The issue is with the logs in Microsoft 365 Defender. All of the logs are being stored in a single message field, instead of being stored in individual fields as shown in Elasticsearch documentation. Previously, the logs were able to be parsed into their respective individual fields. We have tried reconfiguring the logs, but the issue persists.
We also have Azure Logs integration setup using same fleet agent and the Azure Logs are able to parse into individual fields.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.