# azure logs

Azure logs sample kusto queries

# security events

# ten most recent security events.
SecurityEvent
    | take 10

# records that are more than 30 minutes old, and that have a level of 10 or more.
SecurityEvent
    | where TimeGenerated < ago(30m)
    | where toint(Level) >= 10

# heartbeat

# display the number of different computers that generated 
# heartbeat events each week for the last three weeks. 
# The results appear as a bar chart.
Heartbeat
    | where TimeGenerated >= startofweek(ago(21d))
    | summarize dcount(Computer) by endofweek(TimeGenerated) 
    | render barchart kind=default

← az cli aks cli →