We have updated our Terms of Service, Code of Conduct, and Addendum.

Has anyone created custom timestamp for Azure Monitor in Sentinel?

Options
Mo Hassan
Mo Hassan Posts: 2
in General Discussions

Hi All! When using the azure monitor destination has anyone been able to successfully set a custom timestamp field which gets translated to TimeGenerated within Sentinel? The azure monitor HTTP data collector api documentation indicates this can be set using the "time-generated-field" request header, but we're not having any luck with that so far.

Answers

  • Chris Morris
    Chris Morris Posts: 13 mod
    Options

    Example below on how it can be achieved using the `_time` field:

  • Mo Hassan
    Mo Hassan Posts: 2
    Options

    Thanks, Chris. The issue we're running into is that TimeGenerated appears to be a reserved property within azure monitor so Sentinel is not using it when it's just a field in our events. Instead TimeGenerated within Sentinel is being set to ingest/received time

Categories