AzureDiagnostics

AzureDiagnostics Schema #

Table description #

TableSection	TableType	TableSectionName	Description
Usx	Regular	LogManagement	Diagnostic logs emitted by Azure services describe the operation of those services or resources. All diagnostic logs share a common top-level schema, which services extend to emit unique properties for their specifc events. Note: many services are now ingesting their diagnostic logs into resource-specific tables, see more here

Table retention #

HotDays	ColdDays	TotalInteractiveDays
14	76	90

Schema #

Name	Description	Type
_BilledSize		Double
_IsBillable		String
_ResourceId	A unique identifier for the resource that the record is associated with	String
_SubscriptionId	A unique identifier for the subscription that the record is associated with	String
Category	Type of threat indicator or breach activity identified by the alert	String
CorrelationId	Unique identifier of the sign-in event	String
OperationName	Audit event operation name as appeared in the raw event schema. Usually includes both resource type and operation	String
Resource		String
ResourceGroup		String
ResourceId	Unique identifier of the resource accessed	String
ResourceProvider		String
ResourceType	Type of cloud resource	String
ResultDescription		String
ResultType		String
SourceSystem		String
SubscriptionId	Unique identifier of the cloud service subscription	String
TenantId		String
TimeGenerated		DateTime
Type	The name of the table	String

Schema changes #

Date	Action
2024-10-19	Table added to tracking