title | description | ms.topic | ms.service | ms.author | author | ms.date |
---|---|---|---|---|---|---|
Example log table queries for AZKVAuditLogs |
Example queries for AZKVAuditLogs log table |
reference |
azure-monitor |
edbaynash |
EdB-MSFT |
02/18/2024 |
Count of failed keyvault requests by status code.
AZKVAuditLogs
| where HttpStatusCode >= 300 and not(OperationName == "Authentication" and HttpStatusCode == 401)
| summarize count() by RequestUri, ResultSignature, _ResourceId
List of keyvault requests taking longer than 1 second.
let threshold=1000;
AZKVAuditLogs
| where DurationMs > threshold
| summarize count() by OperationName, _ResourceId
Line chart showing trend of KeyVault requests volume, per operation over time.
AZKVAuditLogs
| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour
| render timechart
Line chart showing trend of request duration over time using different aggregations.
AZKVAuditLogs
| summarize avg(DurationMs) by RequestUri, bin(TimeGenerated, 1h) // requestUri_s contains the URI of the request
| render timechart
Lists all update and patch requests from the last 30 days.
AZKVAuditLogs
| where TimeGenerated > ago(30d)
| where OperationName == "VaultPut" or OperationName == "VaultPatch"
| sort by TimeGenerated desc
List of callers identified by their IP address with their request count.
AZKVAuditLogs
| summarize count() by CallerIpAddress