KQL Search

Query Details

HomeAI ToolsDevice Query

Microsoft Graph Activity Logs Missing Logs

Query

// Microsoft might be not registering all logs since 2024-11-22 06:00 UTC
MicrosoftGraphActivityLogs
| where TimeGenerated between (make_datetime(2024, 11, 1) .. make_datetime(2024, 12, 1))
| summarize count() by bin(TimeGenerated, 1d)//,  bin(ResponseSizeBytes, 10000)

Explanation

This KQL (Kusto Query Language) query is analyzing logs from the MicrosoftGraphActivityLogs table. Here's a simple breakdown of what it does:

  1. Filter by Date: It selects logs that were generated between November 1, 2024, and December 1, 2024.

  2. Summarize Data: It counts the number of logs for each day within the specified date range.

  3. Group by Day: The results are grouped into daily bins, meaning it shows the total number of logs for each day.

The comment at the end (//, bin(ResponseSizeBytes, 10000)) suggests that there was an intention to also group or analyze the logs by their response size in increments of 10,000 bytes, but this part of the query is currently commented out and not active.

Details

Jose Sebastián Canós profile picture

Jose Sebastián Canós

Released: December 12, 2024

Tables

MicrosoftGraphActivityLogs

Keywords

MicrosoftGraphActivityLogsTimeGenerated

Operators

betweenmake_datetimewheresummarizecountbybin

Actions