Re: Logs not extracting

usmsplunksme · ‎06-01-2020

Hi all,
any assistance with this app would be grateful. I managed to connect to our LA workspace and receive logs in splunk, but none of the logs have any extractions.

any assistance would be appreciated.

edhealea · ‎08-02-2021

I couldn't find any thing published for this so I had to create a field extraction for each individual query that we implemented. It took a few tries on each one. Just when I thought I had it, MS would through a new format in the query but they have been pretty stable lately. They are not the prettiest regexes but they are working for us.

grout · ‎07-31-2021

I am facing the same issue with the kusto graber and its not able to parse the json format

edhealea · ‎09-01-2020

Did you ever make any head way with this? I am having the same issue with pulling in log analytics events from Azure using the Grabber.

02sangeet · ‎09-22-2021

Could you please help us, giving some idea about the extraction you used to solve this issue. I am also facing the same issue here, though we are able to fetch some data from MS Azure log analytics but data shows only header part.

Logs not extracting

other

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases