmachines, security | WireData, WireData2 | No | Yes |