We have updated our Terms of Service, Code of Conduct, and Addendum.

Has anyone created custom timestamp for Azure Monitor in Sentinel?


Hi All! When using the azure monitor destination has anyone been able to successfully set a custom timestamp field which gets translated to TimeGenerated within Sentinel? The azure monitor HTTP data collector api documentation indicates this can be set using the "time-generated-field" request header, but we're not having any luck with that so far.


  • Chris Morris

    Example below on how it can be achieved using the `_time` field:

  • Mo Hassan
    Mo Hassan Posts: 2

    Thanks, Chris. The issue we're running into is that TimeGenerated appears to be a reserved property within azure monitor so Sentinel is not using it when it's just a field in our events. Instead TimeGenerated within Sentinel is being set to ingest/received time