I thought I’d share some neat tips in regards to Log Analytics, as you know I’m a big fan and I’ve been spending a lot of time with it. This week I had to grab some information from our JWT token payload in the requests, but we log the header as-is, which means it is base64 encoded. Thankfully this is not problem, as there is a function for decoding (and encoding).
When you do extra work and process the data that you are piping through it can easily get really nasty and difficult to read, and while it is tempting to allow some ugliness since it’s ‘just a query’ your really shouldn’t. I came back from holiday and spent half an hour trying to understand my own queries hahaha. Use the let statement, and remember that you can use nested let statements to break up the query or run nested expressions. Here is an example:
let decodedPayload = (token:string)
let base64 = trim_start('Bearer ', token);
let payload = split(base64,'.');
| project TokenPayload = decodedPayload(customDimensions['Request-Authorization'])