Projecting Key to string

Detections/SecurityEvent/ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml

@@ -24,7 +24,7 @@ query: |
   | extend EventData = parse_xml(EventData).EventData.Data
   | mv-expand bagexpansion = array EventData
   | evaluate bag_unpack(EventData)
-  | extend Key = column_ifexists('@Name', ""), Value = column_ifexists('#text', "")
+  | extend Key = tostring(column_ifexists('@Name', "")), Value = column_ifexists('#text', "")
   | evaluate pivot(Key, any(Value),TimeGenerated, EventID, Computer, Account, AccountType, EventSourceName, Activity, SubjectAccount)
   // Where changes relate to Exchange OAB
   | extend ObjectClass = column_ifexists("ObjectClass", "")