v-sudkharat
commented
4 months ago Hi @kllnbrnjn, Thank you for flagging issue. This DCR transformation issue needs to be investigated by concern (DCR) team, so we kindly request you to raise a support ticket case in azure portal, so our support team can check into it and connect with you if required. closing this issue from GitHub. If you still need support for this issue, feel free to re-open it any time. Thank you for your co-operation.
Describe the bug We receive some logs using a CRIBL connection. The column names of the received logs do not match our needs, thus we are trying to create a Transformation within the DCR for the specific connection (and table). The timestamp of the log entry comes in the column "_timestamp", but here the Transformation Editor struggles (see Screenshots). The field will just be empty, no matter if we try to rename the column, or extend it. When removing the underline directly in the JSON file (which is not applicable in the real incoming data), it works (also see Screenshots).
To Reproduce Steps to reproduce the behavior:
{"_timestamp":"2024-07-23T12:00:29.000+0200","testdata":"Some Test Data"}Expected behavior When renaming the "_timestamp" to "TimeGenerated", we expect the field to be still populated with the original data, as the Transformation obviously reads the correct value from the JSON.
Screenshots Uploading the sample JSON File (with underscore in front of timestamp) results in the tool correctly reading the time, but expecting us to rename it to "TimeGenerated":
When trying to rename the column, the field will just be empty:
Also trying to extend a new column with the value does not work and the field remains empty:
When directly removing the underscore in the JSON File (which we cannot do for real incoming data), renaming works just fine:
