[LA://Source_AzureActivity]
application_id = #################
application_key = ***********
event_delay_lag_time = 15
index = myazureactivity_index
sourcetype = myazureactivity_sourcetype
interval = 300
log_analytics_query = AzureActivity | where ResourceGroup != ""
resource_group = TTTTTTTTTTT
start_date = 01/01/2019 00:00:00
subscription_id = ###########################
tenant_id = **********************************
workspace_id = ###################################
disabled = 0

 

we have similar configuration for rest of the inputs, but i am seeing less coung only for azure activity