![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 34%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
Thank you for your post and I apologize for the delayed response!
When creating my own Watchlist in Microsoft Sentinel based off your screenshots, I was able to reproduce your issue. However, after creating the Watchlist you'll be able to confirm that the Search Key you selected is correct by:
- Navigating to the Watchlist and selecting View in Logs.
Note: I had to select another tab within Sentinel and go back to my Watchlists to see this option. - After you select View in Logs the query should automatically run.
- The example below shows the results of the extraction of the network and latitude fields.
The SearchKey is shown as its own column and in this case as the network addresses.
Additional Links:
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.