Queries for the AZMSRunTimeAuditLogs table
Publish successful connection for AMQP protocol
Publish runtime successful connection for Advanced Message Queuing Protocol(AMQP).
AZMSRunTimeAuditLogs
| where Provider =~ "EventHub"
| where Protocol == "AMQP" and Status == "Success"
| project ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by ActivityName
Publish failed AAD logs
Publish the failed entries for AAD auth.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "EventHub"
| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "AAD" and Status != "Success"
| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, AuthKey, ActivityName
Publish failed SAS logs
Publish the failed entries for SAS auth.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "EventHub"
| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "SAS" and Status != "Success"
| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, AuthKey, ActivityName
Publish failure for send message
Publish the runtime failure for send message event.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "EventHub"
| where isnotnull(NamespaceInfo) and Status != "Success" and ActivityName == "SendMessage"
| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, ActivityName
Publish failure for Namespace
Publish the runtime failure for multiple namespaces.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "EventHub"
| where isnotnull(NamespaceInfo) and Status != "Success"
| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, ActivityName
[Classic] Errors in the last 7 days
This lists all the errors for the last 7 days.
AzureDiagnostics
| where ResourceProvider ==\"MICROSOFT.EVENTHUB\"
| where Category == \"OperationalLogs\"
| summarize count() by \"EventName\", _ResourceId
Publish successful connection for AMQP protocol
Publish runtime successful connection for Advanced Message Queuing Protocol(AMQP).
AZMSRunTimeAuditLogs
| where Provider =~ "ServiceBus"
| where Protocol == "AMQP" and Status == "Success"
| project ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by ActivityName
Publish failures for send message
Publish the runtime failures for send message event.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "ServiceBus"
| where isnotnull(NamespaceInfo) and Status != "Success" and ActivityName == "SendMessage"
| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, ActivityName
Publish failure for namespace
Publish the runtime failure for multiple namespaces.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "ServiceBus"
| where isnotnull(NamespaceInfo) and Status != "Success"
| project NamespaceInfo, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, ActivityName
Publish failed AAD logs
Publish the failed entries for AAD authorization.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "ServiceBus"
| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "AAD" and Status != "Success"
| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, AuthKey, ActivityName
Publish failed SAS logs
Publish the failed entries for SAS authorization.
AZMSRunTimeAuditLogs
| extend NamespaceInfo = tostring(split(_ResourceId, "/")[8])
| where Provider =~ "ServiceBus"
| where isnotnull(NamespaceInfo) and isnotnull(AuthKey) and AuthType == "SAS" and Status != "Success"
| project NamespaceInfo, AuthKey, ActivityName, Protocol, NetworkType, ClientIp, _ResourceId
| summarize by NamespaceInfo, AuthKey, ActivityName
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for