These instructions don't work

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure

https://docs.microsoft.com/azure

Creative Commons Attribution 4.0 International

10.26k stars 21.43k forks source link

These instructions don't work #88175

Closed lkchild closed 2 years ago

lkchild commented 2 years ago

When entering the copy-and-pasted KQL into the alert and running it the following error message is displayed.

'project' operator: Failed to resolve table or column expression named 'SigninLogs' If issue persists, please open a support ticket. Request id: 4cd1b585-56ec-4ba8-a716-5949d59d1979

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: fff5de5d-9a97-73ff-4694-79027720b5c3
Version Independent ID: 566a8387-bbdd-8e35-13cc-f2d891bd5608
Content: Manage emergency access admin accounts - Azure AD
Content Source: articles/active-directory/roles/security-emergency-access.md
Service: active-directory
Sub-service: roles
GitHub Login: @markwahl-msft
Microsoft Alias: rolyon

JamesTran-MSFT commented 2 years ago

@lkchild Thanks for your feedback! We will investigate and update as appropriate.

JamesTran-MSFT commented 2 years ago

@lkchild Thank you for your time and patience!

Prior to running the KQL example queries, can you make sure you followed the prerequisite of Integrating Azure AD logs with Azure Monitor logs.

Since I wasn't able to reproduce your issue, and because this issue isn't directly related to improving our docs, I'd recommend leveraging our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.

Thank you again for your time and patience throughout this issue.

lkchild commented 2 years ago

Hi James,

For what it's worth I had done that and was able to get this going through a normal log search and then "create alert rule" from that, albeit with a different error message. It needs the microsoft.insights resource provider to be added to the subscription. Not sure if that caused the error doing it as described, but it could be another thing to add to the instructions.

This link helped - https://mostafaelmasry.com/2020/04/19/the-subscription-is-not-registered-to-microsoft-insights-resource-provider/

JamesTran-MSFT commented 2 years ago

@lkchild Thank you for pointing this out! I've created a PR to update the documentation with this pre-req, and it's currently waiting for the author to review and sign off.

I will now close out this issue. Please allow some time for the author to review and the changes to reflect. Thank you for your time and patience!

lkchild commented 2 years ago

thanks James :)