Versions Compared

Old Version 2

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
cloud.azure.shared.administrativecloud.azure.shared.alerts

Rw ui tabs macro
Rw tab
title101-105

Anchor
tag101
tag101
cloud.azure.sentinel.alerts

Field

Type

Extra fields

eventdate

timestamp

hostname

str

id

str

azureTenantId

str

azureSubscriptionId

str

riskScore

str

tags

str

activityGroupName

str

assignedTo

str

category

str

closedDateTime

timestamp

comments

str

confidence

int4

createdDateTime

str

description

str

detectionIds

str

eventDateTime

str

feedback

str

incidentIds

str

lastModifiedDateTime

str

recommendedActions

str

severity

str

sourceMaterials

str

status

str

title

str

vendorInformation__provider

str

vendorInformation__providerVersion

str

vendorInformation__subProvider

str

vendorInformation__vendor

str

cloudAppStates_json

json

fileStates_json

json

hostStates_json

json

historyStates_json

json

malwareStates_json

json

networkConnections_json

json

processes_json

json

registryKeyStates_json

json

securityResources_json

json

triggers_json

json

userStates_json

json

vulnerabilityStates_json

json

hostchain

str

tag

str

rawMessage

str

Anchor
tag102
tag102
cloud.azure.servicebus.metrics

Field

Type

Extra fields

eventdate

timestamp

hostname

str

resourceId

str

average

float8

total

int4

timeGrain

str

metricName

str

count

int4

maximum

int4

time

str

minimum

int4

hostchain

str

v

tag

str

rawMessage

str

Anchor
tag103
tag103
cloud.azure.servicebus.operational

Anchor
tag104tag104
Anchor
tag105tag105
Rw tab
title106-110

Anchortag106tag106cloud.azure.shared.autoscale Anchortag107tag107cloud.azure.shared.policy Anchortag108tag108cloud.azure.shared.recommendation Anchortag109tag109cloud.azure.shared.resourcehealth Anchortag110tag110cloud.azure.shared.signin

Field

Type

Extra fields

eventdate

timestamp

hostname

str

Status

str

resourceId

str

SubscriptionId

str

Caller

str

ActivityId

str

EventTimeString

str

EventProperties

str

Environment

str

Region

str

EventName

str

category

str

ScaleUnit

str

hostchain

str

tag

str

rawMessage

str

Rw tab
title111-115

Anchor
tag111
tag111
cloud.azure.siterecovery.addon_backup_jobs

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

level

str

 

 

eventId

int4

 

 

eventName

str

 

 

properties

json

 

 

properties__protectedContainerUniqueId

str

 

 

properties__recoveryJobRPDateTime

str

 

 

properties__jobUniqueId

str

 

 

properties__backupItemUniqueId

str

 

 

properties__vaultUniqueId

str

 

 

properties__jobOperation

str

 

 

properties__jobStatus

str

 

 

properties__jobFailureCode

str

 

 

properties__jobStartDatetime

timestamp

Code Block
parsedate(properties__jobStartDateTime, dateformat("D/M/YYYY h:mm:ss A", "UTC"))

properties__jobStartDateTime

properties__jobDurationInSecs

str

 

 

properties__dataTransferredInMB

str

 

 

properties__schemaVersion

str

 

 

properties__state

str

 

 

properties__backupManagementType

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag112
tag112
cloud.azure.siterecovery.addon_backup_policy

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

level

str

 

 

eventId

int4

 

 

eventName

str

 

 

properties

json

 

 

properties__policyUniqueId

str

 

 

properties__vaultUniqueId

str

 

 

properties__schemaVersion

str

 

 

properties__state

str

 

 

properties__backupManagementType

str

 

 

properties__logBackupFrequency

str

 

 

properties__logBackupRetentionDuration

str

 

 

properties__policyTimeZone

str

 

 

properties__policyName

str

 

 

properties__backupFrequency

str

 

 

properties__backupTimes

str

 

 

properties__backupDaysOfTheWeek

str

 

