Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
| Table | Categories | Solutions | Supports basic log plan | Queries |
|---|---|---|---|---|
| ADAssessmentRecommendation Recommendations generated by AD assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics |
workloads | ADAssessment, ADAssessmentPlus, AzureResources | No | Yes |
| ADReplicationResult The AD Replication Status solution regularly monitors your Active Directory environment for any replication failures. |
workloads | ADReplication, AzureResources | No | - |
| AzureActivity Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. |
resources, audit, security | LogManagement | No | Yes |
| AzureMetrics Metric data emitted by Azure services that measure their health and performance. |
resources | LogManagement | Yes | Yes |
| CommonSecurityLog This table is for collecting events in the Common Event Format, that are most often sent from different security appliances such as Check Point, Palo Alto and more. |
security | Security, SecurityInsights | No | Yes |
| ComputerGroup Computer groups that can be used to scope log queries to a set of computers. Includes the computers in each group. |
monitor, virtualmachines, management | LogManagement | No | - |
| ConfigurationChange View changes to in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons |
management | ChangeTracking | No | Yes |
| ConfigurationData View the last reported state for in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons |
management | ChangeTracking | No | Yes |
| ContainerLog Log lines collected from stdout and stderr streams for containers. |
container, applications | AzureResources, ContainerInsights, Containers | No | Yes |
| DnsEvents | network | DnsAnalytics, SecurityInsights | No | Yes |
| DnsInventory | network | DnsAnalytics, SecurityInsights | No | - |
| Event Events from Windows Event Log on Windows computers using the Log Analytics agent. |
virtualmachines | LogManagement | No | Yes |
| HealthStateChangeEvent Workload Monitor Health. This data represents state transitions of a health monitor. |
undefined | AzureResources, VMInsights | No | - |
| Heartbeat Records logged by Log Analytics agents once per minute to report on agent health. |
virtualmachines, container, management | LogManagement | No | Yes |
| InsightsMetrics Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics for Azure Monitor Solutions |
virtualmachines, container, resources | AzureResources, ContainerInsights, InfrastructureInsights, LogManagement, ServiceMap, VMInsights | No | Yes |
| Perf Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. |
virtualmachines, container | LogManagement | No | Yes |
| ProtectionStatus Antimalware installation info and security health status of the machine: |
security | AntiMalware, Security, SecurityCenter, SecurityCenterFree | No | Yes |
| SQLAssessmentRecommendation Recommendations generated by SQL assessments that are started through a scheduled task. When you schedule the assessment it runs by default every 7 days and upload the data into Azure Log Analytics |
workloads | AzureResources, SQLAssessment, SQLAssessmentPlus | No | Yes |
| SecurityBaseline | security | Security, SecurityCenter, SecurityCenterFree | No | - |
| SecurityBaselineSummary | security | Security, SecurityCenter, SecurityCenterFree | No | - |
| SecurityEvent Security events collected from windows machines by Azure Security Center or Azure Sentinel. |
security | Security, SecurityInsights | No | Yes |
| Syslog Syslog events on Linux computers using the Log Analytics agent. |
virtualmachines, security | LogManagement | No | Yes |
| Update Details for update schedule run. Includes information such as which updates where available and which were installed. |
management, security | Security, SecurityCenter, SecurityCenterFree, Updates | No | Yes |
| UpdateRunProgress Breaks down each run of your update schedule by the patches available at the time with details on the installation status of each patch. |
management | Updates | No | Yes |
| UpdateSummary Summary for each update schedule run. Includes information such as how many updates were not installed. |
virtualmachines | Security, SecurityCenter, SecurityCenterFree, Updates | No | Yes |
| VMBoundPort Traffic for open server ports on the monitored machine. |
virtualmachines | AzureResources, InfrastructureInsights, ServiceMap, VMInsights | No | - |
| VMComputer Inventory data for servers collected by the Service Map and VM Insights solutions using the Dependency agent and Log analytics agent. |
virtualmachines | AzureResources, ServiceMap, VMInsights | No | - |
| VMConnection Traffic for inbound and outbound connections to and from monitored computers. |
virtualmachines | AzureResources, InfrastructureInsights, ServiceMap, VMInsights | No | - |
| VMProcess Process data for servers collected by the Service Map and VM Insights solutions using the Dependency agent and Log analytics agent. |
virtualmachines | AzureResources, ServiceMap, VMInsights | No | - |
| W3CIISLog Internet Information Server (IIS) log on Windows computers using the Log Analytics agent. |
management, virtualmachines | LogManagement | No | Yes |
| WindowsFirewall | security | Security, WindowsFirewall | No | - |
| WireData Network data collected by the WireData solution using by the Dependency agent and Log analytics agent. |
virtualmachines, security | WireData, WireData2 | No | Yes |