cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Customizing Parameter Xml field in Log Analytics Query Result

MuthuKugan
Microsoft

‎Mar 31 2022 04:47 AM

‎Mar 31 2022 04:47 AM

Customizing Parameter Xml field in Log Analytics Query Result

Hi,

Based on requirement, we ran the following Query in log analytics workspace:

 

Event
| where EventID == 7001

ParameterXml field contains the value in XMl format as follows:

 

<Param>3</Param><Param>"Ramesh"</Param>

 

But we want to extract only the user name from ParameterXml column, so we used the following KQL:

Event
| where EventID == 7001
| extend userinfo=parse_xml(ParameterXml)
| extend Param_ = tostring(userinfo.Param)
| project userinfo,Computer,Param_

 

But the output of userinfo column showed in some sort of simplified manner as below
{"Param":"Ramesh"}

As we used following line

| extend Param_= tostring(userinfo.Param)

we thought of getting a user name but,

Param_ field also displaying number, rather than  username.


It doesn't met our requirement, Suggest a way to get only the username from the column.

476 Views
0 Likes
0 Replies
Reply
0 Replies