Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
1,412 questions with Microsoft Security | Microsoft Sentinel tags
0 answers
CCF Data Connector – Pagination and Checkpoint handing with PageToken & PageStartTime
Hi Team, I am currently developing a custom Azure Sentinel Data Connector via the Common Connector Framework (CCF) for Google SecOps APIs. I am currently facing challenges related to pagination handling and state management for subsequent…
Microsoft Security | Microsoft Sentinel
asked 2026-04-17T12:16:23.0133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 12%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFS%3C/text%3E%3C/svg%3E)
Fenil Savani
0
Reputation points
edited a comment 2026-04-17T13:02:55.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shubham Sharma
13,490
Reputation points Microsoft External Staff
Moderator
1 answer
Integrating AWS Security Hub into Microsoft Sentinel
Hello, I currently have Security Hub enabled in my AWS environment; however, the CloudWatch Logs are centralized for OU. Meaning, we have all of our logs automatically going to a Log Archive account for CW Logs. The issue is, in the CloudFormation…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-04-14T16:23:13.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 78%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Milt
0
Reputation points
commented 2026-04-17T09:59:57.5766667+00:00
Shubham Sharma
13,490
Reputation points Microsoft External Staff
Moderator
0 answers
Data lake configuration
Data lake creation fails with "Something went wrong" after multiple failed provisioning attempts. Microsoft.Kusto provider was not registered during initial attempts - now registered but the error persists. No orphaned ADX clusters found.…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-04-17T01:01:37.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 89%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Michael Woods
0
Reputation points Microsoft Employee
commented 2026-04-17T02:05:59.5466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 2%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Manoj Kumar Boyini
12,560
Reputation points Microsoft External Staff
Moderator
1 answer
Query Regarding Analytic Rule Limits in Microsoft Sentinel
I would like to understand the limitations and best practices related to analytic rules in Microsoft Sentinel. Specifically, I have the following queries: Is there a maximum limit on the number of analytic rules that can be kept active within a…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 83%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
1 answer
We are experiencing an issue with the Cisco Meraki data connector in Microsoft Sentinel via API
We are experiencing an issue with the Cisco Meraki data connector in Microsoft Sentinel. The Meraki connector shows Disconnected / Not ingesting, and no security events are being retrieved from the Meraki REST API. Troubleshooting performed: Meraki MX…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-04-09T20:09:37.53+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 75%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Tumisang Moloi (MEA)
0
Reputation points
commented 2026-04-16T06:35:12.5333333+00:00
Tumisang Moloi (MEA)
0
Reputation points
1 answer
Microsoft Sentinel cannot invoke playbook – missing required permissions despite correct IAM
We are encountering a Microsoft Sentinel automation/playbook execution failure. Error: "Failed to trigger playbook – Missing required permissions for Microsoft Sentinel on the playbook resource" Details: - Playbook is Logic App (Consumption) -…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-04-08T20:15:23.8666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 56.00000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Spencer Hauck
0
Reputation points
edited the question 2026-04-11T02:33:17.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sridevi Machavarapu
27,315
Reputation points Microsoft External Staff
Moderator
2 answers
One of the answers was accepted by the question author.
Onboarding New clients data sources to my microsoft sentinel
we are running Microsoft sentinel and monitoring our internal data sources, now we want to Onboard New client's data sources to our Microsoft sentinel. Can you take me through this step by step how to do this by best practice. how can I segregate…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-03-18T08:29:17.4266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 72%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPZ%3C/text%3E%3C/svg%3E)
Phumlani Zwane
20
Reputation points
accepted 2026-04-08T05:58:37.9466667+00:00
Phumlani Zwane
20
Reputation points
1 answer
Azure Sentinel Data Connectors not consistent accross platforms
I noticed that data connectors list in Azure Powershell, Azure Portal and Defender portal are not consistent. Results I got from PowerShell (12 connectors) Defender Portal (3 connectors) Azure Portal (10 connectors) What is the most reliable way to…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-04-01T14:52:22.6766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYF%3C/text%3E%3C/svg%3E)
Yasmin, Fitri
376
Reputation points
commented 2026-04-03T07:10:34.89+00:00
Yasmin, Fitri
376
Reputation points
1 answer
MS Sentinel Parsers - User account disable/enable events across local account and Entra contexts
I need an IM parser that can grab Event ID 4772 events, as well as grab "Enable account" operation events from the Azure AuditLog table. Does an out of the box parser exist for this use-case? I can see there's _Im_UserManagement parser for the…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-03-20T15:15:14.9433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 6%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Matthew Thompson
0
Reputation points
commented 2026-04-01T12:15:33.3666667+00:00
Raja Pothuraju
47,165
Reputation points Microsoft External Staff
Moderator
2 answers
How to fix Microsoft Azure Sentinel to OCI issue , Codeless Connector deployment failed.
Microsoft Sentinel connector failed. Connectivity check failed. ConnectorId: oracle-cloud-infra-connector 63c27576-2a31-4993-9649-dd6fe2b01ce5, Status code:OCI40003
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-01-15T20:01:53.7933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 88%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Shailesh Namjoshi
0
Reputation points
commented 2026-04-01T09:50:30.6433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 57.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Nikos Sideris
0
Reputation points
1 answer
What do I use for the Identity provider for Microsoft Sentinel?
