Exam AZ-104 topic 6 question 33 discussion

In this case the answer is A other options are: 1. Event | search "error" 2. Event | where EventType == "error" 3. search in (Event) "error"

Answer is Correct

Correct is A, not B as many are saying B would be correct if it was Event | where EventType == "error" BUT option B in the question is B. Event | where EventType is "error" So, B is wrong. Other command which are correct are below: Event | search "error" Event | where EventType == "error" (Is the best option according to question as it filters out) But its not given in Question.

Event | where Category == "Error"

Ans is B In this case the answer is A other options are: 1. Event | search "error" 2. Event | where EventType == "error" 3. search in (Event) "error"

To view the error events from a table named `Event` in your Azure Log Analytics workspace named `Workspace1`, you should use the following query: **B. `Event | where EventType == "error"`** This query uses Kusto Query Language (KQL) to filter the `Event` table for rows where the `EventType` column has the value "error".

B. Event | where EventType is "error": This is the correct KQL syntax for querying the Event table and filtering for records where the EventType is "error." Not A guys... A. search in (Event) "error": This syntax is not correct for filtering specific events in KQL. The search operator is used for broader searches but not in this format. When you think of Azure Log Analytics workspace, you need to think of the query language KQL

Example available at https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/search-operator search in (T1,T2,A*) "err"

I find there is problem in the answers https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

Correct answer is A. Answer B is wrong because the operator 'is' is not valid. Instead we have to use '=='. See https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/datatypes-string-operators

Option B is correct because it is written in the Log Analytics query language, which is used to query data in an Azure Log Analytics workspace. The query uses the "Event" table and filters the results to only include events with an "EventType" of "error". The other options are not written in the Log Analytics query language and would not work as written in a Log Analytics workspace.

Option B is the correct query to use in Azure Log Analytics to view error events from a table named Event. The syntax for Azure Log Analytics queries uses a pipeline style and typically begins with the name of the table, in this case "Event", followed by one or more operators, in this case the "where" operator, which filters the results based on the specified criteria. The correct syntax would be: Event | where EventType is "error"

option B. explanation:- In Azure Log Analytics, you use the "Kusto Query Language" (KQL) to query the data stored in a Log Analytics workspace. To view the error events from the table named "Event" in Workspace1, you should run the following query: Event | where EventType is "error" This query will filter the "Event" table to only show the events where the "EventType" is "error" and you will be able to see all the events with errors.

1. Event | search "error" 2. Event | where EventType = "error" 3. search in (Event) "error"

A. search in (Event) "error"