Forum Discussion
AzureDiagnostics table not showing action_s and ruleId_s columns
Logs are coming from an Application Gateway setup as a WAF v2.0.
The logs are sent to my workspace, but the action_s and ruleId_s fields are not present in the AzureDiagnostics table. This prevents me from detecting which HTTP requests are being flagged by OWASP rules.
I have a second Application Gateway setup as a WAF with logs going to another workspace, and there the AzureDiagnostics table shows the action_s and ruleId_s fields. Both firewalls are setup the same.
3 Replies
- Those fields are only being created when new records with the "action_s" and "ruleId_s" are being injected in the Log Analytics Workspace.
If no HTTPS requist are flagged by the OWASP rules, no logging is done and the fields are not created. - Any solution already? We are facing the same problem
- I am having this same issue with no current resolution. Did you ever find a way to fix this?
