What log format does Log Analytics support?

Log Analytics can read and analyze:

  • Windows format event logs (System, Security and Application logs are automaticaly discovered on hosts, other custom event log format logs can be added manually on the process group level).

  • Any plain text log file as long as it contains a timestamp that meets these basic requirements:

  • A timestamp must appear at the beginning of each log entry.
    If you're using a JSON file, the timestamp is automatically detected through the time or timestamp tag.

    The only supported timestamp format in a JSON file is: ::*_year_*:-:*_month_*:-:*_day_*:T:*_time_*:0::
    For example: 2018-02-28T16:17:50.000

  • The timestamp date can be separated using either of the following:

    • (space)
    • / (slash)
    • - (dash)
    • . (period)
    • T (Combined date and time in UTC, ISO 8601 format)
  • For the timestamp date, either month abbreviations or full names can be used in the date format.

  • Timestamp time is in the following format:

  [0-9]{1,2}:[0-9]{2}:[0-9]{2}((\.|,)[0-9]{1,9})?( *AM|PM)? *((GMT|UTC)?[+-][0-9]{2,4})?(GMT|CEST|CET|OTHER_TZ_ABBREVIATION)?