Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Events from this table are collected by the detection team in MDC.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | LogManagement |
| Basic log | Yes |
| Ingestion-time transformation | No |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AdditionalMetadata | dynamic | Metadata related to the event. |
| AuthenticationTypes | dynamic | A list of well-known authentication mechanisms that were detected, e.g., Authorization header or API keys. |
| AzureResourceId | string | The unique identifier for the Azure resource. |
| _BilledSize | real | The record size in bytes |
| ChunkNum | int | The index of the payload chunk. Starts from zero. If the full payload is broken into chunks, this value represents which chunk is in this event. |
| ClientIPs | dynamic | A list of client IPs extracted from the X-Forwarded-For header in the request. |
| ContainsAuthentication | bool | Whether a well-known authentication mechanism was detected. True if any authentication mechanism was detected, false otherwise. |
| ContainsPublicIp | bool | Whether one of the IPs extracted from the X-Forwarded-For header in the request is a public IP. |
| DataPipelineMetadata | dynamic | Metadata related to the data processing pipeline. |
| Elapsed | real | The time in milliseconds that have elapsed between the request and the response events. |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| IsLastChunk | bool | Whether the payload chunk in this event is the last one or not. True if this is the last chunk; false otherwise. |
| IsRequest | bool | Whether this event is for the request or the response. True if this event is for the request. False if this event is for the response. |
| K8SClusterName | string | The name of the K8S cluster containing the pod from where this event was captured. |
| K8SDaemonsetName | string | The name of the daemonset containing the pod from where this event was captured. |
| K8SDeploymentName | string | The name of the deployment containing the pod from where this event was captured. |
| K8SNamespaceName | string | The namespace containing the pod from where this event was captured. |
| K8SNodeName | string | The name of the node that has the pod from where this event was captured. |
| K8SPodName | string | The name of the pod from where this event was captured. |
| K8SStatefulsetName | string | The name of the stateful set containing the pod from where this event was captured. |
| Method | string | The HTTP verb for this request. |
| Payload | string | A chunk of payload for the request or the response in this event. The full payload for the request and/or the response may be split into multiple chunks. |
| PayloadEncoding | string | The value of the Content-Encoding header, if present. |
| PayloadLength | int | The length of the payload chunk in this event. If there is no payload, this value will be zero. |
| PayloadType | string | The value of the Content-Type header, if present. |
| Region | string | The Azure region where the resource is located. |
| RequestId | string | A unique identifier that identifies the request and response events for one specific request-response pair. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StatusCode | int | The HTTP response code of the response for this request. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The time (UTC) when the monitored entity was created, renamed, modified or deleted. |
| Timestamp | datetime | The time at which this event was captured. |
| Type | string | The name of the table |
| Url | string | The full url for this request. This will contain the scheme, host, port (if applicable), path, and query string. |