Forum Discussion
Solved
Editing Custom Fields for syslog message extraction
Hi, I am currently creating new custom fields to extract the data from a syslog data source. Having initially setup the three fields I need I've now found a set of messages that do not parse corr...
Normally we do any parsing at query time. The use of custom fields has dropped off in the past few years.
You can either parse, regex or extract in the query or create a parser, like the one shown in the recent Teams article https://techcommunity.microsoft.com/t5/azure-sentinel/protecting-your-teams-with-azure-sentinel/ba-p/1265761
Normally we do any parsing at query time. The use of custom fields has dropped off in the past few years.
You can either parse, regex or extract in the query or create a parser, like the one shown in the recent Teams article https://techcommunity.microsoft.com/t5/azure-sentinel/protecting-your-teams-with-azure-sentinel/ba-p/1265761
