David Maskell

My feedback

  1. 348 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    David Maskell commented  · 

    NYC-IT's solution is the easiest I have found until Azure supports the X-Forwarded-For by default in W3C logs.
    It is worth mentioning you may need to change the index of CSVFields to match your logs as my x-forwarded-for field is at index 15.
    I also used the following to make my parsed logs more readable:

    | extend cIP = substring(tostring(CSVFields[15]), 0, indexof(tostring(CSVFields[15]), ","))
    | extend RealDatetime = todatetime(strcat(Date, " ", Time))
    | extend FormattedDatetime = format_datetime(RealDatetime, 'dd/MM/y HH:mm:ss')
    | where RealDatetime >= now(-1h)
    | project FormattedDatetime,cIP,Method,Uri,Uristem,Uriquery,Port,csStatus,UserAgent
    | sort by FormattedDatetime desc nulls last

    David Maskell supported this idea  · 
  2. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Networking » Web Application Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    David Maskell supported this idea  · 
    An error occurred while saving the comment
    David Maskell commented  · 

    Looks like this match field is completely broken across the board. Even small values return empty.

    David Maskell shared this idea  · 
  3. 105 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Networking » Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    David Maskell supported this idea  · 

Feedback and Knowledge Base