Forum Discussion
Solved
How can I get a specific parameter field using KQL ?
Hello everyone, I'd like to make a little table dashboard with the following request OfficeActivity | where OfficeWorkload == "Exchange" | where Operation == "Add-MailboxPermission" Then pr...
Alexander_Ceyran you can do something like this. Since Parameters stores a JSON array you can convert it to a dynamic type and then use the mv-expand command to expand each entry in the array into its own row and then filter the rows
OfficeActivity| where OfficeWorkload == "Exchange"| where Operation == "Add-MailboxPermission"| extend test = (todynamic(Parameters))| mv-expand(test)| where test contains "DomainController"
Hi Everyone,
Is there any way to extract the values of Identity/Access Rights as a new field? Parse_json based functions are not suitable in this scenario as the position of those values are changing based on different events
Is there any way to extract the values of Identity/Access Rights as a new field? Parse_json based functions are not suitable in this scenario as the position of those values are changing based on different events
ArjunPrasad Take a look at the parse operator. https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/parseoperator