Aug 292018
 
 August 29, 2018  Posted by at 12:38 pm Azure, Azure Log Analytics  Add comments

I thought I’d share some neat tips in regards to Log Analytics, as you know I’m a big fan and I’ve been spending a lot of time with it. This week I had to grab some information from our JWT token payload in the requests, but we log the header as-is, which means it is base64 encoded. Thankfully this is not problem, as there is a function for decoding (and encoding).

2018-08-29_21-36-18

When you do extra work and process the data that you are piping through it can easily get really nasty and difficult to read, and while it is tempting to allow some ugliness since it’s ‘just a query’ your really shouldn’t. I came back from holiday and spent half an hour trying to understand my own queries hahaha.  Use the let statement, and remember that you can use nested let statements to break up the query or run nested expressions. Here is an example:

let decodedPayload = (token:string)
{
let base64 = trim_start('Bearer ', token);
let payload = split(base64,'.')[1];
base64_decodestring(tostring(payload));
};
requests
| project TokenPayload = decodedPayload(customDimensions['Request-Authorization'])

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

What is 4 + 9 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)