we need to send out notification when ever a global outage was happening with Azure using the RSS feed, is the any query to get the data from the feed using syndication, pleas help me on this
This is my query
sourcetype=syndication "Information :" NOT "RESOLVED"
| eval since=strptime("2016-11-18", "%Y-%m-%d")
| eval date=strptime(published_parsed, "%Y-%m-%dT%H:%M:%SZ")
| rex field=summary_detail_base "rss\/(?.*).rss$"
| where date > since
| table azure_object, published_parsed, link, title, description
| sort -published_parsed
