/
Custom Table Creation
Document toolboxDocument toolbox

Custom Table Creation

Owned by Gary Leicht
Last updated: Nov 04, 2024
1 min read

Since we are ingesting custom log data via an API, we need to create custom tables with columns that can distinguish the log type and identify which Data Collection Rule (DCR) was used to ingest the logs.

Here are the steps to create custom table:

  1. Go to Log Analytics Workspaces.

  2. Choose your workspace.

  3. Go to Settings > Click Create > New Custom Log (DCR – based)

  4. Table Name: specify table name

  5. Data Collection Rule: fill in the data collection rule name which you have created.

  6. DCR Endpoint: This will be auto filled as the endpoint is already bonded to DCR.

  7. Select Schema and transformation: upload Json file of table schema.

example:

   {        "TimeGenerated":"2024-07-22T11:47:51Z",          "source_type":"source type",           "source_dcr":"dcr-immutable id",            "event": {}    }

List of tables:

S. No.

Log Type

Table

  1.  

service_log

ServiceLog

  1.  

internal_notifications_log

InternalNotificationsLog

  1.  

audit_log

AuditLog

  1.  

ddi_dhcp_lease_log

DdiDhcpLeaseLog

  1.  

ddi_dns_log

DdiDnsLog

  1.  

td_dns_log

TdDnsLog

  1.  

td_rpz_log

TdRpzLog

  1.  

rpz_log

RpzLog

  1.  

dns_log

DnsLog

  1. Review and submit. Wait for at least 30 minutes to reflect on the changes.

Once the setup is complete, you will have the following credentials:

  • Client ID and Client Secret from the application registration.

  • Tenant ID from your Azure Active Directory.

  • DCR Immutable ID from the Data Collection Rule (DCR) creation

  • DCR End Point from DCR endpoints.

You can use the above details to configure credentials in the Infoblox Portal.

Note: For QA testing, we recommend using existing analytics workspaces instead of creating new ones to manage costs, A workspace can support 200 Data collection rules.