![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 77%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
When you apply a Data Collection Rule (DCR) transformation at the table level within your Log Analytics workspace, this method does not impact logs collected via the Azure Monitor Agent (AMA). This table-level transformation method supports logs collected through other methods such as Diagnostic Settings or the legacy Microsoft Monitoring Agent (MMA) or OMS agent. To correctly apply transformations to data being ingested via the Azure Monitor Agent, you need to modify the DCR at the DCR level.
Here are the steps to resolve this issue: 1. Go to the Data Collection Rule (DCR) that is configured to ingest the security logs. 2. Modify the DCR to apply the required transformation directly within the DCR.
Here is a video tutorial to guide through this process: YouTube Video Tutorial.
For further details, refer to the following resources: - Azure Monitor Logs Ingestion Time Transformations
Please do not forget to "Accept the answer" and "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.