I have an azure system where I am redirecting multiple log files in the log analytics workspace as below (pasting part of my json file below):
"dataSources": {
"value": {
"logFiles": [
{
"name": "rbac_customlogs_CL",
"streams": [
"Custom-rbac_customlogs_CL"
],
"filePatterns": [
"/urs/lib/Logs/*.txt"
],
"format": "text",
"settings": {
"text": {
"recordStartTimestampFormat": "ISO 8601"
}
}
The path value mentioned in filepatterns property above has a lot of file paths :-
/urs/lib/Logs/delimiter.txt
/urs/lib/Logs/closure.txt
/urs/lib/Logs/department.txt
So while I have created a log analytics custom table, all the logs from these sources are sending their logs in this table called rbac_customlogs_CL
I want to write a KQL query or may be find a way by which I can print the log file name also as one of the column in the kql query result set, something like :-
rbac_customlogs_CL
| where filepath contains "/urs/lib/Logs/department.txt"
and it should return the logs from this file path only.