Importing event logs into workspace that have a property like the following:
We are interested in the second parameter. Is there a query that can distill this down into one property?
View best response
Are you asking about parsing? Example:
print txt = "<Param>1</Param><Param>2</Param><Param>3</Param><Param>4</Param><Param>5</Param>"
| parse txt with *"<Param>2</" p2 "><Param>3"*
Go to Log Analytics and Run Query
@andrew_bryant The Sentinel blog had a post a while ago about working with JSON that may help.
This was what I was looking for. Here is the query I ended up using: