Microsoft Exchange Logs and Events errors when deploying MessageTrackingLog and ExchangeHttpProxy collectors #10789
Description
Describe the bug
When configuring Microsoft Exchange Logs and Events connector steps regarding [Option 6] Message Tracking of Exchange Servers and [Option 7] HTTP Proxy of Exchange Servers manual deployment fail with errors:
Update Error - Error occurred while compiling query in query: SemanticError:0x00000006 at 1:43 : Undefined symbol: date-time
Update Error - Error occurred while compiling query in query: SemanticError:0x00000006 at 1:43 : Undefined symbol: DateTime
To Reproduce
Steps to reproduce the behavior:
- Go to Microsoft Sentinel -> Data connectors -> Microsoft Exchange Logs and Events.
- Scroll down to Configuration -> 2. Deploy log injestion following choosed options -> [Option 6] Message Tracking of Exchange Servers -> Option 2 - Manual Deployment of Azure Automation and follow the instructions there.
- The error happens in step 4. of C. Modify the created DCR, Type Custom log when configuring a Data Source of Custom Text logs type with the provided KQL.
- The same applies to [Option 7] HTTP Proxy of Exchange Servers.
Expected behavior
The connector should start collecting logs.
Screenshots
[Option 6] Message Tracking of Exchange Servers
First error shows up after uploading the example file (expected?).
After transformation there is no error.
After performing the steps in C. Modify the created DCR, Type Custom log there is the following error.
After page refresh the Data sources are gone.
[Option 7] HTTP Proxy of Exchange Servers
Again - first error shows up after uploading the example file. Probably expected.
Transformation seems ok.
In step C. Modify the created DCR, Type Custom log same exact error appears.
Desktop (please complete the following information):
- OS: Windows 11
- Browser: Edge
- Version: 126.0.2592.87
If I'm doing something wrong, or not understanding something correctly, I'd be glad for your advice. :) Thanks!