Question

Has anyone created custom timestamp for Azure Monitor in Sentinel?

Forum|Forum|1 year ago
March 11, 2025
2 replies
59 views

Mo Hassan
Employee

Hi All! When using the azure monitor destination has anyone been able to successfully set a custom timestamp field which gets translated to TimeGenerated within Sentinel? The azure monitor HTTP data collector api documentation indicates this can be set using the "time-generated-field" request header, but we're not having any luck with that so far.

C

Chris Morris
Employee
Forum|Forum|1 year ago
March 11, 2025

Example below on how it can be achieved using the `_time` field:

Like

M

Mo Hassan
Author
Employee
Forum|Forum|1 year ago
March 11, 2025

Thanks, Chris. The issue we're running into is that TimeGenerated appears to be a reserved property within azure monitor so Sentinel is not using it when it's just a field in our events. Instead TimeGenerated within Sentinel is being set to ingest/received time

Like

Sign up

Using your Cribl Curious or University Account

Login to the community

Using your Cribl Curious or University Account

Scanning file for viruses.

This file cannot be downloaded