How to track usernames and file content modifications with ChangeTracking service in Azure by using KQL query

Sk Mafar Ali 0 Reputation points
2023-05-08T05:20:49.7166667+00:00

I am tracking the changes of the file content modified in azure vm using the Change tracking service. I successfully created and validated the changes it was working fine but when I try to print the user and file content modified I am stuck to get those details KQL query

I tried the following query But that queries retrieves

ConfigurationChange | where ConfigChangeType == "Files" | sort by TimeGenerated asc | project Computer, Name, ChangeCategory, PreviousSize, Size, DateModified, FileSystemPath, FieldsChanged, FileContentChecksum, Attributes

Could anyone help me modify this query to include the username and file name? Thank you!

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,132 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SwathiDhanwada-MSFT 17,726 Reputation points
    2023-05-10T09:11:47.7366667+00:00

    @Sk Mafar Ali Welcome to Microsoft Q & A Community Forum. Kindly note that it isn't possible to track user who modified the file. To track the file content changes, it's not possible to track changes using KQL, but you can track in portal. For more information, refer to this document.

    Also, as the file content changes are stored in storage account, the link to specific files is available in Log analytics workspace with column name as "FileContentBlobLink"

    As this is new feature request, I also would recommend you navigate here and share your feedback or suggestions directly with the responsible Azure feature team and clicking the vote button of your suggestion to raise visibility and priority on it.

    0 comments