有关在 Azure 门户中使用这些查询的信息,请参阅 Log Analytics 教程。 有关 REST API,请参阅 查询。
所有书架审核事件
列出 Discovery 书架的所有审核事件,其中显示了所执行的操作和代理主体。
// All audit events for Discovery bookshelves
// Shows the operation performed and the acting principal
DiscoveryBookshelfAuditLogs
| project TimeGenerated, OperationName, ObjectId, Tenant, _ResourceId
| sort by TimeGenerated desc
用户提供的 Bookhelf 操作
汇总了由代理主体分组的审核操作,以确定谁正在发现书架上执行操作。
// Bookshelf operations grouped by user
// Identifies who is performing actions on Discovery bookshelves
DiscoveryBookshelfAuditLogs
| summarize OperationCount = count() by ObjectId
| sort by OperationCount desc
按类型排序的书籍架操作
汇总了按操作名称分组的审核事件,以识别发现书架上最常执行的操作。
// Bookshelf operations grouped by operation type
// Identifies the most frequently performed actions on Discovery bookshelves
DiscoveryBookshelfAuditLogs
| summarize OperationCount = count() by OperationName
| sort by OperationCount desc