KQL Search

Query Details

HomeAI ToolsDevice Query

App Service HTTP Logs PHP File Request In App Service

Query

AppServiceHTTPLogs
| where (CsUriStem has "php" or CsUriQuery has "php" or Referer has "php") and ScStatus != "404"
| summarize
    StartTime = min(TimeGenerated),
    EndTime = max(TimeGenerated),
    CsUriStem = array_sort_asc(make_set(CsUriStem)),
    CsUriQuery = array_sort_asc(make_set_if(CsUriQuery, isnotempty(CsUriQuery))),
    SPort = array_sort_asc(make_set(SPort)),
    ScStatus = array_sort_asc(make_set(ScStatus)),
    Referer = array_sort_asc(make_set_if(Referer, isnotempty(Referer))),
    UserAgents = array_sort_asc(make_set(UserAgent))
    by CsHost, CsMethod, CIp, Result, _ResourceId
| project
    StartTime,
    EndTime,
    CsHost,
    Result,
    CsMethod,
    ScStatus,
    SPort,
    CIp,
    CsUriStem,
    CsUriQuery,
    Referer,
    UserAgents,
    _ResourceId

Explanation

This query looks at HTTP logs from an App Service and filters for entries related to PHP files that were not a 404 error. It then summarizes the data by various fields like start and end time, host, method, status, IP address, and more. Finally, it projects the summarized data into a final result set.

Details

Jose Sebastián Canós profile picture

Jose Sebastián Canós

Released: February 19, 2024

Tables

AppServiceHTTPLogs

Keywords

CsUriStem,CsUriQuery,Referer,ScStatus,UserAgent,CsHost,CsMethod,CIp,Result,SPort,_ResourceId,TimeGenerated

Operators

wherehasorand!=summarizeminmaxarray_sort_ascmake_setmake_set_ifisnotemptybyproject

Actions