Skip to content

Commit e297913

Browse files
Court72Court72
authored
Merge pull request #110210 from nconvery/patch-2
Update activity-log.md
2 parents 168b68c + 937f77d commit e297913

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

articles/azure-monitor/essentials/activity-log.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,9 @@ AzureActivity
9696
| where CategoryValue == "Administrative"
9797
```
9898

99+
> [!Important]
100+
> In some scenarios, it's possible that values in fields of AzureActivity might have different casings from otherwise equivalent values. Take care when querying data in AzureActivity to use case-insensitive operators for string comparisons, or use a scalar function to force a field to a uniform casing before any comparisons. For example, use the [tolower()](/azure/kusto/query/tolowerfunction) function on a field to force it to always be lowercase or the [=~ operator](/azure/kusto/query/datatypes-string-operators) when performing a string comparison.
101+
99102
## Send to Azure Event Hubs
100103

101104
Send the activity log to Azure Event Hubs to send entries outside of Azure, for example, to a third-party SIEM or other log analytics solutions. Activity log events from event hubs are consumed in JSON format with a `records` element that contains the records in each payload. The schema depends on the category and is described in [Azure activity log event schema](activity-log-schema.md).

0 commit comments

Comments
 (0)