| AAD Graph Logs |
AADGraphActivityLogs
|
| Analysis Services |
AzureMetrics
|
| API Management services |
APIMDevPortalAuditDiagnosticLog
ApiManagementGatewayLlmLog
AzureMetrics
ApiManagementGatewayLogs
ApiManagementWebSocketConnectionLogs
|
| App Services |
AzureMetrics
|
| Application Gateway for Containers |
AzureMetrics
AGCAccessLogs
|
| Application Gateways |
AzureMetrics
AGWAccessLogs
AGWPerformanceLogs
AGWFirewallLogs
|
| Application Insights |
AppTraces
|
| Automation account |
AzureMetrics
|
| AVS Private Cloud |
AVSVcSyslog
AVSEsxiFirewallSyslog
AVSEsxiSyslog
AVSNsxManagerSyslog
AVSNsxEdgeSyslog
AVSSyslog
|
| Azure AD Domain Services |
AADDomainServicesDNSAuditsDynamicUpdates
AADDomainServicesDNSAuditsGeneral
AzureMetrics
|
| Azure API for FHIR |
AzureMetrics
|
| Azure Arc Enabled Kubernetes |
AzureMetrics
ContainerLogV2
ArcK8sAudit
ArcK8sAuditAdmin
ArcK8sControlPlane
|
| Azure Arc Provisioned Clusters |
AzureMetrics
ContainerLogV2
|
| Azure Blockchain Service |
AzureMetrics
|
| Azure Cache for Redis |
ACRConnectedClientList
ACREntraAuthenticationAuditLog
AzureMetrics
|
| Azure Cache for Redis Enterprise |
REDConnectionEvents
|
| Azure CloudHsm |
AzureMetrics
CloudHsmServiceOperationAuditLogs
|
| Azure Cosmos DB |
CDBDataPlaneRequests
CDBDataPlaneRequests5M
CDBDataPlaneRequests15M
CDBPartitionKeyStatistics
CDBPartitionKeyRUConsumption
CDBQueryRuntimeStatistics
CDBMongoRequests
CDBCassandraRequests
CDBGremlinRequests
CDBTableApiRequests
CDBControlPlaneRequests
AzureMetrics
|
| Azure Cosmos DB for MongoDB (vCore) |
VCoreMongoRequests
|
| Azure Cosmos DB for PostgreSQL |
AzureMetrics
|
| Azure Data Explorer Clusters |
AzureMetrics
|
| Azure Data Manager for Energy |
OEPDataplaneLogs
|
| Azure Data Transfer |
DataTransferOperations
|
| Azure Database for MariaDB Servers |
AzureMetrics
|
| Azure Database for MySQL Flexible Servers |
AzureMetrics
|
| Azure Database for MySQL Servers |
AzureMetrics
|
| Azure Database for PostgreSQL Flexible Servers |
AzureMetrics
|
| Azure Database for PostgreSQL Servers |
AzureMetrics
|
| Azure Database for PostgreSQL Servers V2 |
AzureMetrics
|
| Azure Databricks Services |
AzureMetrics
DatabricksBrickStoreHttpGateway
DatabricksDashboards
DatabricksCloudStorageMetadata
DatabricksPredictiveOptimization
DatabricksDataMonitoring
DatabricksIngestion
DatabricksMarketplaceConsumer
DatabricksLineageTracking
DatabricksFilesystem
DatabricksApps
DatabricksClusterPolicies
DatabricksDataRooms
DatabricksGroups
DatabricksMarketplaceProvider
DatabricksOnlineTables
DatabricksRBAC
DatabricksRFA
DatabricksVectorSearch
DatabricksWebhookNotifications
DatabricksWorkspaceFiles
DatabricksBudgetPolicyCentral
DatabricksAccounts
DatabricksClusters
DatabricksDBFS
DatabricksInstancePools
DatabricksJobs
DatabricksNotebook
DatabricksSQL
DatabricksSQLPermissions
DatabricksSSH
DatabricksSecrets
DatabricksWorkspace
DatabricksFeatureStore
DatabricksGenie
DatabricksGlobalInitScripts
DatabricksIAMRole
DatabricksMLflowAcledArtifact
DatabricksMLflowExperiment
DatabricksRemoteHistoryService
DatabricksGitCredentials
DatabricksWebTerminal
DatabricksDatabricksSQL
|
| Azure Health Data Services de-identification service |
AHDSDeidAuditLogs
|
| Azure Local |
AzureMetrics
SecurityEvent
CommonSecurityLog
|
| Azure Managed CCF |
CCFApplicationLogs
|
| Azure Managed Lustre |
AzureMetrics
AFSAuditLogs
|
| Azure Migrate Data Replication |
ASRv2JobEvents
ASRv2HealthEvents
ASRv2ReplicationVaults
ASRv2ReplicationPolicies
ASRv2ReplicationExtensions
ASRv2ProtectedItems
|
| Azure Monitor autoscale settings |
AzureMetrics
|
| Azure Monitor Workspace |
AMWMetricsUsageDetails
|
| Azure Operator Insights - Data Product |
AzureMetrics
AOIDigestion
AOIDatabaseQuery
AOIStorage
|
| Azure Sentinel |
SecurityEvent
DnsAuditEvents
AggregatedSecurityAlert
|
| Azure Sentinel CEF Table |
CommonSecurityLog
|
| Azure Sentinel Web Session Logs |
ASimWebSessionLogs
|
| Azure Sphere |
ASCAuditLogs
ASCDeviceEvents
|
| Azure Spring Apps |
AzureMetrics
|
| Azure Storage Mover |
AzureMetrics
StorageMoverCopyLogsFailed
StorageMoverCopyLogsTransferred
StorageMoverJobRunLogs
|
| Azure Traffic Collector |
AzureMetrics
|
| Azure Virtual Network Manager |
AzureMetrics
AVNMNetworkGroupMembershipChange
AVNMRuleCollectionChange
AVNMConnectivityConfigurationChange
AVNMIPAMPoolAllocationChange
|
| Bastions |
AzureMetrics
|
| Batch Accounts |
AzureMetrics
|
| Chaos Experiment |
ChaosStudioExperimentEventLogs
|
| Cognitive Services |
AzureMetrics
|
| Communication Services |
AzureMetrics
ACSOptOutManagementOperations
ACSCallDiagnostics
ACSCallDiagnosticsUpdates
ACSCallingMetrics
ACSCallClientServiceRequestAndOutcome
ACSCallClientOperations
ACSCallClientMediaStatsTimeSeries
ACSCallSummary
ACSCallSummaryUpdates
ACSCallRecordingIncomingOperations
ACSCallRecordingSummary
ACSCallClosedCaptionsSummary
ACSJobRouterIncomingOperations
ACSRoomsIncomingOperations
ACSCallAutomationIncomingOperations
ACSCallAutomationMediaSummary
ACSCallAutomationStreamingUsage
ACSAdvancedMessagingOperations
|
| Container Apps |
ContainerAppConsoleLogs
AppEnvSpringAppConsoleLogs
AppEnvSessionConsoleLogs
AppEnvSessionPoolEventLogs
AppEnvSessionLifecycleLogs
|
| Container Registries |
AzureMetrics
|
| Data factories |
AzureMetrics
|
| Data Lake Analytics |
AzureMetrics
|
| Data Lake Storage Gen1 |
AzureMetrics
|
| Data Share |
AzureMetrics
|
| Defender for Storage Settings |
StorageMalwareScanningResults
|
| Desktop Virtualization Application Groups |
AzureMetrics
|
| Desktop Virtualization Host Pools |
AzureMetrics
|
| Desktop Virtualization workspaces |
AzureMetrics
|
| Dev Center Plans |
AzureMetrics
|
| Dev Centers |
AzureMetrics
DevCenterDiagnosticLogs
DevCenterResourceOperationLogs
DevCenterBillingEventLogs
DevCenterAgentHealthLogs
DevCenterConnectionLogs
|
| Device Provisioning Services |
AzureMetrics
|
| DNS Resolver Policies |
DNSQueryLogs
|
| Event Grid Domains |
AzureMetrics
|
| Event Grid Namespaces |
AzureMetrics
EGNSuccessfulHttpDataPlaneOperations
EGNFailedHttpDataPlaneOperations
|
| Event Grid Partner Namespaces |
AzureMetrics
|
| Event Grid Partner Topics |
AzureMetrics
|
| Event Grid System Topics |
AzureMetrics
|
| Event Grid Topics |
AzureMetrics
|
| Event Hubs |
AzureMetrics
AZMSApplicationMetricLogs
AZMSOperationalLogs
AZMSRunTimeAuditLogs
AZMSDiagnosticErrorLogs
AZMSVnetConnectionEvents
AZMSArchiveLogs
AZMSAutoscaleLogs
AZMSKafkaCoordinatorLogs
AZMSKafkaUserErrorLogs
AZMSCustomerManagedKeyUserLogs
|
| Experiment Workspace |
AEWExperimentAssignmentSummary
AEWExperimentScorecards
AEWExperimentScorecardMetricPairs
|
| ExpressRoute Circuits |
AzureMetrics
|
| Firewalls |
AZFWNetworkRule
AZFWFatFlow
AZFWFlowTrace
AZFWApplicationRule
AZFWThreatIntel
AZFWNatRule
AZFWIdpsSignature
AZFWDnsQuery
AZFWInternalFqdnResolutionFailure
AZFWNetworkRuleAggregation
AZFWApplicationRuleAggregation
AZFWNatRuleAggregation
AzureMetrics
|
| Front Doors |
AzureMetrics
|
| Health Data Services |
AHDSMedTechDiagnosticLogs
AHDSDicomDiagnosticLogs
AHDSDicomAuditLogs
|
| Intune Specialist Reports. |
Windows365AuditLogs
|
| IoT Hub |
AzureMetrics
|
| Key Vaults |
AzureMetrics
AZKVAuditLogs
AZKVPolicyEvaluationDetailsLogs
|
| Kubernetes Services |
RetinaNetworkFlowLogs
AzureMetrics
ContainerLogV2
AKSAudit
AKSAuditAdmin
AKSControlPlane
|
| Load Balancers |
ALBHealthEvent
|
| Log Analytics workspaces |
AzureMetrics
LAQueryLogs
LASummaryLogs
AzureMetricsV2
|
| Logic Apps |
AzureMetrics
|
| Machine Learning |
AzureMetrics
|
| Managed DevOps Pools |
MDPResourceLog
|
| Media Services |
AzureMetrics
AMSKeyDeliveryRequests
AMSMediaAccountHealth
AMSLiveEventOperations
AMSStreamingEndpointRequests
|
| Microsoft Connected Cache |
AzureMetrics
|
| Microsoft Connected Vehicle Platform |
AzureMetrics
|
| Microsoft Defender for Cloud |
SecurityAttackPathData
|
| Microsoft Graph Logs |
SigninLogs
|
| Microsoft Planetary Computer Pro |
OGOAuditLogs
|
| Microsoft Playwright Testing |
AzureMetrics
|
| Microsoft Sentinel ASim |
ASimDhcpEventLogs
ASimFileEventLogs
ASimUserManagementActivityLogs
ASimRegistryEventLogs
|
| Microsoft Sentinel Audit Event ASim schema |
ASimAuditEventLogs
|
| Microsoft Sentinel Authentication Event ASIM schema |
ASimAuthenticationEventLogs
|
| Microsoft Sentinel DNS activity ASim schema |
ASimDnsActivityLogs
|
| Microsoft Sentinel Network Session ASim schema |
ASimNetworkSessionLogs
|
| Microsoft Sentinel Process Event ASim schema |
ASimProcessEventLogs
|
| Microsoft Sentinel Threat Intelligence. |
ThreatIntelObjects
ThreatIntelIndicators
|
| Microsoft.StandbyPool |
SCGPoolExecutionLog
SCGPoolRequestLog
|
| Microsoft.StandbyPool |
SVMPoolExecutionLog
SVMPoolRequestLog
|
| NAT Gateways |
NatGatewayFlowlogsV1
|
| Network Devices (Operator Nexus) |
MNFDeviceUpdates
MNFSystemStateMessageUpdates
MNFSystemSessionHistoryUpdates
|
| Network Interfaces |
AzureMetrics
|
| Network Security Groups |
AzureMetrics
|
| Network Security Perimeters |
NSPAccessLogs
|
| Nexus BareMetal Machines |
AzureMetrics
NCBMSystemLogs
NCBMSecurityLogs
NCBMSecurityDefenderLogs
NCBMBreakGlassAuditLogs
|
| Nexus Cluster Managers |
AzureMetrics
NCMClusterOperationsLogs
|
| Nexus Clusters |
AzureMetrics
NCCKubernetesLogs
NCCPlatformOperationsLogs
NCCVMOrchestrationLogs
|
| Nexus Storage Appliances |
AzureMetrics
NCSStorageAudits
NCSStorageAlerts
NCSStorageLogs
|
| NGINXaaS |
NGXOperationLogs
NGXSecurityLogs
NginxUpstreamUpdateLogs
|
| Online Experiment Workspace |
OEWAuditLogs
|
| Power BI Datasets |
PowerBIDatasetsTenant
|
| Power BI Datasets |
PowerBIDatasetsWorkspace
|
| Power BI Embedded |
AzureMetrics
|
| Project CI Workspace |
AzureMetrics
|
| Public IP Addresses |
AzureMetrics
|
| Relay |
AzureMetrics
AZMSVnetConnectionEvents
AZMSHybridConnectionsEvents
|
| Search Services |
AzureMetrics
|
| Service Bus |
AzureMetrics
AZMSOperationalLogs
AZMSVnetConnectionEvents
AZMSRunTimeAuditLogs
AZMSApplicationMetricLogs
AZMSDiagnosticErrorLogs
|
| Service Fabric Clusters |
AzureMetrics
|
| SignalR |
AzureMetrics
|
| SQL Databases |
AzureMetrics
|
| SQL Managed Instances |
AzureMetrics
|
| SQL Servers |
AzureMetrics
|
| Storage Accounts |
AzureMetrics
StorageTableLogs
StorageQueueLogs
StorageFileLogs
StorageBlobLogs
|
| Stream Analytics jobs |
AzureMetrics
|
| Synapse Workspaces |
SynapseSqlPoolExecRequests
SynapseSqlPoolRequestSteps
SynapseSqlPoolDmsWorkers
SynapseSqlPoolWaits
SynapseSqlPoolSqlRequests
AzureMetrics
|
| System Center Virtual Machine Manager |
AzureMetrics
SecurityEvent
CommonSecurityLog
|
| Time Series Insights Environments |
AzureMetrics
|
| Toolchain orchestrator |
TOUserAudits
TOUserDiagnostics
|
| Traffic Manager Profiles |
AzureMetrics
|
| Virtual Machine Scale Sets |
AzureMetrics
SecurityEvent
CommonSecurityLog
|
| Virtual machines |
AzureMetrics
SecurityEvent
CommonSecurityLog
|
| Virtual Network Gateways |
AzureMetrics
|
| Virtual Networks |
AzureMetrics
|
| Virtual Private Network Gateways |
AzureMetrics
|
| VMware |
AzureMetrics
SecurityEvent
CommonSecurityLog
|
| Workload Monitor |
AzureMetrics
|
| workload orchestration |
WOUserAudits
WOUserDiagnostics
|
| No service defined |
AADFirstPartyToFirstPartySignInLogs
AADManagedIdentitySignInLogs
AADNonInteractiveUserSignInLogs
AADRiskyServicePrincipals
AADRiskyUsers
AADServicePrincipalRiskEvents
AADServicePrincipalSignInLogs
AADUserRiskEvents
ABAPAuditLog
ABAPAuthorizationDetails
ABAPChangeDocsLog
ABAPTableDataLog
ABAPUserDetails
ADFSSignInLogs
AWSCloudTrail
AWSCloudWatch
AWSGuardDuty
AWSNetworkFirewallAlert
AWSNetworkFirewallFlow
AWSNetworkFirewallTls
AWSRoute53Resolver
AWSSecurityHubFindings
AWSVPCFlow
AWSWAF
AcsCallAutomationStreamingUsage
AlertEvidence
AlertInfo
Anomalies
AzureDevOpsAuditing
BehaviorEntities
BehaviorInfo
CampaignInfo
CloudAppEvents
CommunicationComplianceActivity
DatabricksCapsule8Dataplane
DatabricksClamAVScan
DatabricksClusterLibraries
DatabricksDeltaPipelines
DatabricksModelRegistry
DatabricksPartnerHub
DatabricksRepos
DatabricksServerlessRealTimeInference
DatabricksUnityCatalog
DataverseActivity
DeviceBehaviorEntities
DeviceBehaviorInfo
DeviceEvents
DeviceFileCertificateInfo
DeviceFileEvents
DeviceImageLoadEvents
DeviceInfo
DeviceLogonEvents
DeviceNetworkEvents
DeviceNetworkInfo
DeviceProcessEvents
DeviceRegistryEvents
DeviceTvmSecureConfigurationAssessment
DeviceTvmSecureConfigurationAssessmentKB
DeviceTvmSoftwareInventory
DeviceTvmSoftwareVulnerabilities
DeviceTvmSoftwareVulnerabilitiesKB
DynamicEventCollection
EmailAttachmentInfo
EmailEvents
EmailPostDeliveryEvents
EmailUrlInfo
EnrichedMicrosoft365AuditLogs
FileMaliciousContentInfo
GCPCDN
GCPDNS
GCPFirewallLogs
GCPIAM
GCPIDS
GCPLoadBalancer
GCPMonitoring
GCPVPCFlow
GoogleCloudSCC
IdentityDirectoryEvents
IdentityLogonEvents
IdentityQueryEvents
IlumioInsights
IntuneDevices
MDCDetectionDNSEvents
MDCDetectionFimEvents
MDCDetectionGatingValidationEvents
MDCDetectionK8SApiEvents
MDCDetectionProcessV2Events
MDCFileIntegrityMonitoringEvents
MDECustomCollectionDeviceFileEvents
MicrosoftGraphActivityLogs
MicrosoftPurviewInformationProtection
MicrosoftServicePrincipalSignInLogs
NetworkAccessAlerts
NetworkAccessConnectionEvents
NetworkAccessTraffic
NetworkSessions
OktaSystemLogs
PowerAppsActivity
PowerAutomateActivity
PowerBIActivity
PowerPlatformAdminActivity
PowerPlatformConnectorActivity
PowerPlatformDlpActivity
ProjectActivity
RemoteNetworkHealthLogs
UrlClickEvents
|