你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Queries for the AKSAudit table
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
Volume of Kubernetes audit events per SourceIp
Display the count of Kubernetes audit events generated from a given source IP address for each AKS cluster. Requires Diagnostic Settings to use the Resource Specific destination table.
AKSAudit
| where ResponseStatus.code != 401 // Exclude unauthorized responses
| mv-expand SourceIps // Expand the list of SourceIp entries into individual rows
| summarize Count = count() by SourceIp = tostring(SourceIps), ResourceId = _ResourceId
| sort by Count desc