We have audit logging in Azure Log Analytics set up for an Azure SQL Database we operate. I would like to query these logs to view user transactions to track down queries that have unintended consequences.
I've written the following Azure Log Analytics query, which I think is returning a result set that includes all of our user transactions:
AzureDiagnostics| where database_name_s == '<our_database_name_here>'| where application_name_s in ('azdata-Query', 'Microsoft JDBC Driver for SQL Server', 'node-mssql')| where (action_name_s == 'BATCH COMPLETED' or action_name_s == 'RPC COMPLETED') // Regular statements, stored procedures| project action_name_s, event_time_t, statement_s, succeeded_s, response_rows_d, affected_rows_d, server_principal_name_s, client_ip_s, application_name_s, additional_information_s, data_sensitivity_information_s| order by event_time_t descBut the results also include lots of transactions that haven't consciously been run by a principal, e.g. SELECT CONVERT(NVARCHAR(36), CONTEXT_INFO()). I'm sure these transactions have been executed against the database, but they haven't consciously been run a user. Is there a way of excluding these transactions?
(NB: The application_name_s clause is designed to include statements run by a couple of front-ends we have connected to the database.)