Scenario
A user is ingesting activity logs using the Platform Logs integration from the Azure Logs package.
Here is an example of the log events causing this issue:
{
"Authorization": "null",
"Claims": "{\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\":\"Microsoft.RecoveryServices\"}",
"DeploymentUnit": "<REDACTED>",
"EventId": 162,
"EventName": "<REDACTED>",
"ResultDescription": "Backup Failed",
"category": "Administrative",
"correlationId": "cd0bc43e-61b5-11ed-9b6a-0242ac120002",
"durationMs": 0,
"eventName": "Backup",
"identity": "{\"claims\":{\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\":\"Microsoft.RecoveryServices\"}}",
"level": "Error",
"location": "eastus",
"operationId": "cd0bc93e-61b5-11ed-9b6a-0242ac120002",
"operationName": "<REDACTED>",
"operationVersion": "null",
"properties": {
"Entity Name": "<REDACTED>",
"Failure Details": "An invalid policy is configured on the VM which is preventing Snapshot operation. Please correct the policy and retry the operation. For more details, refer to http://aka.ms/UserErrorRequestDisallowedByPolicy ",
"Job Id": "cd0bc43e-61b5-11ed-9b6a-0242ac120002",
"Start Time": "2022-11-10 06:50:05Z"
},
"resourceId": "<REDACTED>",
"resultType": "Failed",
"time": "2022-11-11T06:50:11.0212041Z"
}Expected result
The activity log event should be parsed and ingested.
Actual result
The log event parsing fails with the following error:
{
"error": {
"type": "mapper_parsing_exception",
"reason": "object mapping for [azure.platformlogs.identity] tried to parse field [identity] as object, but found a concrete value"
}
}
Scenario
A user is ingesting activity logs using the Platform Logs integration from the Azure Logs package.
Here is an example of the log events causing this issue:
{ "Authorization": "null", "Claims": "{\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\":\"Microsoft.RecoveryServices\"}", "DeploymentUnit": "<REDACTED>", "EventId": 162, "EventName": "<REDACTED>", "ResultDescription": "Backup Failed", "category": "Administrative", "correlationId": "cd0bc43e-61b5-11ed-9b6a-0242ac120002", "durationMs": 0, "eventName": "Backup", "identity": "{\"claims\":{\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\":\"Microsoft.RecoveryServices\"}}", "level": "Error", "location": "eastus", "operationId": "cd0bc93e-61b5-11ed-9b6a-0242ac120002", "operationName": "<REDACTED>", "operationVersion": "null", "properties": { "Entity Name": "<REDACTED>", "Failure Details": "An invalid policy is configured on the VM which is preventing Snapshot operation. Please correct the policy and retry the operation. For more details, refer to http://aka.ms/UserErrorRequestDisallowedByPolicy ", "Job Id": "cd0bc43e-61b5-11ed-9b6a-0242ac120002", "Start Time": "2022-11-10 06:50:05Z" }, "resourceId": "<REDACTED>", "resultType": "Failed", "time": "2022-11-11T06:50:11.0212041Z" }Expected result
The activity log event should be parsed and ingested.
Actual result
The log event parsing fails with the following error:
{ "error": { "type": "mapper_parsing_exception", "reason": "object mapping for [azure.platformlogs.identity] tried to parse field [identity] as object, but found a concrete value" } }