none
Analysis of ATA logs RRS feed

  • Question

  • Hi all,

    We have implemented the ATA in our environment, but in trying to analyze the logs to check for problems found in relation to user accounts, we are unable to identify much of the information found.

    For example, there is a log field called "Unique Entity Profile Json", which contains a lot of information. However, we can not identify what this information is.

    At some point, an information called "ProtocolToTimeToActivityCountMapping" appears with a series of information inside brackets (in the format "ProtocolToTimeToActivityCountMapping": [[xxxxxxx]]).

    We would like to know what this information refers to, we could not locate it anywhere.

    Thank you very much for your attention.

    <textarea autocapitalize="off" autocomplete="off" autocorrect="off" class="goog-textarea" dir="ltr" id="contribute-target" name="edit-text" rows="1" spellcheck="false" style="height:auto;padding-right:20px;-ms-overflow-x:auto;-ms-overflow-y:hidden;box-sizing:border-box;" tabindex="0" wrap="SOFT"></textarea>

    Wednesday, April 18, 2018 8:40 PM

All replies

  • Hi all,

    We have implemented the ATA in our environment, but in trying to analyze the logs to check for problems found in relation to user accounts, we are unable to identify much of the information found.

    For example, there is a log field called "Unique Entity Profile Json", which contains a lot of information. However, we can not identify what this information is.

    At some point, an information called "ProtocolToTimeToActivityCountMapping" appears with a series of information inside brackets (in the format "ProtocolToTimeToActivityCountMapping": [[xxxxxxx]]).

    We would like to know what this information refers to, we could not locate it anywhere.

    Thank you very much for your attention.


    Wednesday, April 18, 2018 8:41 PM
  • The info in the "Json" columns is not intended for direct customer usage.
    It's meant for troubleshooting by Microsoft Support or the product group, and this is why this data is not documented, and can often change completely.

    Eventually this data can help us answer questions like "We didn't expect the system to trigger, so why did it?" and "Is this alert a false positive?" when it's not clear by the "standard" data.

    Wednesday, April 18, 2018 10:02 PM