Queries for the AVSSyslog table
Get DNS failures
Gets 100 AVS failed DNS query logs. If you are receiving DNS query failures, check your DNS configuration.
AVSSyslog
| where AppName == "dnsmasq" // do some initial filtering to optimize 'has'
| where Message has "Failed DNS Query" // filter to only Failed DNS Query messages
| take 100
Get distributed Firewall logs
Gets 100 AVS distributed firewall logs.
AVSSyslog
| where AppName == "FIREWALL" or ProcId == "FIREWALL"
| take 100
Get audit events for VM created
Gets 100 AVS audit events for VM created events.
AVSSyslog
| where Message has "vmcreatedevent"
| take 100
Get audit events for VM deleted
Gets 100 AVS audit events for VM deleted events.
AVSSyslog
| where Message has "vmremovedevent"
| take 100
Get audit events for VM powered on
Gets 100 AVS audits events for VM powered on events.
AVSSyslog
| where Message has "VmPowerStateChangedEvent" and Message has "poweredon"
| take 100
Get audit events for VM disconnected
Gets 100 AVS audit events for VM disconnected events.
AVSSyslog
| where Message has "vmdisconnectedevent"
| take 100
Get audit events for VM rebooted
Gets 100 AVS audit events for VM rebooted events.
AVSSyslog
| where Message has "VmGuestRebootEvent"
| take 100
Get audit events for VM migrated
Gets 100 AVS audit events for VM migrated events.
AVSSyslog
| where Message has "vmmigratedevent"
| take 100
Get audit events for host added
Gets 100 AVS audit events for host added events.
AVSSyslog
| where Message has "hostaddedevent"
| take 100
Get audit events for host shutdown
Gets 100 AVS audit events for host shutdown events.
AVSSyslog
| where Message has "hostshutdownevent"
| take 100
Get audit events for host enter maintenance mode
Gets 100 AVS audit events for host enter maintenance mode events.
AVSSyslog
| where Message has "The host has entered maintenance mode"
| take 100
Get audit events for host exit maintenance mode
Gets 100 AVS audit events for host exit maintenance mode events.
AVSSyslog
| where Message has "The host has exited maintenance mode"
| take 100
Get audit events for host connected
Gets 100 AVS audit events for host connected events.
AVSSyslog
| where Message has "hostconnectedevent"
| take 100
Get audit events for host connection lost
Gets 100 AVS audit events for host connections lost events.
AVSSyslog
| where Message has "lost connection to the host"
| take 100
Get audit events for cluster
Gets 100 AVS audit events for cluster events.
AVSSyslog
| where Message has "cluster" and Message has "event"
| take 100
Get audit events count for NSX
Gets the AVS audit events count for NSX.
AVSSyslog
| where Message has "nsx" and Message has "event"
| count
Get audit events count for vCenter
Gets the AVS audit events count for vCenter events.
AVSSyslog
| where Message has "vcenter" and Message has "event"
| count
Get audit events for role added
Gets 100 AVS audit events for role added events.
AVSSyslog
| where Message has "RoleAddedEvent"
| take 100
Get AVS events with severity of Info
Gets 100 AVS events by severity level equals Info. Swap it out with other severity level (Notice, Debug, Warning, Error) to get similar.
AVSSyslog
| where severity == "info"
| take 100
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for