有关在 Azure 门户中使用这些查询的信息,请参阅 Log Analytics 教程。 有关 REST API,请参阅 查询。
所有工作区审核事件
列出发现工作区的所有审核事件,其中显示了执行的操作和代理主体。
// All audit events for Discovery workspaces
// Shows the operation performed and the acting principal
DiscoveryWorkspaceAuditLogs
| project TimeGenerated, OperationName, ObjectId, Tenant, _ResourceId
| sort by TimeGenerated desc
按用户进行的工作区操作
汇总了由代理主体分组的审核操作,以确定谁正在发现工作区上执行操作。
// Workspace operations grouped by user
// Identifies who is performing actions on Discovery workspaces
DiscoveryWorkspaceAuditLogs
| summarize OperationCount = count() by ObjectId
| sort by OperationCount desc
按类型排序的工作区操作
汇总了按操作名称分组的审核事件,以标识在发现工作区上最常执行的操作。
// Workspace operations grouped by operation type
// Identifies the most frequently performed actions on Discovery workspaces
DiscoveryWorkspaceAuditLogs
| summarize OperationCount = count() by OperationName
| sort by OperationCount desc