cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I get a specific parameter field using KQL ?

Alexander_Ceyran
Copper Contributor

‎Apr 20 2020 06:26 AM - last edited on ‎Apr 08 2022 10:23 AM by

‎Apr 20 2020 06:26 AM - last edited on ‎Apr 08 2022 10:23 AM by

How can I get a specific parameter field using KQL ?

Hello everyone,

 

I'd like to make a little table dashboard with the following request

OfficeActivity
| where OfficeWorkload == "Exchange"
| where Operation == "Add-MailboxPermission"

Then project the columns TimeGenerated, Parameters.Value (for the Identity field) and Parameters.Value (for the AccessRight field), and UserId.

 

I can't get to the parameters part because sometimes the fields I'm interested in are in the table in position 0 or 1 or 2 or 3 (constantly changing for same log type).

 

Capture1.PNG

 

Do you have any solution to get the specific parameter field (example the Value when Name = Identity) for every log ?

 

Thanks a lot

Alexander

Labels:
999 Views
0 Likes
1 Reply
Reply
1 Reply
bsweetman

‎Apr 20 2020 09:25 AM

‎Apr 20 2020 09:25 AM

Re: How can I get a specific parameter field using KQL ?

Do not click this link it is a fake domain trying to steal credentials!!
The domain is not owned by Microsoft and was registered this morning.
1 Like
Reply