5 строки
3.0 KiB
YAML
5 строки
3.0 KiB
YAML
externaldata(TenantId:string, Application:string, UserDomain:string, UserAgent:string, RecordType:string, TimeGenerated:datetime, Operation:string, OrganizationId:string, OrganizationId_:string, UserType:string, UserKey:string, OfficeWorkload:string, ResultStatus:string, ResultReasonType:string, OfficeObjectId:string, UserId:string, UserId_:string, ClientIP:string, ClientIP_:string, Scope:string, Site_:string, ItemType:string, EventSource:string, Source_Name:string, MachineDomainInfo:string, MachineId:string, Site_Url:string, Site_Url_:string, SourceRelativeUrl:string, SourceRelativeUrl_:string, SourceFileName:string, SourceFileName_:string, SourceFileExtension:string, DestinationRelativeUrl:string, DestinationFileName:string, DestinationFileExtension:string, UserSharedWith:string, SharingType:string, CustomEvent:string, Event_Data:string, ModifiedObjectResolvedName:string, Parameters:string, ExternalAccess:string, OriginatingServer:string, OrganizationName:string, Logon_Type:string, InternalLogonType:int, MailboxGuid:string, MailboxOwnerUPN:string, MailboxOwnerSid:string, MailboxOwnerMasterAccountSid:string, LogonUserSid:string, LogonUserDisplayName:string, ClientInfoString:string, Client_IPAddress:string, ClientMachineName:string, ClientProcessName:string, ClientVersion:string, Folder:string, CrossMailboxOperations:bool, DestMailboxId:string, DestMailboxOwnerUPN:string, DestMailboxOwnerSid:string, DestMailboxOwnerMasterAccountSid:string, DestFolder:string, Folders:string, AffectedItems:string, Item:string, ModifiedProperties:string, SendAsUserSmtp:string, SendAsUserMailboxGuid:string, SendOnBehalfOfUserSmtp:string, SendonBehalfOfUserMailboxGuid:string, ExtendedProperties:string, Client:string, LoginStatus:int, Actor:string, ActorContextId:string, ActorIpAddress:string, InterSystemsId:string, IntraSystemId:string, SupportTicketId:string, TargetContextId:string, DataCenterSecurityEventType:int, EffectiveOrganization:string, ElevationTime:datetime, ElevationApprover:string, ElevationApprovedTime:datetime, ElevationRequestId:string, ElevationRole:string, ElevationDuration:int, GenericInfo:string, SourceSystem:string, OfficeId:string, SourceRecordId:string, AzureActiveDirectory_EventType:string, AADTarget:string, Start_Time:datetime, OfficeTenantId:string, OfficeTenantId_:string, TargetUserOrGroupName:string, TargetUserOrGroupType:string, MessageId:string, Members:dynamic, TeamName:string, TeamGuid:string, ChannelType:string, ChannelName:string, ChannelGuid:string, ExtraProperties:dynamic, AddOnType:string, AddonName:string, TabType:string, Name:string, OldValue:string, NewValue:string, ItemName:string, ChatThreadId:string, ChatName:string, CommunicationType:string, AADGroupId:string, AddOnGuid:string, AppDistributionMode:string, TargetUserId:string, OperationScope:string, AzureADAppId:string, OperationProperties:dynamic, AppId:string, ClientAppId:string, Type:string, _ResourceId:string)
|
|
[
|
|
h@"https://STORAGEACCOUNTNAME.blob.core.windows.net/am-officeactivity/SASSIG"
|
|
]
|
|
with(format="json") |