What log format does Log Analytics support?

Log Analytics can read and analyze:

  • Windows format event logs (System, Security and Application logs are automaticaly discovered on hosts, other custom event log format logs can be added manually on the process group level).

  • Any plain text log file as long as it contains a timestamp that meets these basic requirements:

    • A timestamp must appear at the beginning of each log entry.
      If you're using a JSON file, the timestamp is automatically detected through the time or timestamp tag.
      The only supported timestamp format in a JSON file is: ::*_year_*:-:*_month_*:-:*_day_*:T:*_time_*:0::
      For example: 2018-02-28T16:17:50.000

    • The timestamp date can be separated using either of the following:
      (space)
      / (slash)
      - (dash)
      . (period)
      T (Combined date and time in UTC, ISO 8601 format)

    • For the timestamp date, either month abbreviations or full names can be used in the date format.

    • Timestamp must include BOTH, the date and time.

    • Timestamp time is in the following format:

  [0-9]{1,2}:[0-9]{2}:[0-9]{2}((\.|,)[0-9]{1,9})?( *AM|PM)? *((GMT|UTC)?[+-][0-9]{2,4})?(GMT|CEST|CET|OTHER_TZ_ABBREVIATION)?