Is there a way to update and show a field in Azure application insight request body using KQL?

AnandVarkeyPhilips
April 12, 2023
203 views
0 votes
2 Answers

request body:

{
name: "SomeName",
insertionTime: "timeInUtc"
}

query:

requests 
| where url contains "/get"
| extend requestBody = parse_json(customDimensions["Request-Body"]) 
| project requestBody

I want to show the request body with updated timestamp in the results table. like timestamp plus 2 hours.

I want to use this request body with new stamp so that I can retry the same requests again with new timestamp for failed requests. Im trying to build some automation for failed api calls with new timestamp in the request body.

Answers

- silent
- April 12, 2023 at 10:30 am
- 0 votes
0
(Assuming that you are aware that you of course cannot update the actual stored data in the table).

In your query you can do any kind of mathematical operations that you like:
```
requests 
| where url contains "/get"
| extend requestBody = parse_json(customDimensions["Request-Body"]) 
| project SalaryExtended=toint(requestBody.salary)
| extend IncreasedSalary=SalaryExtended+100
```
Login or Signup to reply.

- Jahnavi
- April 12, 2023 at 11:06 am
- 0 votes
0
To show the request body with updated timestamp in the results table. like timestamp plus 2 hours:

You can use the below kql query to achieve the expected results.
```
requests 
| where url contains "/get"
| extend requestBody = parse_json(customDimensions["Request-Body"]) 
| extend latestTimestamp = datetime_add('hour', 2, todatetime(requestBody.insertionTime))
| extend newinsertiontime = tostring(latestTimestamp)
| project newinsertiontime
```
As I do not have any results in the given time stamp, I got the below expected output.

You can use pack_array to combine all the results with the name, insertion time as well as new insertion time as detailed in the given MSDoc.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.