I wrote a recent article that talks about tips for doing Data Sampling for Azure Sentinel. Data Sampling is a method that allows the Sentinel Analyst to figure out where and what data exists in the Log Analytics workspace to help hone KQL queries to produce good data results.
Read that here if you missed it: Tips for KQL Data Sampling as part of Azure Sentinel Investigations
But, what if you just want to a good reference for the available tables and have each data column broken down by description. That would be nice, wouldn’t it?
Well, you can do that.
If you hover your mouse cursor for a brief couple seconds over any table in the listing a pop-up window will display that gives a brief description of the table, but also includes a link to Learn more. Some of the links will take you directly to the specific Azure Monitor Logs reference pages on the Microsoft docs platform, but some don’t quite work yet. So, it’s a bit of a hit-and-miss. When they work, it’s an awesome thing.
However, here’s the link to the actual Azure Monitor Logs reference on the Docs platform: https://aka.ms/MonitorLogs
If you want to still look up the reference for an existing table in Azure Sentinel but the link doesn’t work in the UI, just start typing the table name in the Filter field at the top left.