 

properties__dailyRetentionDuration

str

 

 

properties__dailyRetentionTimes

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag113
tag113
cloud.azure.siterecovery.addon_backup_protected_inst

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

level

str

 

 

telemetryProperties

str

 

 

deploymentUnit

str

 

 

eventId

int4

 

 

eventName

str

 

 

properties

json

 

 

properties__protectedContainerUniqueId

str

 

 

properties__vaultUniqueId

str

 

 

properties__protectedInstanceCount

str

 

 

properties__schemaVersion

str

 

 

properties__state

str

 

 

properties__backupManagementType

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag114
tag114
cloud.azure.siterecovery.addon_backup_storage

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

level

str

 

 

telemetryProperties

str

 

 

deploymentUnit

str

 

 

eventId

int4

 

 

eventName

str

 

 

properties

json

 

 

properties__storageUniqueId

str

 

 

properties__storageType

str

 

 

properties__storageName

str

 

 

properties__schemaVersion

str

 

 

properties__state

str

 

 

properties__backupManagementType

str

 

 

properties__backupItemUniqueId

str

 

 

properties__protectedContainerUniqueId

str

 

 

properties__vaultUniqueId

str

 

 

properties__storageConsumedInMBs

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag115
tag115
cloud.azure.siterecovery.backup_report

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

level

str

 

 

deploymentUnit

str

 

 

eventId

int4

 

 

eventName

str

 

 

properties

json

 

 

properties__vaultUniqueId

str

 

 

properties__protectedServerUniqueId

str

 

 

properties__cloudStorageInBytes

str

 

 

properties__protectedInstances

str

 

 

properties__schemaVersion

str

 

 

properties__state

str

 

 

properties__backupManagementType

str

 

 

properties__logBackupFrequency

str

 

 

properties__logBackupRetentionDuration

str

 

 

properties__policyTimeZone

str

 

 

properties__policyUniqueId

str

 

 

properties__policyName

str

 

 

properties__backupFrequency

str

 

 

properties__backupTimes

str

 

 

properties__backupDaysOfTheWeek

str

 

 

properties__dailyRetentionDuration

str

 

 

properties__dailyRetentionTimes

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Rw tab
title116-120

Anchor
tag116
tag116
cloud.azure.siterecovery.core_backup

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

level

str

 

 

telemetryProperties

str

 

 

deploymentUnit

str

 

 

eventId

int4

 

 

eventName

str

 

 

properties__backupItemUniqueId

str

 

 

properties__oldestRecoveryPointTimestamp

timestamp

Code Block
parsedate(properties__oldestRecoveryPointTime, dateformat("M/D/YYYY h:mm:ss A", "UTC"))

properties__oldestRecoveryPointTime

properties__oldestRecoveryPointLocation

str

 

 

properties__latestRecoveryPointTimestamp

timestamp

Code Block
parsedate(properties__latestRecoveryPointTime, dateformat("M/D/YYYY h:mm:ss A", "UTC"))

properties__latestRecoveryPointTime

properties__latestRecoveryPointLocation

str

 

 

properties__schemaVersion

str

 

 

properties__state

str

 

 

properties__backupManagementType

str

 

 

properties__backupItemFrontEndSize

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag117
tag117
cloud.azure.siterecovery.site_rec_recovery_points

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(timeStamp, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

timeStamp

resourceId

str

 

 

category

str

 

 

level

str

 

 

operationName

str

 

 

properties__version

str

 

 

properties__correlationId

str

 

 

properties__lastRecoveryPointTime

timestamp

Code Block
parsedate(replace(properties__lastRecoveryPoint, 'Z', ''), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS", "UTC"))

properties__lastRecoveryPoint

properties__latestAppConsistentrecoveryPointTime

timestamp

Code Block
parsedate(properties__latestAppConsistentRecoveryPoint, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

properties__latestAppConsistentRecoveryPoint

properties__replicatingDisksCount

int4

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag118
tag118
cloud.azure.siterecovery.site_rec_rep_stats

