I am using Splunk Add-on for Microsoft Cloud Services to ingest .json logs from blob storage. When I look json log samples in the blob and then compare to what is the index, the events are not parsing correctly.
Is this an Azure problem?
I am not having the issue with s3 files from AWS? using the standard json time parsing conf...
Is there any way to troubleshoot why json parses correct from sources other than Azure, but does not parse correctly from Azure?
I am also having a problem with .gz source files not unzipping from Azure, but files unzip without a problem from AWS?