I've confirmed everything is configured in AWS, one a few concerns I have is the account ID in the trust policy role and as well as the openId connect. Is this the Identity provider i'm using for SSO with AWS? Or the one I use for Microsoft Sentinel?…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-01-02T19:14:41.62+00:00
Milt
0
Reputation points
commented 2026-03-31T00:14:38.7033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 31%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET8%3C/text%3E%3C/svg%3E)
ToddStafford-8253
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Sentinel Incident KQL
Hi, My exisiting KQL, here i want to include only hostname SecurityIncident | where CreatedTime between (datetime(2026-03-17) .. datetime(2026-03-23)) | where Status contains "Closed" | project IncidentNumber, LastModifiedTime, …
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-03-27T06:24:52.2566667+00:00
SUNOJ KUMAR YELURU
18,171
Reputation points MVP
Volunteer Moderator
commented 2026-03-27T07:51:48.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
VEMULA SRISAI
11,550
Reputation points Microsoft External Staff
Moderator
1 answer
Sophos Endpoint Protection Solution Azure App out of date
Having issues configuring the Sophos Endpoint Protection Solution marketplace app: https://marketplace.microsoft.com/en-us/product/azure-applications/azuresentinel.azure-sentinel-solution-sophosep Setup instructions are: STEP 1 - Configuration steps…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2025-10-29T15:41:55.1033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 7.000000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
Owen Davey
0
Reputation points
answered 2026-03-25T18:12:29.68+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPI%3C/text%3E%3C/svg%3E)
Prathista Ilango
1,065
Reputation points Microsoft Employee
1 answer
Missing Agent Management in Sentinel
My workspace is connected to my sentinel but when I look for the Workspace ID and keys there is nothing there. Can someone please let me know where I can find the workspace ID and Primary and secondary key that is used to connect my Linux rsyslog server.…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-01-06T21:54:45.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 88%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Lewis
5
Reputation points
answered 2026-03-24T13:16:13.3233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu
1,835
Reputation points Microsoft Employee
0 answers
Sentinel Data Lake – Features unavailable for a specific workspace
I have a question regarding the configuration of the Sentinel Data Lake. A specific workspace does not appear under the following workspace scope in the Defender portal: Data lake exploration > KQL queries Could you tell me how to make it appear…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-03-10T01:39:45.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 97%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQU%3C/text%3E%3C/svg%3E)
QA User
0
Reputation points
commented 2026-03-23T08:06:06.6866667+00:00
Shubham Sharma
13,490
Reputation points Microsoft External Staff
Moderator
1 answer
Sailpoint Identity function failure
Hi Everyone, We have used the built in Sentinel Data connector for Sailpoint IdentityNow. The Sailpoint team have confirmed they followed the access token steps provided in the data connector. We have successfully deployed it with the client ID, secret…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2025-08-21T00:27:32.4533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 3%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIB%3C/text%3E%3C/svg%3E)
Isabella Baker
0
Reputation points
answered 2026-03-21T13:04:50.71+00:00
Konstantinos Lianos
225
Reputation points Student Ambassador
1 answer
How to fix StreamID must be a valid OCI stream OCID format. This is related to the oracle cloud infrastructure data connector.
I am sending Oracle Audit logs to Azure Sentinel. But i am getting the validation error "StreamID must be a valid OCI stream OCID format" while entering on the details on the connector page. I think the problem is that the connector does not…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2025-08-29T07:15:17.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 67%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Anurag Kaushal
5
Reputation points
answered 2026-03-21T12:59:14.9066667+00:00
Konstantinos Lianos
225
Reputation points Student Ambassador
2 answers
Intermittent "Missing Heartbeat" Alerts in Sentinel Even Though Logs Show No Gap
Hi everyone, I have an on-premises virtual machine onboarded to Azure Arc and I’m collecting Heartbeat logs using the Azure Monitor Agent (AMA) in Microsoft Sentinel. I created an analytics rule to trigger an alert if a heartbeat is missing for 10…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2026-03-12T09:49:00.31+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 98%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Muhammad Arif Ahmed
0
Reputation points
commented 2026-03-19T04:20:50.8633333+00:00
VEMULA SRISAI
11,550
Reputation points Microsoft External Staff
Moderator
1 answer
how to properly parse data in custom logs for log analytcis(i have no response from query actually) ?
I have some data, in a txt file. i create my txt with a powershell script who encode in utf8, but anything work when i import the log in log analytics. the data is parse like this in the txt: Time=Date Data1=data Data2=data2 Time=Date Data1=data…
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2021-06-24T13:58:30.197+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 62%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
ALGOURDIN Erwan
1
Reputation point
answered 2026-03-18T09:07:02.49+00:00
Konstantinos Lianos
225
Reputation points Student Ambassador
1 answer
Azure Monitor Agent-DCR custom path template for filtering Database logs
Hi There! I would like to filter out Database logs using Azure Monitor Agent DCR by custom x-path queries. Is there any readymade x-path queries available to filter the audit logs of Oracle DB, MSSQL DB and MYSQL DB? Thanks in Advance!
Microsoft Security | Microsoft Sentinel
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
1,412 questions
asked 2021-09-03T01:35:28.963+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 81%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nafila Afrin
111
Reputation points
answered 2026-03-18T08:58:45.7333333+00:00
Konstantinos Lianos
225
Reputation points Student Ambassador