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(timeStamp, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

timeStamp

resourceId

str

 

 

category

str

 

 

level

str

 

 

operationName

str

 

 

properties__version

str

 

 

properties__correlationId

str

 

 

properties__uploadRPOInSeconds

int4

 

 

properties__uploadRPOUpdateTimestamp

timestamp

Code Block
parsedate(properties__uploadRPOUpdateTime, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

properties__uploadRPOUpdateTime

properties__processedRPOInSeconds

int4

 

 

properties__processedRPOUpdateTimestamp

timestamp

Code Block
parsedate(properties__processedRPOUpdateTime, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

properties__processedRPOUpdateTime

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag119
tag119
cloud.azure.siterecovery.site_rec_replicated_items

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

providerName

str

 

 

taskName

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

category

str

 

 

level

str

 

 

operationName

str

 

 

properties

json

 

 

properties__processServerName

str

 

 

properties__multiVmGroupId

str

 

 

properties__multiVmGroupName

str

 

 

properties__vCenter

str

 

 

properties__agentVersion

ip4

 

 

properties__masterTargetServer

str

 

 

properties__logStorageAccountId

str

 

 

properties__recoveryNetworkId

str

 

 

properties__lastHeartbeat

timestamp

 

 

properties__multiVmSyncStatus

str

 

 

properties__correlationId

str

 

 

properties__recoveryServicesProviderId

str

 

 

properties__replicationHealth

str

 

 

properties__failoverHealth

str

 

 

properties__name

str

 

 

properties__id

str

 

 

properties__primaryFabricName

str

 

 

properties__recoveryFabricName

str

 

 

properties__primaryFabricType

str

 

 

properties__recoveryFabricType

str

 

 

properties__protectionState

str

 

 

properties__activeLocation

str

 

 

properties__policyName

str

 

 

properties__replicationProviderName

str

 

 

properties__osFamily

str

 

 

properties__initialReplicationProgressPercentage

float8

 

 

properties__itemType

str

 

 

properties__rpoInSeconds

int4

 

 

properties__lastRpoCalculatedTime

timestamp

 

 

properties__version

timestamp

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag120
tag120
cloud.azure.sql.audit

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

resourceId

str

 

 

SubscriptionId

str

 

 

originalEventTimestamp

str

 

 

operationName

str

 

 

LogicalServerName

str

 

 

timestamp

timestamp

 

 

category

str

 

 

target_database_principal_id

int4

 

 

target_database_principal_name

str

 

 

user_defined_information

str

 

 

session_context

str

 

 

class_type_desc

str

 

 

is_column_permission

str

 

 

sequence_group_id

str

 

 

client_tls_version

int4

 

 

duration_milliseconds

int4

 

 

permission_bitmask

str

 

 

class_type

str

 

 

application_name

str

 

 

session_server_principal_name

str

 

 

action_id

str

 

 

object_name

str

 

 

audit_schema_version

int4

 

 

action_name

str

 

 

statement

str

 

 

client_ip

ip4

 

 

database_principal_id

int4

 

 

securable_class_type

str

 

 

transaction_id

int8

 

 

database_name

str

 

 

target_server_principal_id

int4

 

 

response_rows

int4

 

 

server_principal_id

int4

 

 

session_id

int4

 

 

database_principal_name

str

 

 

target_server_principal_name

str

 

 

affected_rows

int4

 

 

schema_name

str

 

 

object_id

int4

 

 

server_instance_name

str

 

 

is_server_level_audit

str

 

 

server_principal_name

str

 

 

sequence_number

int4

 

 

target_server_principal_sid

str

 

 

additional_information

str

 

 

event_id

str

 

 

data_sensitivity_information

str

 

 

connection_id

str

 

 

server_principal_sid

str

 

 

user_defined_event_id

int4

 

 

event_time

timestamp

 

 

host_name

str

 

 

succeeded

str

 

 

ResourceGroup

str

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str