The evaluate operator is fantastic tool in your Kusto tool belt. So much so that I have requested several times that it get added to Azure Resource Graph. However, the Evaluate Operator itself won’t run anything. You have to add one of its Plugins behind it. In this post I’ll show you how to use …
In my previous post I showed you how to collect and parse the FSLogix event log with Log Analytics. In this post I will show you how to use that event log to calculate WVD profile load time. Calculating logon time is one of those things that can provide value into our users experience. And …
Recently Log Analytics added a neat feature that allows you to see how well your queries run. Because Log Analytics Operators Has and Contains perform similar functions, some have been advising to only use the Has operator as it is the most efficient. However, Has is nice but it is not the be all and …
I recently took a look at the Azure Sentinel Syslog Workbook, called Linux Machines. This workbook is not great, its essentially a dashboard. For me the power of Workbooks in both Azure Monitor and Azure Sentinel is hunting, whether you’re hunting threats or operational issues with your infrastructure or applications. Workbook Resources If this is …
In the past few months I’ve spoken with multiple Microsoft employees and even Microsoft MVPs that don’t understand Azure Sentinel, Azure Security Center, Azure Monitor and Log Analytics and whats the difference. There seems to be some confusion around these products and how they are used together. I recently put together a diagram for a …
In a previous post I showed you how to convert strings and summarize the data, in that same post I mentioned some of my weather data was coming in as strings. In this post I have a similar issue. The humidity field is a string, and it contains %. So I will show you how …