https://sekureco42.ch/tags/log-analytics/Recent content in Log Analytics on sekureco42Hugo -- gohugo.ioen&copy; 2025 rOger EisenecherFri, 22 Nov 2024 16:34:12 +0100https://sekureco42.ch/posts/auxiliary-logs/split-log-streams-into-analytics-and-auxiliary-table/Fri, 22 Nov 2024 16:34:12 +0100https://sekureco42.ch/posts/auxiliary-logs/split-log-streams-into-analytics-and-auxiliary-table/<p>In the last article we found out that KQL transformation at ingestion time is not available for Auxiliary Logs. But in real cases you want to have the ability to send selective log lines to Analytics while sending the rest to Auxiliary. In this article we will discover the possibilities.</p>https://sekureco42.ch/posts/auxiliary-logs/remap-column-names-in-data-collection-rule/Thu, 21 Nov 2024 07:46:12 +0100https://sekureco42.ch/posts/auxiliary-logs/remap-column-names-in-data-collection-rule/<p>In real world scenarios you have a data source with field names which are not identical to those in your table. Beside of renaming the fields in your agent which sending logs also Data Collection Rules provide the ability to map fields with <code>transformkql</code>.</p>https://sekureco42.ch/posts/auxiliary-logs/azure-log-analytics-with-auxiliary-log-tables/Wed, 13 Nov 2024 17:29:12 +0100https://sekureco42.ch/posts/auxiliary-logs/azure-log-analytics-with-auxiliary-log-tables/<p>Microsoft provides a new type of Log Analytics tables called Auxiliary Logs. Currently this is in Public Preview and I did some lab testing which I documented in this blog post.</p>