Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
| Table | Categories | Solutions | Supports basic log plan | Queries |
|---|---|---|---|---|
| ArcK8sAudit Contains all Kubernetes API Server audit logs including events with the get and list verbs. These events are useful for monitoring all of the interactions with the Kubernetes API. To limit the scope to modifying operations see the ArcK8sAuditAdmin table. Requires Diagnostic Settings to use the Resource Specific destination table. |
audit, resources, container | LogManagement | Yes | - |
| ArcK8sAuditAdmin Contains Kubernetes API Server audit logs excluding events with the get and list verbs. These events are useful for monitoring resource modification requests made to the Kubernetes API. To see all modifying and non-modifying operations see the ArcK8sAudit table. Requires Diagnostic Settings to use the Resource Specific destination table. |
audit, resources, container | LogManagement | Yes | - |
| ArcK8sControlPlane Contains diagnostic logs for the Kubernetes API Server, Controller Manager, Scheduler, Cluster Autoscaler, Cloud Controller Manager, Guard, and the Azure CSI storage drivers. These diagnostic logs have distinct Category entries corresponding their diagnostic log setting (e.g. kube-apiserver, kube-audit-admin). Requires Diagnostic Settings to use the Resource Specific destination table. |
resources, container | LogManagement | Yes | - |
| AzureActivity Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. |
resources, audit, security | LogManagement | No | Yes |
| AzureMetrics Metric data emitted by Azure services that measure their health and performance. |
resources, monitor | LogManagement | Yes | Yes |
| ContainerImageInventory Inventory of container images and their attributes that were discovered by the agent. |
container | AzureResources, ContainerInsights, Containers | No | Yes |
| ContainerInventory Inventory of containers and their attributes that are monitored by the agent |
container | AzureResources, ContainerInsights, Containers | No | Yes |
| ContainerLog Log lines collected from stdout and stderr streams for containers. |
container, applications | AzureResources, ContainerInsights, Containers | No | Yes |
| ContainerLogV2 Kubernetes Container logs in V2 schema. This is the successor of ContainerLog. This has a friendlier schema, specifically for Kubernetes orchestrated containers in pods. With this feature enabled, previously split container logs are stitched together and sent as single entries to the ContainerLogV2 table. The schema now supports container log lines of up to to 64 KB. The schema also supports .NET and Go stack traces, which appear as single entries. |
container | AzureResources, ContainerInsights | Yes | Yes |
| ContainerNodeInventory Table that stores Container host/node information |
container | AzureResources, ContainerInsights | No | Yes |
| ContainerServiceLog | container | AzureResources, ContainerInsights, Containers | No | Yes |
| Heartbeat Records logged by Log Analytics agents once per minute to report on agent health. |
virtualmachines, container, management | LogManagement | No | Yes |
| InsightsMetrics Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics for Azure Monitor Solutions |
virtualmachines, container, resources | AzureResources, ContainerInsights, InfrastructureInsights, LogManagement, ServiceMap, VMInsights | No | Yes |
| KubeEvents Table that stores Kubernetes events |
container | AzureResources, ContainerInsights | No | Yes |
| KubeMonAgentEvents Table that stores events from the Kubernetes cluster monitoring agent [Azure Monitor Agent] |
container | AzureResources, ContainerInsights | No | Yes |
| KubeNodeInventory Table that stores Kubernetes cluster's node information. |
container | AzureResources, ContainerInsights | No | Yes |
| KubePVInventory Kubernetes persistent volumes and their properties. |
container | AzureResources, ContainerInsights | No | - |
| KubePodInventory Table that stores kubernetes cluster's Pod & container information |
container | AzureResources, ContainerInsights | No | Yes |
| KubeServices Table that stores Kubernetes services information. |
container | AzureResources, ContainerInsights | No | Yes |
| Perf Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. |
virtualmachines, container | LogManagement | No | Yes |
| Syslog Syslog events on Linux computers using the Log Analytics agent. |
virtualmachines, security | LogManagement | No | Yes |