ACSAuthIncomingOperations 表的查询

列出不同的身份验证操作

返回身份验证操作和版本对的所有不同组合。

ACSAuthIncomingOperations
| distinct OperationName, OperationVersion 
| limit 100

计算身份验证操作持续时间百分位数

计算每个身份验证操作的第 90、95 和 99 百分位运行持续时间（以毫秒为单位）。 可以将其自定义为针对单个操作或其他百分位数运行。

ACSAuthIncomingOperations
// where OperationName == "<operation>" // This can be uncommented and specified to calculate only a single operation's duration percentiles
| summarize percentiles(DurationMs, 90, 95, 99) by OperationName, OperationVersion // calculate 90th, 95th, and 99th percentiles of each Operation
| limit 100

每个身份验证操作前 5 个 IP 地址

对于每个身份验证操作，提取调用该操作最多的 5 个 IP 地址。

ACSAuthIncomingOperations
// | where OperationName == "<operation>" // This can be uncommented and specified to calculate only a single operation's count
| top-nested of OperationName by dummy=max(0), // For all the Operations...
  top-nested 5 of CallerIpAddress by count() // List the IP address that have called that operation the most
| project-away dummy // Remove dummy line from the result set
| limit 100

身份验证操作错误

列出按 recency 排序的每个身份验证错误。

ACSAuthIncomingOperations
| where ResultType == "Failed"
| project TimeGenerated, OperationName, OperationVersion, ResultSignature, ResultDescription
| order by TimeGenerated desc
| limit 100

身份验证操作结果计数

对于每个身份验证操作，计算返回结果的类型。

ACSAuthIncomingOperations
| summarize Count = count() by OperationName, ResultType //, ResultSignature // This can also be uncommented to determine the count of each ResultSignature for each ResultType 
| order by OperationName asc, Count desc
| limit 100