Hi
Following the integration instructions and guides from Microsoft on Azure Logs v1.0.1
we end up getting multiple conflicts.
Checking out field mappings on the following, shows some inconsistencies.
.ds-logs-azure.platformlogs = type:ip
.ds-logs-azure.activitylogs = type:ip
.ds-logs-azure.auditlogs = type:keyword
.ds-logs-azure.signinlogs = type:ip
GET /logs-*/_mapping/field/client.ip
},
".ds-logs-azure.auditlogs-default-2022.02.09-000001" : {
"mappings" : {
"client.ip" : {
"full_name" : "client.ip",
"mapping" : {
"ip" : {
"type" : "keyword",
"ignore_above" : 1024
.ds-logs-azure.platformlogs = type:long
.ds-logs-azure.activitylogs = type:long
.ds-logs-azure.auditlogs = type:long
.ds-logs-azure.eventhub = type:keyword
.ds-logs-azure.signinlogs = type:long
GET /logs-*/_mapping/field/azure-eventhub.offset
},
".ds-logs-azure.eventhub-default-2022.02.09-000001" : {
"mappings" : {
"azure-eventhub.offset" : {
"full_name" : "azure-eventhub.offset",
"mapping" : {
"offset" : {
"type" : "keyword",
"ignore_above" : 1024
.ds-logs-azure.platformlogs type=long
.ds-logs-azure.activitylogs type=long
.ds-logs-azure.eventhub type=keyword
.ds-logs-azure.signinlogs type=long
`
GET /logs-*/_mapping/field/azure-eventhub.sequence_number
},
".ds-logs-azure.eventhub-default-2022.02.09-000001" : {
"mappings" : {
"azure-eventhub.sequence_number" : {
"full_name" : "azure-eventhub.sequence_number",
"mapping" : {
"sequence_number" : {
"type" : "keyword",
"ignore_above" : 1024
Azure Active Directory Audit Logs (eventhub)
AuditLogs
SignInLogs
NonInteractiveUserSignInLogs
ServicePrincipalSignInLogs
ManagedIdentitySignInLogs
ProvisioningLogs
ADFSSignInLogs
RiskyUsers
UserRiskEvents
Azure Diagnostic Settings / insights-operational-logs
Administrative
Security
ServiceHealth
Alert
Recommendation
Policy
Autoscale
ResourceHealth
Hi
Following the integration instructions and guides from Microsoft on Azure Logs v1.0.1
we end up getting multiple conflicts.
Checking out field mappings on the following, shows some inconsistencies.
.ds-logs-azure.platformlogs = type:ip
.ds-logs-azure.activitylogs = type:ip
.ds-logs-azure.auditlogs = type:keyword
.ds-logs-azure.signinlogs = type:ip
GET /logs-*/_mapping/field/client.ip
},
".ds-logs-azure.auditlogs-default-2022.02.09-000001" : {
"mappings" : {
"client.ip" : {
"full_name" : "client.ip",
"mapping" : {
"ip" : {
"type" : "keyword",
"ignore_above" : 1024
.ds-logs-azure.platformlogs = type:long
.ds-logs-azure.activitylogs = type:long
.ds-logs-azure.auditlogs = type:long
.ds-logs-azure.eventhub = type:keyword
.ds-logs-azure.signinlogs = type:long
GET /logs-*/_mapping/field/azure-eventhub.offset
},
".ds-logs-azure.eventhub-default-2022.02.09-000001" : {
"mappings" : {
"azure-eventhub.offset" : {
"full_name" : "azure-eventhub.offset",
"mapping" : {
"offset" : {
"type" : "keyword",
"ignore_above" : 1024
.ds-logs-azure.platformlogs type=long
.ds-logs-azure.activitylogs type=long
.ds-logs-azure.eventhub type=keyword
.ds-logs-azure.signinlogs type=long
`
GET /logs-*/_mapping/field/azure-eventhub.sequence_number
},
".ds-logs-azure.eventhub-default-2022.02.09-000001" : {
"mappings" : {
"azure-eventhub.sequence_number" : {
"full_name" : "azure-eventhub.sequence_number",
"mapping" : {
"sequence_number" : {
"type" : "keyword",
"ignore_above" : 1024
Azure Active Directory Audit Logs (eventhub)
AuditLogs
SignInLogs
NonInteractiveUserSignInLogs
ServicePrincipalSignInLogs
ManagedIdentitySignInLogs
ProvisioningLogs
ADFSSignInLogs
RiskyUsers
UserRiskEvents
Azure Diagnostic Settings / insights-operational-logs
Administrative
Security
ServiceHealth
Alert
Recommendation
Policy
Autoscale
ResourceHealth