Queries for the ASimDnsActivityLogs table
Count DNS failures for a source by source and type
Count the number of failed DNS queries for each source IP address and failure type
ASimDnsActivityLogs
| where EventType == 'Query' and EventResult == 'Failure'
| summarize count() by SrcIpAddr, EventResultDetails
Identify excessive query for a nonexistent domain by a source
Count the number of queries that return NXDOMAIN, indicating that the queries domain name does not exist, and compares the count to a threshold of 100.
ASimDnsActivityLogs
| where EventResultDetails == 'NXDOMAIN'
| summarize c=count() by SrcIpAddr
| where c > 100
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for