Logs are coming from an Application Gateway setup as a WAF v2.0.
The logs are sent to my workspace, but the action_s and ruleId_s fields are not present in the AzureDiagnostics table. This prevents me from detecting which HTTP requests are being flagged by OWASP rules.
I have a second Application Gateway setup as a WAF with logs going to another workspace, and there the AzureDiagnostics table shows the action_s and ruleId_s fields. Both firewalls are setup the same.