Merge pull request #5273 from ep3p/patch-6

Fix mistake in CrossServiceADXQueries.yaml
2022-06-10 12:58:40 -07:00 · 2022-06-10 12:58:40 -07:00 · 476f923f40
--- a/Queries/LAQueryLogs/CrossServiceADXQueries.yaml
+++ b/Queries/LAQueryLogs/CrossServiceADXQueries.yaml
@ -18,7 +18,7 @@ query: |
  let ExtractQueriedClusterAddress = @"([^\w]|^)adx\s*\(([^\)]*)\)";
  LAQueryLogs
  | where QueryText matches regex StringToSearch
-  | extend QueriedClusterAddress = extract_all(ExtractQueriedClusterAddress, dynamic([2]), QueryText)[0]
-  | mv-expand QueriedClusterAddress
+  | extend QueriedClusterAddress = extract_all(ExtractQueriedClusterAddress, dynamic([2]), QueryText)
+  | mv-expand QueriedClusterAddress to typeof(string)
  | where isnotempty(QueriedClusterAddress)
  | project TimeGenerated, AADEmail, QueriedClusterAddress, ResponseCode, QueryText, RequestTarget