Using external data sources to enrich network logs using Azure storage and KQL

Hi Secureskydev  , I have checked internally with kql team and it seems this is not supported yet. externaldata() operator expects its argument to be a scalar string so we can`t parameterize it via regular functions. You can post this as an idea on LA feedbacks if you wish for further cosideration.

• https://feedback.azure.com/forums/267889-azure-monitor-log-analytics

I can think the possible workaround for this use case will be to store entire offline databases in storage blob when available and filter or join with it to enrich data via inline kql queries. or use logic app/notebooks to do on-demand enrichment by querying the API.