ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 6 question 22 discussion

Actual exam question from Microsoft's AZ-104
Question #: 22
Topic #: 6
[All AZ-104 Questions]

HOTSPOT -
You have an Azure subscription that has diagnostic logging enabled and is configured to send logs to a Log Analytics workspace.
You are investigating a service outage.
You need to view the event time, the event name, and the affected resources.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: AzureActivity -
The AzureActivity table has entries from the Azure activity log, which provides insight into subscription-level or management group-level events occuring in Azure.
Let's see only Critical entries during a specific week.
The where operator is common in the Kusto Query Language. where filters a table to rows that match specific criteria. The following example uses multiple commands. First, the query retrieves all records for the table. Then, it filters the data for only records that are in the time range. Finally, it filters those results for only records that have a Critical level.

AzureActivity -
| where TimeGenerated > datetime(10-01-2020) and TimeGenerated < datetime(10-07-2020)
| where Level == 'Critical'
Incorrect:
not Perf: The Perf table has performance data that's collected from virtual machines that run the Log Analytics agent.

Box 2: | project -
Select a subset of columns: project.
Use project to include only the columns you want. Building on the preceding example, let's limit the output to certain columns:

AzureActivity -
| where TimeGenerated > datetime(10-01-2020) and TimeGenerated < datetime(10-07-2020)
| where Level == 'Critical'
| project TimeGenerated, Level, OperationNameValue, ResourceGroup, _ResourceId
Reference:
https://github.com/MicrosoftDocs/dataexplorer-docs/blob/main/data-explorer/kusto/query/tutorial.md
by ExamTopicsTST at Aug. 30, 2022, 1:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ExamTopicsTST
Highly Voted 2 years, 6 months ago
answer is correct https://www.shudnow.io/2020/03/06/retrieving-activity-log-data-from-azure-log-analytics-part-2/
upvoted 37 times
kukeleku
2 years, 5 months ago
I agree!
upvoted 1 times
...
...
meeko86
Highly Voted 2 years, 2 months ago
Box 1: AzureActivity The AzureActivity table has entries from the Azure activity log, which provides insight into subscription-level or management group-level events occuring in Azure. Let's see only Critical entries during a specific week. Box 2: | project Use project to include only the columns you want. Building on the preceding example, let's limit the output to certain columns
upvoted 21 times
...
[Removed]
Most Recent 5 months ago
CORRECT
upvoted 3 times
...
Amir1909
11 months, 2 weeks ago
Given answer is right
upvoted 1 times
...
Balvosko
1 year, 10 months ago
First part: AzureActivity - This table contains the activity logs from your Azure subscription, including information about the events, their time, and the affected resources. Second part: | where Level == 'critical' - This filters the logs to only show critical events. Third part: | project TimeGenerated, OperationNameValue, ResourceId - This projects the required columns: the event time (TimeGenerated), the event name (OperationNameValue), and the affected resources (ResourceId).
upvoted 1 times
...
zellck
2 years ago
1. AzureActivity 2. project https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#send-to-log-analytics-workspace Activity log data in a Log Analytics workspace is stored in a table called AzureActivity that you can retrieve with a log query in Log Analytics. https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/projectoperator Select the columns to include, rename or drop, and insert new computed columns.
upvoted 5 times
obaali1990
1 year, 11 months ago
Did you pass your exams?
upvoted 1 times
...
...
klexams
2 years, 4 months ago
AzureActivity | project
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago