Log Analytics :: Find Resources with no activities for the last 90 days
I was reading this blog and I found out that there is a query that could return me all Resource Groups with the relative activities for the last 90 days:
AzureActivity
| where CategoryValue == "Administrative"
| where EventSubmissionTimestamp > ago(90d)
| summarize activityCount = count() by ResourceGroup
| order by activityCount asc
This is very useful but I would like to have the same but with the activities for each Resource instead of the Resource Group. So I tried this:
AzureActivity
| where CategoryValue == "Administrative"
| where EventSubmissionTimestamp > ago(90d)
| summarize activityCount = count() by Properties.Resource
| order by activityCount asc
but it's not working.
I know that the resource name is under Properties but I cannot project it.
Solution
I check resources activity with below KQL query:
AzureActivity
| where CategoryValue == "Administrative"
| where TimeGenerated > ago(90d)
| summarize activityCount = count() by Resource
| order by activityCount asc
Output:
- Azure Log Analytics - modern Custom Log Table - Using PowerShell to Ingest data via REST API with no DCE
- Azure Log analytics workspace - log management generate much more data than expected
- KQL: how to exclude first and last incomplete bin?
- Powershell script for azure function to post to a log analytics
- How to create an empty bag in KQL?
- Monitor HTTP traffic for Azure Web App using Log analytics and KQL query
- How to get error details logs in log analytics workspace for synapse analytics workspace
- How to use a bicep template to deploy a SQL Server with auditing to log analytics enabled?
- Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
- How do I split Y-axis in App Insights when using timechart?
- How to Query User Access Logs for Azure Front Door
- How to set up a Low Disk Space alert with the new Azure Monitor agent to trigger when a specific disk drive is low on free space?
- How to get Container level logs in Azure
- HttpTrigger in Isolated Azure Function creating lots of log noise
- LogAnalytic Alert Rule Suppression option
- Can't create data collection rule for Azure log analytics using Terraform - missing Terraform options?
- How can I run a search job periodically in Azure Log Analytics?
- How to get data for specific date (startofweek) in a given time range in KQL?
- How to chuck JSON output efficiently to Azure Log Analytics workspace
- KQL: Every time a word is mentioned in a column append it to a new column as a list
- KQL: How to reference columns within a let query in the next query
- How do I generate a list of all the times I've restored an Azure SQL Database?
- logs not appearing in Application Insights for Azure Functions v4 with .NET 8
- Azure log ingestion TimeGenerated problem
- How to get log analytics workspace usage details via api
- Find list of Vnets/Subnets that access a key vault in azure
- How can I create a log analytics URL that opens log analytics and runs a specified query?
- KQL: Datetime conversion and use of min and max functions
- Trouble importing Json into Azure Log Analytics
- How to increase retention period for a custom metric/event in an Azure Application Insights?