Instructions for Exchange Admin Audit Log Events Data Connector has incorrect log names (Exchange On-Premises Solution)

[leighcurranTW]

The data connector for the Exchange Admin and Audit Log Events uses 'MS Exchange Management' as the log name when it should be 'MSExchange Management'. For example: Click Add Windows event log and enter MS Exchange Management as log name.

To reproduce the issue, install the Exchange On-Premises solution and try to configure:

[Option 1] MS Exchange Management Log collection > Data Collection Rules - When the legacy Azure Log Analytics Agent is used > Configure the logs to be collected.

And

[Option 1] MS Exchange Management Log collection > Data Collection Rules - When Azure Monitor Agent is used > Option 2 - Manual Deployment of Azure Automation.

An example of the event name (Which is used correctly in the parsers etc through the solution already):

Line 212 and 232 in ESI-ExchangeAdminAuditLogEvents.json

[v-sudkharat]

FYI, @v-prasadboke

[nlepagnez]

Hi @v-prasadboke , @v-sudkharat, I confirm that the XPath information is not good. The good value is "MSExchange Management!*" So in connector documentation it has to be "MSExchange Management"

[v-prasadboke]

Got it @nlepagnez, Working on it

[nlepagnez]

Hi @v-prasadboke, the XPath will be corrected in the pull request #11049