Email: helpdesk@telkomuniversity.ac.id

This Portal for internal use only!

All Categories

All Categories

Search

0 Wishlist

Cart

Categories
More Categories Less Categories

iconTicket Service Desk

All Categories

All Categories

Search

0 Wishlist

Cart

Menu
Home/Microsoft/Custom Log parsing issue

Custom Log parsing issue

/ 2024-06-09 / Microsoft

Hi all,

I have an issue with custom logs (NGINX Logs).
I create a new table in the Log Analytics Workspace using DCR-Based Mode.
The raw log looks like
2024-06-09T10:52:13+02:00 | 149.154.229.84 | GET | https://dsk.xxxx.lu/test.html | HTTP/1.1 | 404 | 21 | – | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 | 0.053

I used the following Json formats:

Format 1:
[
{
“TimeGenerated”: “2024-06-04 08:31:56”,
“DateTime”: “2024-06-09T10:52:13+02:00”,
“http_x_forwarded_for” : “149.154.229.84”,
“request_method” : “GET”,
“URL” : “https://https://dsk.xxxx.lu/test.html
“HTTP_Version”: “HTTP/1.1”,
“status”: “404”,
“body_bytes_sent”: “21”,
“http_referer”: “-“,
“http_user_agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36”,
“request_time”: “0.053”
}
]

Format 2:
[
{
“TimeGenerated”: “2024-06-04 08:31:56”,
“RawData”: “2024-06-09T10:52:13+02:00 | 149.154.229.84 | GET | https://dsk.xxxx.lu/test.html | HTTP/1.1 | 404 | 21 | – | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 | 0.053

}
]

If I use Format 1, I can’t see the log payload when performing KQL Query (See Log Nok image )
If I use Format 2, I can see the log payload when performing KQL Query (See Log OK image)

Any idea ??

 

Regards,

 

HA

​Hi all,I have an issue with custom logs (NGINX Logs).I create a new table in the Log Analytics Workspace using DCR-Based Mode.The raw log looks like2024-06-09T10:52:13+02:00 | 149.154.229.84 | GET | https://dsk.xxxx.lu/test.html | HTTP/1.1 | 404 | 21 | – | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 | 0.053I used the following Json formats:Format 1:[{“TimeGenerated”: “2024-06-04 08:31:56″,”DateTime”: “2024-06-09T10:52:13+02:00″,”http_x_forwarded_for” : “149.154.229.84”,”request_method” : “GET”,”URL” : “https://https://dsk.xxxx.lu/test.html””HTTP_Version”: “HTTP/1.1″,”status”: “404”,”body_bytes_sent”: “21”,”http_referer”: “-“,”http_user_agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36″,”request_time”: “0.053”}]Format 2:[{“TimeGenerated”: “2024-06-04 08:31:56″,”RawData”: “2024-06-09T10:52:13+02:00 | 149.154.229.84 | GET | https://dsk.xxxx.lu/test.html | HTTP/1.1 | 404 | 21 | – | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 | 0.053”}]If I use Format 1, I can’t see the log payload when performing KQL Query (See Log Nok image )If I use Format 2, I can see the log payload when performing KQL Query (See Log OK image)Any idea ?? Regards, HA  Read More

Tags:

Related posts

From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data
2024-11-14

From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data

Microsoft introduces new adapted AI models for industry
2024-11-13

Microsoft introduces new adapted AI models for industry

IDC’s 2024 AI opportunity study: Top five AI trends to watch
2024-11-13

IDC’s 2024 AI opportunity study: Top five AI trends to watch

Leave a Reply

Your email address will not be published. Required fields are marked *

Adobe
Google for Education
IBM
Matlab
Microsoft
Wordpress
Visual Paradigm
Opensource

Portal Application Package Repository Telkom University, for internal use only, empower civitas academica in study and research.

Information

Contact Us

Copyright © Telkom University. All Rights Reserved. ch