Hi,

i was hoping you can help me out, im trying to parse the Azure Aplication Gateway Webapplication Firewall files within splunk but im not getting it right, the json is in the following format;

{
"resourceId": "/SUBSCRIPTIONS//RESOURCEGROUPS//PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/",
"operationName": "ApplicationGatewayFirewall",
"time": "2016-09-20T00:40:04.9138513Z",
"category": "ApplicationGatewayFirewallLog",
"properties": {
"instanceId":"ApplicationGatewayRole_IN_0",
"clientIp":"108.41.16.164",
"clientPort":1815,
"requestUri":"/wavsep/active/RXSS-Detection-Evaluation-POST/",
"ruleId":"OWASP_973336",
"message":"XSS Filter - Category 1: Script Tag Vector",
"action":"Logged",
"site":"Global",
"message":"XSS Filter - Category 1: Script Tag Vector",
"details":{"message":" Warning. Pattern match "(?i)(<script","file":"/owasp_crs/base_rules/modsecurity_crs_41_xss_attacks.conf","line":"14"}}
}

I all ready downloaded and installed the Splunk Add-on for Microsoft Cloud Services but the logsource is not included and the other are not working.

the link below gives more information about the Azure Aplication Gateway Webapplication Firewall
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-webapplicationfirewal...