Forum Discussion
MicrosoftExternal file support in KQL - Azure Sentinel
Sanket26 Yes. See the following for an example:
I've just created a file for you to try that you can access on-the-fly using the KQL query:
externaldata (UserID:string, DomainName:string) [@"https://raw.githubusercontent.com/jjsantanna/test_csv/master/ioc.csv"] with (format="csv",ignoreFirstRecord=true)This is the easiest way to access external data. You can also create a blob within Azure and call from it. You can also read external text file, json, and many others.
Does this answer your question?
Sanket26The issue which I am facing right now is : The html page where the csv is hosted isn't in desired format (There are multiple lines of header before the actual data). Also downloading the file, modifying the format and then uploading to a blob isn't the best option for me.
I am getting this error :
Partial query failure: Wrong number of fields (E_WRONG_NUMBER_OF_FIELDS). (message: 'Kusto::Csv::Parser<>.PrepareFields: CSV has an inconsistent number of fields per line: ', details: 'Offending record: 10 (start position in stream: 531), fieldsCount: 4, currentRecordFieldCount: 4, record: # ja3_md5,Firstseen,Lastseen,Listingreason
[end record]')- If you send me the link to the HTML containing the csv I can try to help you.
Does it need to be in Log Analytics/Azure Sentinel using KQL?
