MicrosoftGraphActivityLogs 表的查询

项目
11/11/2024

有关在 Azure 门户中使用这些查询的信息，请参阅 Log Analytics 教程。有关 REST API，请参阅查询。

频繁的用户终结点调用方

获取调用用户终结点的应用和服务主体的列表。

MicrosoftGraphActivityLogs
| where RequestUri has "users"
| summarize NumRequests=count() by AppId, ServicePrincipalId, UserId
| sort by NumRequests desc
| limit 100

失败的组终结点请求

获取按应用和服务主体对实体进行分组的失败请求列表。

MicrosoftGraphActivityLogs
| where ResponseStatusCode == 403
| where RequestUri has "groups"
| summarize UniqueRequests=dcount(RequestId) by AppId, ServicePrincipalId, UserId
| sort by UniqueRequests desc
| limit 100