This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 75%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
I'm trying to extract a custom field from a custom log, but receiving a 400 error with no additional details when I click on "extract fields from CL".
Custom Fileds was a feature that never made it out of (Preview), https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-fields
https://learn.microsoft.com/en-gb/azure/data-explorer/kusto/query/extendoperator has replaced this in most situations
Please "accept" if this helps
Shouldn't the fact that it's not available be reflected in the documentation? It currently reads as if it's available..
Can the extend operator be used to extract individual fields from a column that contains JSON objects?
Technically its still available as a Preview, so that's why its still there.
Sounds like you are looking for Parse_json https://learn.microsoft.com/en-gb/azure/data-explorer/kusto/query/parsejsonfunction (also search "extract","extractjson" and "parse" at the same link for other options)
Thanks!
If it's still in Preview, shouldn't I be able to use it?
Of course you can...however in 99% of cases you dont need to (I made that number up but its probably close to the truth). Also aligning on a thing that's not invested in, may cause issues and is against the recommendations from Microsoft.
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/custom-fields
Note
This article describes how to parse text data in a Log Analytics workspace as it's collected. We recommend parsing text data in a query filter after it's collected following the guidance described in Parse text data in Azure Monitor. It provides several advantages over using custom fields.
Important
Custom fields increases the amount of data collected in the Log Analytics workspace which can increase your cost. See Azure Monitor Logs pricing details for details.