Hi,
I have made a Loganalatycs workspace, Resource and configured a query to get an alert when some user logs in to Azure or application. However when i test the user login i do not get an email and when executing the query it says that there are no results. Someone a idea what am i doiing wrong?
The query is:
SigninLogs
| project UserId
| where UserId == "objectid" or UserId == "objectid"
The objectid is copied from active directory users in Azure so they must be good.
Settings:
Number of result greater then 0
evaluate based on periode 5 minutes and frequency 5 minutes
When testing the query it gives no error but also there are no results to display. Maybe i must make a connection or something but i did the config as Microsoft advice.