Log Analytics data export missing important tables
Log Analytics data export has been on GA over three weeks.
Tabled Storage{Blob,Files,Queue,Table}Logs, e.g. ADFSandbox{Activity,Pipeline}Runs AzureActivity and AzureDiagnostics are still not supported. That huge blocker for our use case and configuring some logs to long-term storage with Log Analytics Data Export and some other with Resources Diagnostics settings is not really an option we would like to use.
Is there any ETA when more table support is added for log analytics data export?
Missing support for
* AzureDiagnostics means that there is no support for e.g. keyvault audit logs
* Storage*Logs means that there is no support for storage audit logs
* AzureActivity means that there is not support for Azure control layer audit logs
Azure portal has uses definition of CustomLogsV2/Create/SupportedMicrosoftTables and it contains different set of tables than documentation:
diff -uw tables.txt supported-tables-from-docs-only-table-names.txt
--- tables.txt 2022-03-20 17:00:08.000000000 +0200
+++ supported-tables-from-docs-only-table-names.txt 2022-03-20 17:00:34.000000000 +0200
@@ -46,15 +46,11 @@
AgriFoodApplicationAuditLogs
AgriFoodFarmManagementLogs
AgriFoodFarmOperationLogs
-AgriFoodInsightLogs
AgriFoodJobProcessedLogs
-AgriFoodModelInferenceLogs
AgriFoodProviderAuthLogs
-AgriFoodSatelliteLogs
-AgriFoodWeatherLogs
Alert
AlertEvidence
-AmlOnlineEndpointConsoleLog
+AlertInfo
ApiManagementGatewayLogs
AppCenterError
AppPlatformSystemLogs
@@ -70,8 +66,6 @@
AzureAssessmentRecommendation
AzureDevOpsAuditing
BehaviorAnalytics
-BlockchainApplicationLog
-BlockchainProxyLog
CDBCassandraRequests
CDBControlPlaneRequests
CDBDataPlaneRequests
@@ -80,6 +74,9 @@
CDBPartitionKeyRUConsumption
CDBPartitionKeyStatistics
CDBQueryRuntimeStatistics
+CIEventsAudit
+CIEventsOperational
+CassandraLogs
CloudAppEvents
CommonSecurityLog
ComputerGroup
@@ -91,6 +88,7 @@
ContainerNodeInventory
ContainerServiceLog
CoreAzureBackup
+DSMAzureBlobStorageLogs
DatabricksAccounts
DatabricksClusters
DatabricksDBFS
@@ -101,10 +99,8 @@
DatabricksSSH
DatabricksSecrets
DatabricksWorkspace
-DeviceNetworkInfo
DnsEvents
DnsInventory
-DummyHydrationFact
Dynamics365Activity
EmailAttachmentInfo
EmailEvents
@@ -122,8 +118,10 @@
HDInsightHadoopAndYarnMetrics
HDInsightHiveAndLLAPLogs
HDInsightHiveAndLLAPMetrics
+HDInsightHiveQueryAppStats
HDInsightHiveTezAppStats
HDInsightJupyterNotebookEvents
+HDInsightKafkaLogs
HDInsightKafkaMetrics
HDInsightOozieLogs
HDInsightRangerAuditLogs
@@ -138,7 +136,11 @@
HDInsightSparkStageEvents
HDInsightSparkStageTaskAccumulables
HDInsightSparkTaskEvents
+Heartbeat
HuntingBookmark
+IdentityDirectoryEvents
+IdentityLogonEvents
+IdentityQueryEvents
InsightsMetrics
IntuneAuditLogs
IntuneDevices
@@ -151,21 +153,22 @@
KubeServices
LAQueryLogs
MCCEventLogs
+MCVPOperationLogs
McasShadowItReporting
MicrosoftAzureBastionAuditLogs
MicrosoftDataShareReceivedSnapshotLog
MicrosoftDataShareSentSnapshotLog
-MicrosoftDataShareShareLog
MicrosoftHealthcareApisAuditLogs
NWConnectionMonitorPathResult
NWConnectionMonitorTestResult
OfficeActivity
+Operation
Perf
PowerBIDatasetsWorkspace
+PurviewDataSensitivityLogs
PurviewScanStatusLogs
SCCMAssessmentRecommendation
SCOMAssessmentRecommendation
-SPAssessmentRecommendation
SQLAssessmentRecommendation
SQLSecurityAuditEvents
SecurityAlert
@@ -179,7 +182,6 @@
SecurityRecommendation
SentinelHealth
SfBAssessmentRecommendation
-SfBOnlineAssessmentRecommendation
SharePointOnlineAssessmentRecommendation
SignalRServiceDiagnosticLogs
SigninLogs
@@ -191,6 +193,8 @@
SynapseIntegrationPipelineRuns
SynapseIntegrationTriggerRuns
SynapseRbacOperations
+SynapseScopePoolScopeJobsEnded
+SynapseScopePoolScopeJobsStateChange
SynapseSqlPoolDmsWorkers
SynapseSqlPoolExecRequests
SynapseSqlPoolRequestSteps
@@ -198,10 +202,11 @@
SynapseSqlPoolWaits
Syslog
ThreatIntelligenceIndicator
+UCClientUpdateStatus
Update
UpdateRunProgress
UpdateSummary
-UserAccessAnalytics
+Usage
UserPeerAnalytics
WVDAgentHealthStatus
WVDCheckpoints
The difference or kind of worrisome but otoh portal does not really use that list for anything.
Is there any plans for a proper machine-readable endpoint that contains the list of supported tables?