Skip to content

Instantly share code, notes, and snippets.

@julian-wendt

julian-wendt/Add-AlertEvidenceDetailsAsKeyValue.kusto

Created December 2, 2021 12:45
Show Gist options
  • Save julian-wendt/b030a0168133307ed9b94c0d1ac77795 to your computer and use it in GitHub Desktop.
Save julian-wendt/b030a0168133307ed9b94c0d1ac77795 to your computer and use it in GitHub Desktop.
Download ZIP
Add alert evidence details as key value pair
Raw
Add-AlertEvidenceDetailsAsKeyValue.kusto
AlertEvidence
| mv-apply ParsedFields = parse_json(AdditionalFields) on
(
extend Key = tostring(bag_keys(ParsedFields)[0])
| project Key, Value = ParsedFields[Key]
)
| project-away AdditionalFields
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment