How can I get a specific parameter field using KQL ?

Copper Contributor

Hello everyone,


I'd like to make a little table dashboard with the following request

| where OfficeWorkload == "Exchange"
| where Operation == "Add-MailboxPermission"

Then project the columns TimeGenerated, Parameters.Value (for the Identity field) and Parameters.Value (for the AccessRight field), and UserId.


I can't get to the parameters part because sometimes the fields I'm interested in are in the table in position 0 or 1 or 2 or 3 (constantly changing for same log type).




Do you have any solution to get the specific parameter field (example the Value when Name = Identity) for every log ?


Thanks a lot


1 Reply
Do not click this link it is a fake domain trying to steal credentials!!
The domain is not owned by Microsoft and was registered this morning.