For some reason the Zsclaer data connector does not have a destination IP column in the logs. The destination IP is buried in the "AdditionalExtensions" column and this is causing an issue.
Is it possible to somehow parse the data in the "AdditionalExtensions" field and populate a column named "DestinationIP" with the IP in there?
You can use Parse or Extend for this, one example:
CommonSecurityLog
| project AdditionalExtensions
| parse AdditionalExtensions with *'=' DestinationIP ';'*
However the built-in Parsers (ASIM) also do this, depending on the product you have.
