Hi ,
Thanks for reaching out to Microsoft Q&A.
From the provided image and context, it seems that the diagnostic settings for Azure Key Vault in the portal are configured to only log Audit Logs and AllMetrics. However, the properties eventGridEventProperties_data_ObjectName_s
and eventGridEventProperties_data_EXP_d
you are looking for are associated with Event Grid integration with Key Vault.
To ensure that these properties appear in Log Analytics, you might need to:
Verify Event Grid Subscription Configuration:
- Ensure that Key Vault is integrated with Event Grid and that the subscription is configured to send the relevant event types (e.g., Secret Expiry Events).
Include Additional Log Categories:
- If Event Grid logs are required for these properties, you might need to configure **Azure Policy Evaluation Details** or other related diagnostic settings. Ensure that you are enabling logs that cover Event Grid events.
**Enable Event Grid Diagnostics**:
- If Event Grid diagnostics are not enabled, you will not see these properties in the logs. Check the Event Grid Topic or Subscription settings and enable diagnostics for them as well.
**Validate Permissions**:
- Ensure that the Log Analytics workspace has appropriate permissions to ingest Event Grid data.
**Update KQL Query**:
- Sometimes, the issue might also be related to how the data is queried. Ensure that the KQL query is targeting the correct table and schema.
- Check Documentation for Updates:
- Refer to the Azure docs (Event Schema - Key Vault) to confirm which event types and logs need to be enabled.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.