Log Analytics Security View shows empty graphs sometimes

[EvgeniaMartynova]

Title

Log Analytics Security View shows empty graphs sometimes

Description

Log Analytics Security View shows empty graphs sometimes though corresponding Kusto query for the view gives non-empty result set.

Steps to reproduce

Setup Log Analytics and CA for multiple automation accounts as described on the page: https://github.com/azsk/DevOpsKit-docs/tree/master/04-Continous-Assurance

Expected behavior

'Security Monitoring using the AzSK' dashboards shows graphs and tables corresponding to the scan results

Actual behavior

'Security Monitoring using the AzSK' dashboards shows sometimes empty graphs. However if I click on the "see all" link below it shows non empty result set:

[SINIKI]

Hello @EvgeniaMartynova:

Please follow the below steps and let me know if this resolves your issue.

Step 1: Check if the log analytics workspace has been set correctly. To verify follow this FAQ.

Step 2: If you are certain that events are being sent to the Log Analytics workspace but you are seeing blank views/no query results, you may need to extend the duration applicable to the queries. (This can be done using the 'Time range' selector next to the 'Run' button at the top of the query window.). Read more about this here.

[EvgeniaMartynova]

Hi Siniki,

The duration is not a problem. This happens sometimes. I can see the scan logs stored under AzSK resource group, blob storage accounts. The logs sometimes not loaded to LogAnalytics.

In the CA scan logs I see sometimes an error that AzSK resource group is not found, I don't know whether it is related to the scan results not shown for some subscriptions from time to time in the LogAnalytics workspace.