Search code examples
azureazure-application-insightskql

Is there a way to update and show a field in Azure application insight request body using KQL?

request body:

{
name: "SomeName",
insertionTime: "timeInUtc"
}

query:

requests 
| where url contains "/get"
| extend requestBody = parse_json(customDimensions["Request-Body"]) 
| project requestBody

I want to show the request body with updated timestamp in the results table. like timestamp plus 2 hours.

I want to use this request body with new stamp so that I can retry the same requests again with new timestamp for failed requests. Im trying to build some automation for failed api calls with new timestamp in the request body.

Solution

  • To show the request body with updated timestamp in the results table. like timestamp plus 2 hours:

    You can use the below kql query to achieve the expected results.

    requests 
| where url contains "/get"
| extend requestBody = parse_json(customDimensions["Request-Body"]) 
| extend latestTimestamp = datetime_add('hour', 2, todatetime(requestBody.insertionTime))
| extend newinsertiontime = tostring(latestTimestamp)
| project newinsertiontime

    As I do not have any results in the given time stamp, I got the below expected output.

    enter image description here

    You can use pack_array to combine all the results with the name, insertion time as well as new insertion time as detailed in the given MSDoc.