Closed lkchild closed 2 years ago
@lkchild Thanks for your feedback! We will investigate and update as appropriate.
@lkchild Thank you for your time and patience!
Prior to running the KQL example queries, can you make sure you followed the prerequisite of Integrating Azure AD logs with Azure Monitor logs.
Since I wasn't able to reproduce your issue, and because this issue isn't directly related to improving our docs, I'd recommend leveraging our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.
Thank you again for your time and patience throughout this issue.
Hi James,
For what it's worth I had done that and was able to get this going through a normal log search and then "create alert rule" from that, albeit with a different error message. It needs the microsoft.insights resource provider to be added to the subscription. Not sure if that caused the error doing it as described, but it could be another thing to add to the instructions.
This link helped - https://mostafaelmasry.com/2020/04/19/the-subscription-is-not-registered-to-microsoft-insights-resource-provider/
@lkchild Thank you for pointing this out! I've created a PR to update the documentation with this pre-req, and it's currently waiting for the author to review and sign off.
I will now close out this issue. Please allow some time for the author to review and the changes to reflect. Thank you for your time and patience!
thanks James :)
When entering the copy-and-pasted KQL into the alert and running it the following error message is displayed.
'project' operator: Failed to resolve table or column expression named 'SigninLogs' If issue persists, please open a support ticket. Request id: 4cd1b585-56ec-4ba8-a716-5949d59d1979
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.