Hi All! When using the azure monitor destination has anyone been able to successfully set a custom timestamp field which gets translated to TimeGenerated within Sentinel? The azure monitor HTTP data collector api documentation indicates this can be set using the "time-generated-field" request header, but we're not having any luck with that so far.
Page 1 / 1
Example below on how it can be achieved using the `_time` field:
Thanks, Chris. The issue we're running into is that TimeGenerated appears to be a reserved property within azure monitor so Sentinel is not using it when it's just a field in our events. Instead TimeGenerated within Sentinel is being set to ingest/received time
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.