AzureDiagnostics table not showing action_s and ruleId_s columns

Occasional Visitor

Logs are coming from an Application Gateway setup as a WAF v2.0.

The logs are sent to my workspace, but the action_s and ruleId_s fields are not present in the AzureDiagnostics table. This prevents me from detecting which HTTP requests are being flagged by OWASP rules.

 

I have a second Application Gateway setup as a WAF with logs going to another workspace, and there the AzureDiagnostics table shows the action_s and ruleId_s fields. Both  firewalls are setup the same.

0 Replies