Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for GKEAudit table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Security |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✓ Yes |
| Azure Monitor Tables Reference | View Documentation |
| Azure Monitor Logs Ingestion API | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| InsertId | string | A unique identifier for the log entry, used to deduplicate log records. |
| JsonPayload | dynamic | The JSON representation of the log entry payload, often containing key audit data when not using ProtoPayload. |
| Labels | dynamic | Custom key-value pairs that provide additional metadata for the log entry, such as environment or custom tags. |
| logName | string | The full name of the log (e.g., projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity), showing the type and location of the log data. |
| LogType | string | The category or type of log, such as GKEAudit, indicating the origin of the log data. |
| Operation | dynamic | Contains information about an operation associated with the log, such as operation ID and producer. |
| ProtoPayload | dynamic | A structured representation of the audit log entry using the Protobuf format. Contains detailed audit event data such as method name, status, and authentication info. |
| ReceiveTimestamp | datetime | The time when the log entry was received by the logging system. |
| Severity | string | The severity level of the log entry (e.g., INFO, WARNING, ERROR). Indicates the importance or impact of the event. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp indicating when the log event was created or generated by the source system. |
| Type | string | The name of the table |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Google Kubernetes Engine (via Codeless Connector Framework) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