AZ-500 · Question #630
AZ-500 Question #630: Real Exam Question with Answer & Explanation
The correct answer is B: an XPath query. Collect Windows events from virtual machine with Azure Monitor Filter events using XPath queries The basic configuration in the Azure portal provides you with a limited ability to filter events based on log and severity. To specify more granular filtering, use custom configuratio
Question
You have an Azure subscription that contains a virtual machine named VM1. You are creating a data collection rule (DCR) named DCR1 that will collect events from VM1. You need to ensure that only events that have an ID of 4798 are collected. What should you use in DCR1?
Options
- Aa PowerShell script
- Ban XPath query
- Ca KQL query
- Da T-SQL query
Explanation
Collect Windows events from virtual machine with Azure Monitor Filter events using XPath queries The basic configuration in the Azure portal provides you with a limited ability to filter events based on log and severity. To specify more granular filtering, use custom configuration and specify an XPath that filters for only the events you need. XPath entries are written in the form LogName!XPathQuery. For example, you might want to return only events from the Application event log with an event ID of 1035. The XPathQuery for these events would be [System[EventID=1035]]. Because you want to retrieve the events from the Application event log, the XPath is Application![System[EventID=1035]] https://learn.microsoft.com/en-us/azure/azure-monitor/vm/data-collection-windows-events'
Community Discussion
No community discussion yet for this question.