Nota
El acceso a esta página requiere autorización. Puede intentar iniciar sesión o cambiar directorios.
El acceso a esta página requiere autorización. Puede intentar cambiar los directorios.
Para obtener información sobre cómo utilizar estas consultas en el portal de Azure, consulte el tutorial de Log Analytics. Para obtener la API REST, consulte Consulta.
Registros de flujo de red quitados
Obtenga todos los registros de flujo de red que se quitaron.
RetinaNetworkFlowLogs
| where Verdict == "DROPPED"
| limit 100
Principales 10 métricas de registro de flujo de red
Obtenga las métricas del registro de flujo de red para las 10 principales direcciones IP de origen y destino, según el total de bytes enviados y recibidos.
let TopSourceIPs =
RetinaNetworkFlowLogs
| summarize TotalPacketsSent = sum(PacketsSent) by SourceIP = IP.Source
| extend MetricCategory = "Top Source IPs by Packets Sent"
| project MetricCategory, Entity = SourceIP, Value = TotalPacketsSent
| top 10 by Value desc;
let TopDestinationIPs =
RetinaNetworkFlowLogs
| summarize TotalPacketsReceived = sum(PacketsReceived) by DestinationIP = IP.Destination
| extend MetricCategory = "Top Destination IPs by Packets Received"
| project MetricCategory, Entity = DestinationIP, Value = TotalPacketsReceived
| top 10 by Value desc;
let TopSourceIPsByBytes =
RetinaNetworkFlowLogs
| summarize TotalBytesSent = sum(BytesSent) by SourceIP = IP.Source
| extend MetricCategory = "Top Source IPs by Bytes Sent"
| project MetricCategory, Entity = SourceIP, Value = TotalBytesSent
| top 10 by Value desc;
let TopDestinationIPsByBytes =
RetinaNetworkFlowLogs
| summarize TotalBytesReceived = sum(BytesReceived) by DestinationIP = IP.Destination
| extend MetricCategory = "Top Destination IPs by Bytes Received"
| project MetricCategory, Entity = DestinationIP, Value = TotalBytesReceived
| top 10 by Value desc;
let TopProtocols =
RetinaNetworkFlowLogs
| summarize TotalUsage = count() by Protocol
| extend MetricCategory = "Top Protocols by Usage"
| project MetricCategory, Entity = Protocol, Value = TotalUsage
| top 10 by Value desc;
TopSourceIPs
| union TopDestinationIPs
| union TopSourceIPsByBytes
| union TopDestinationIPsByBytes
| union TopProtocols