I am trying to analyze user activity through Azure Front Door by querying logs in Azure Log Analytics.
I want to find out how many users accessed a particular domain (www.disforum.com)
in the last 90 days from Microsoft Azure Front Door.
However, I'm unsure if the AzureDiagnostics
table has the right fields for Front Door domain user access logs.
Any help or guidance would be appreciated!
If you want a simple count of the number of distinct IPs that have hit your Front Door instance in the past 30 days this KQL query would work:
AzureDiagnostics
| where TimeGenerated > ago(30d) and Category == "FrontDoorAccessLog"
| summarize UniqueEvents=count_distinct(clientIp_s)
The "clientIp_s" column is from the FrontDoorAccessLog category, the "clientIP_s" is from the FrontDoorWebApplicationFirewallLog.
You can get to the Log Analytics workspace associated to your Front Door by clicking on the "Logs" blade from within Front Door, under the "Monitoring" category: