ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 67 discussion

Actual exam question from Microsoft's AZ-305
Question #: 67
Topic #: 1
[All AZ-305 Questions]

HOTSPOT
-

You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server 2022 and have the Azure Monitor Agent installed.

You need to recommend a solution that meets the following requirements:

• Forwards JSON-formatted logs from the virtual machines to a Log Analytics workspace
• Transforms the logs and stores the data in a table in the Log Analytics workspace

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by mykola_yakovliev at Oct. 5, 2023, 3:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Elecktrus
Highly Voted 1 year, 4 months ago
in the exam today 11-Oct. Answered: Box1 - Azure Monitor Data collection Box2 - KQL
upvoted 19 times
GeorgiAngelov
1 year, 4 months ago
and what was your score?
upvoted 4 times
...
TaoLu
1 year, 3 months ago
Box2 should be XPATH
upvoted 1 times
mmarkiew
1 year, 3 months ago
For those arguing XPATH over KQL, as far as I can tell, XPATH can only filter (not transform) event log data that is sent to a Log Analytics workspace. KQL, on the other hand, can be used for ingestion-time transformations that allow for filtering or modification of incoming data before it's stored in a Log Analytics workspace. So Box 2 should indeed be KQL. References: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent?tabs=portal#filter-events-using-xpath-queries https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-transformation
upvoted 6 times
xRiot007
1 year ago
Microsoft recommends in their official documentation to use KQL to transform data at ingestion, but it seems that some people here are smarter than the creators of these tools :))
upvoted 8 times
chair123
12 months ago
KQL is correct. Here is the link as reference for ingested-transformation: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations#how-transformations-work:~:text=Transformations%20are%20defined%20in%20a%20data%20collection%20rule%20(DCR)%20and%20use%20a%20Kusto%20Query%20Language%20(KQL)%20statement
upvoted 1 times
chair123
12 months ago
** Ingestion-Time Transformation
upvoted 1 times
...
...
...
...
...
...
vensub
Highly Voted 1 year, 4 months ago
For Box 2 - It should be KQL https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-transformation
upvoted 8 times
...
[Removed]
Most Recent 3 months, 3 weeks ago
CORRECT
upvoted 1 times
...
Thanveer
3 months, 4 weeks ago
Box1 - Azure Monitor Data collection Box2 - KQL
upvoted 1 times
...
23169fd
8 months, 2 weeks ago
Azure Monitor Data Collection Endpoint: Why: This endpoint allows you to ingest data directly into a Log Analytics workspace from various sources, including virtual machines with the Azure Monitor Agent installed. KQL Query: Why: Kusto Query Language (KQL) is used within Azure Monitor to transform and query log data, making it suitable for storing and analyzing the logs in a Log Analytics workspace.
upvoted 4 times
23169fd
8 months, 2 weeks ago
Why Not Other Options: Forwarding the logs: Linked storage account: Primarily used for storing raw data, not directly for forwarding logs. Service endpoint: Not typically used for log forwarding in this context. Transforming the logs: WQL query: Used for querying WMI data, not suitable for transforming JSON-formatted logs. XPath query: Used for querying XML data, not suitable for JSON-formatted logs.
upvoted 4 times
...
...
Lazylinux
10 months, 1 week ago
Given answer is correct Box1 - Azure Monitor Data collection Box2 - KQL
upvoted 2 times
...
peterp007
1 year, 2 months ago
DCE KQL https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations#how-transformations-work "Transformations are defined in a data collection rule (DCR) and use a Kusto Query Language (KQL) statement that's applied individually to each entry in the incoming data. It must understand the format of the incoming data and create output in the structure expected by the destination."
upvoted 4 times
...
kishoredeena
1 year, 2 months ago
Box2 - KQL feels appropriate https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations
upvoted 1 times
...
Aryan171
1 year, 2 months ago
For (2) you must consider "Forwards JSON-formatted logs ". XPath can extract information from XML documents. For non-XML documents as in this case, KQL is the suggested approach.
upvoted 1 times
...
ManosCaptain
1 year, 3 months ago
Appeared on 11/21/2023
upvoted 4 times
...
Tay2234
1 year, 3 months ago
For Box 2 - It should be KQL https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations-structure
upvoted 2 times
...
malcubierre
1 year, 3 months ago
Should be XPath: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent?tabs=portal
upvoted 1 times
BShelat
1 year, 2 months ago
XPath just collects the data. it does NOT transform the data KQL Query Language is used to transform the collected data. https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations-structure
upvoted 1 times
...
...
mykola_yakovliev
1 year, 5 months ago
The first answer is correct (https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent) To transform the logs and store the data use an XPath query (https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent#filter-events-using-xpath-queries).
upvoted 8 times
TheOlli
1 year, 4 months ago
XPath is for XML only. KQL can query JSON. AFAIK.
upvoted 11 times
TaoLu
1 year, 3 months ago
Who told you XPath can only used for XML?
upvoted 1 times
...
...
kayceeec
1 year, 4 months ago
To forward the logs: Use the Azure Monitor Agent. The Azure Monitor Agent can collect different types of data into a Log Analytics workspace, including JSON-formatted logs from your virtual machines. To transform the logs and store the data: Use Kusto Query Language (KQL). Once the data is in the Log Analytics workspace, you can write KQL queries to transform the logs and store the data in a table in the workspace. KQL is a read-only request to process data and return results.
upvoted 6 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago