Question

Has anyone created custom timestamp for Azure Monitor in Sentinel?

Forum|Forum|9 months ago
March 11, 2025
2 replies
15 views

Mo Hassan
Employee

Hi All! When using the azure monitor destination has anyone been able to successfully set a custom timestamp field which gets translated to TimeGenerated within Sentinel? The azure monitor HTTP data collector api documentation indicates this can be set using the "time-generated-field" request header, but we're not having any luck with that so far.

C

Chris Morris
Employee
Forum|Forum|9 months ago
March 11, 2025

Example below on how it can be achieved using the `_time` field:

Like

M

Mo Hassan
Author
Employee
Forum|Forum|9 months ago
March 11, 2025

Thanks, Chris. The issue we're running into is that TimeGenerated appears to be a reserved property within azure monitor so Sentinel is not using it when it's just a field in our events. Instead TimeGenerated within Sentinel is being set to ingest/received time

Like

Sign up

Using your Cribl.Cloud account

Login to the community

Using your Cribl.Cloud account

Scanning file for viruses.

This file cannot be downloaded