19 строки
946 B
Plaintext
19 строки
946 B
Plaintext
// Usage Instruction :
|
|
// Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias as Workplace_Facebook.
|
|
// Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. Workplace_Facebook | take 10).
|
|
// Reference : Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions
|
|
let Workplace_Facebook_view = view () {
|
|
Workplace_Facebook_CL
|
|
| extend tmp = parse_json(entry_s)
|
|
| mv-expand tmp
|
|
| extend
|
|
EventUid = tmp["id"],
|
|
EventEndTime = unixtime_seconds_todatetime(tolong(tmp["time"])),
|
|
Changes = tmp["changes"],
|
|
EventType = object_s,
|
|
EventVendor = "Facebook",
|
|
EventProduct = "Workplace"
|
|
| project-away tmp, entry_s, object_s
|
|
};
|
|
Workplace_Facebook_view
|