This guide will show you how to run a sample query in the Azure Portal.
Remember that to run a sample query you must set up a Log Analytics workspace in Configuration Manager.
To run a sample query, follow the steps below:
- Navigate to Log Analytics Workspaces in portal.azure.com
- Select the desired workspace, which, in our case, will be the “SimeonCloud” workspace
- Go to “logs” and close the “Queries hub” pop up
- Add the KQL (Kusto Query Language) query, for example conditional access policy changes
- Select the Time range
- Run the query
The query will return results, if successful.
As the query has returned results, we can proceed with creating our custom alert.