Tag: Azure Security

• KQL To Pull LogType, Resourcename, LogsVolume From LogAnalytics Workspace

  union withsource=LogTable *| where TimeGenerated > ago(60d)| extend ResourceId = tostring(parse_json(tostring(_ResourceId)))| extend ResourceName = tostring(split(ResourceId, “/”)[8])| extend ResourceType = case(LogTable in (“Heartbeat”, “Perf”, “InsightsMetrics”, “Syslog”, “SecurityEvent”, “VMConnection”, “Update”), “Virtual Machine”,LogTable startswith “App”, “Application”,LogTable in (“CommonSecurityLog”, “AzureDiagnostics”), “Firewall”,“Other”)| summarizeLogCount = count(),IngestedVolumeMB = sum(_BilledSize) / 1024.0,TotalBilledVolumeMB = sum(_BilledSize) / 1024.0 // Same as IngestedVolumeMB unless raw size…

  premkumarsubramaniyan

  August 4, 2025

  Active Directory

  Azure Security