若要了解如何在 Azure 入口網站中使用這些查詢,請參閱 Log Analytics 教程。 如需 REST API,請參閱 查詢。
頻繁呼叫端點的使用者(AAD Graph)
取得在 AAD Graph 中呼叫用戶端的應用程式和服務主體清單。
AADGraphActivityLogs
| where RequestUri has "users"
| summarize NumRequests = count() by AppId, ServicePrincipalId, UserId
| sort by NumRequests desc
| limit 100
群組端點請求失敗(AAD Graph)
根據應用程式和服務主體,取得 AAD Graph 中分組實體失敗要求的清單。
AADGraphActivityLogs
| where ResultSignature == "403"
| where RequestUri has "groups"
| summarize UniqueRequests = dcount(RequestId) by AppId, ServicePrincipalId, UserId
| sort by UniqueRequests desc
| limit 100