Forum Discussion
Solved
Custom log table having two timestamps in Sentinel
Hi,
Signal Science logs are flowing into Sentinel under a custom table and this table ends up generating two stamps (both are few hours apart). The Signal science logs are ingested using a custom Azure function and I believe this custom function need some tweaking.
- I am new to functions so trying to understand how to locate the custom function ?
- What are the usual reasons we can see two timestamps under a table in Sentinel ?
Thanks !!
- These are probably Function Apps - look for "Function app" in the Azure Portal. Then select the Function App --> Functions --> select the specific function --> Code & test (which allows you to see the code).
ingestion_time() and TimeGenerated are the two main Timestamps - why you have others the function app (hopefully) will explain that or look at the schema, if Signal have a page on that?
2 Replies
- These are probably Function Apps - look for "Function app" in the Azure Portal. Then select the Function App --> Functions --> select the specific function --> Code & test (which allows you to see the code).
ingestion_time() and TimeGenerated are the two main Timestamps - why you have others the function app (hopefully) will explain that or look at the schema, if Signal have a page on that?- Thanks for the response. I got the functions.
Are SentinelAppIngestion and SentinelAppProcessing some of the default functions in Sentinel ?
