Azure sentinel log data fields missing

%3CLINGO-SUB%20id%3D%22lingo-sub-1989986%22%20slang%3D%22en-US%22%3EAzure%20sentinel%20log%20data%20fields%20missing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1989986%22%20slang%3D%22en-US%22%3E%3CP%3EHI%20Team%2C%3C%2FP%3E%3CP%3EWE%20have%20observed%20that%20some%20of%20the%20fields%20are%20missing%20after%20we%20normalize%20the%20data%20in%20Azure%20Sentinel.%20Where%20customer%20want%20some%20other%20fields%20also%20need%20to%20show%20in%20Normalized%20data.%3C%2FP%3E%3CP%3EIf%20we%20ingest%20payload%20data%20into%20the%20log%20Analytics%20the%20cost%20is%20going%20double.%3C%2FP%3E%3CP%3ECould%20we%20have%26nbsp%3B%20solution%20for%20this.%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3ETv19%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

HI Team,

WE have observed that some of the fields are missing after we normalize the data in Azure Sentinel. Where customer want some other fields also need to show in Normalized data.

If we ingest payload data into the log Analytics the cost is going double.

Could we have  solution for this.

Regards,

Tv19

1 Reply
Hi, which data sources and fields? Which Tables are you using i.e CommonSecurityLog and the missing data is 'a column called, "my data"'. A screenshot and samples would be helpful? How have you normalized the data, is this your own function or one or one (or all) of the provided ones?

Thanks