-24h now * * M365 Sharepoint Overview

Time Picker -24h@h now $time_tok.earliest$ $time_tok.latest$ Sites ObjectSite ObjectSite `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint | rex field=ObjectId "\\/sites\\/(?<ObjectSite>[^\\/]+)" | stats count by ObjectSite -24h@h now All * *

`m365_cp_default_index` sourcetype=o365:management:activity Workload=SharePoint Operation=PageViewed | stats dc(SiteName) $time_tok.earliest$ $time_tok.latest$ none ["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"] progressbar Sites Viewed in Sharepoint index="*" sourcetype="o365:management:activity" Workload=Sharepoint ItemType=File | search SiteName="$site_tok$" | dedup object_id | stats count(object_id) $time_tok.earliest$ $time_tok.latest$ none ["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"] progressbar Active Files `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint ItemType=Page | search SiteName="$site_tok$" | dedup object_id | stats count(object_id) $time_tok.earliest$ $time_tok.latest$ none ["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"] progressbar Active Pages `m365_cp_default_index` sourcetype="o365:graph:api" source IN ("getSharePointSiteUsageDetail(period='*')", "SharePointSiteUsageDetail") | rex field="Site URL" "\\/sites\\/(?<ObjectSite>[^\\/]+)" | search ObjectSite="$site_tok$" | stats count by "Storage Allocated (Byte)" "Storage Used (Byte)" ObjectSite, _time | rename "Storage Allocated (Byte)" as storage_allocated "Storage Used (Byte)" as storage_used ObjectSite as site_url | eval storage_remaining = storage_allocated - storage_used | eval %_storage_remaining = (storage_remaining/storage_allocated)*100 | chart avg(%_storage_remaining) by _time $time_tok.earliest$ $time_tok.latest$ none ["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"] progressbar 1 percent -7d % Storage remaining % `m365_cp_default_index` sourcetype=o365:management:activity Workload=SharePoint | rex field=ObjectId "\\/sites\\/(?<ObjectSite>[^\\/]+)" | search ObjectSite="$site_tok$" | timechart span=1d dc(UserId) -7d@h now 1 value block none 0 ["0x0070BD","0x0070BD"] [0] progressbar 1 1 0 1 medium standard absolute -7d Compared to last week after 1 1 `m365_cp_default_index` sourcetype="o365:management:activity" Workload=SharePoint Operation=PageViewed | top SiteName limit=5 $time_tok.earliest$ $time_tok.latest$ bar none none progressbar `m365_cp_default_index` sourcetype="o365:management:activity" Workload=SharePoint Operation=FileAccessed | search SiteName="$site_tok$" | top SourceFileName limit=5 $time_tok.earliest$ $time_tok.latest$ bar none none progressbar `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint ItemType=Page Operation=PageViewed | search SiteName="$site_tok$" | rex field=ObjectId "\\/(?<ObjectPage>[^\\/.]+).aspx$" | eval Page=if(isnull(ObjectPage),ObjectSite,ObjectPage) | search Page=* |top Page limit=5 $time_tok.earliest$ $time_tok.latest$ bar none none progressbar `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint ItemType=Page Operation=PageViewed | search SiteName="$site_tok$" | rex field=ObjectId "\\/(?<ObjectPage>[^\\/.]+).aspx$" | eval Page=if(isnull(ObjectPage),ObjectSite,ObjectPage) | search Page=* | timechart count by Page useother=f $time_tok.earliest$ $time_tok.latest$ line all progressbar Activity Type `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint ItemType="Page" OR ItemType="File" OR ItemType="Web" | stats count by ItemType $time_tok.earliest$ $time_tok.latest$ All ItemType ItemType * * `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint SiteName="$site_tok$" ItemType=$item_type_tok$ | timechart count by Operation $time_tok.earliest$ $time_tok.latest$ $start$ $end$ line all progressbar $earliest$ $latest$ $click.name2$ Operation Time Picker For User Activities -24h now Filter Field None User Action Target Operation makeresults makeresults |makeresults $user_act_time_tok.earliest$ $user_act_time_tok.latest$ $form.filter_value$ now Filter Value =" " Display Limit 50 50 `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint ItemType=$item_type_tok$ | search SiteName="$site_tok$" | rex field=ObjectId "\\/(?<ObjectPage>[^\\/.]+).aspx$" | eval Page=if(isnull(ObjectPage),SiteName,ObjectPage) | eval action_target=case(ItemType="Web",TargetUserOrGroupName,ItemType="File",SourceFileName,ItemType="Page",Page,isnotnull(ObjectId),ObjectId) | search $filter_field$$filter_value$ | stats count by UserId Operation | sort -count | head $display_limit_tok$ | rename UserId as source, Operation as target $user_act_time_tok.earliest$ $user_act_time_tok.latest$ none 578 progressbar `m365_cp_default_index` sourcetype="o365:management:activity" Workload=Sharepoint ItemType=$item_type_tok$ | search SiteName="$site_tok$" | rex field=ObjectId "\\/(?<ObjectPage>[^\\/.]+).aspx$" | eval Page=if(isnull(ObjectPage),SiteName,ObjectPage) | eval action_target=case(ItemType="Web",TargetUserOrGroupName,ItemType="File",SourceFileName,ItemType="Page",Page,isnotnull(ObjectId),ObjectId) | search $filter_field$$filter_value$ | table _time UserId Operation action_target | sort -_time $user_act_time_tok.earliest$ $user_act_time_tok.latest$ progressbar $click.name2$ $click.value2$