This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 70%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFS%3C/text%3E%3C/svg%3E)
We are having issues with a new Log Analytics Server setup on a new Subscription in our Azure account whereby it doesn't seem to be recording a "OperationName" value for any log entries that are created.
We have a KQL query we use to extract these logs from the Log Analytics Workspace, which starts as :
AzureActivity
| project-keep SubscriptionId, ResourceGroup, TimeGenerated, _ResourceId, OperationName, OperationNameValue, ActivityStatusValue, Caller, CallerIpAddress, CategoryValue
| where CategoryValue in ('Administrative')
In the old Subscription this produces log entries like the following :
However when running this KQL in the new Subscription this instead gives entries like :
I would guess that a setting has been missed somewhere to record this value, or a filter applied to exclude it, but I'm fairly sure we're using default logging settings on both Subscriptions.
Any idea why this value would not be recorded, where I can check the filtering/setup of the logging?
Hello,
Older deployments would have used the legacy ingestion and schema, see here (and read further up the page as well) https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#data-structure-changes
Your new deployment uses the updated schema
source: