NGINXHTTPServer Parsers doesn't include information about the log source hostname. #10349
Comments
|
Hi @ecIib7L, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 26-04-2024. Thanks! |
|
Hey @ecIib7L, Could you please check the below updated parser and let us know it resolve your issue? Please share the sample data with us if still you are not getting the log source hostname. |
|
Hi @v-sudkharat I saw that the nginx_errorlog_events doesn't have EventSource contigured. Could you please also update this part? I think this will result in errors in the "union....project... EventSource" expression. |
|
@ecIib7L, We have just updated the parser, could you please check it into your available data and let us know if it running correctly? Please share the parser successfully running result screenshot over here or this mail id - v-sudkharat@microsoft.com |
|
Hi @v-sudkharat Yes, the parser seems working for both access logs and error logs: |
|
@ecIib7L, thanks for the update. we will finalize it and proceed to raise PR. Could you please let us know can we close this issue from GitHub. |
|
@v-sudkharat Sure, you can close this issue. Thanks for your help. |
|
Thanks for confirmation. Closing this issue. If you still need support for this issue, feel free to re-open it any time. Thank you for your co-operation. |
[Is your feature request related to a problem? Please describe.
NGINXHTTPServer Parsers doesn't include information about the log source hostname.
Describe the solution you'd like
Add the log source hostname to the parser for example: extend EventSource = ManagementGroupName
Describe alternatives you've considered
Additional context
https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/NGINX%20HTTP%20Server/Parsers/NGINXHTTPServer.txt
The text was updated successfully, but these errors were encountered: