![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 70%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
342 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hi @Anonymous
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
To check the Request URI, please go through the below points:
- Make sure that the RequestURI field itself contains valid URL data. If the RequestURI field is empty or contains malformed URLs, parseUrl will naturally return an empty result.
- You can use the below query to check the contents of RequestURI:
AGWFirewallLogs | project TimeGenerated, RequestUri | limit 10 - Even if the RequestURI field contains data, examine the format of the URLs. parseUrl expects a properly formatted URL, including the scheme (like http:// or https://). If the URLs are missing the scheme or have other formatting issues, parseUrl might not be able to parse them correctly.
- Additionally, ensure that URL strings embedded as parameters within other URL strings are properly encoded. Failure to encode these embedded URLs can lead to parsing errors.
If the RequestURI field appears correct, you can try alternative methods to extract the desired information. Use KQL string functions like substring, split, and indexOf to extract specific parts of the URL.
- For example, to extract the path from the RequestUri, you could use a query as below:
AGWFirewallLogs | extend path = substring(RequestUri, indexOf(RequestUri, '/'), strlen(RequestUri)) | project TimeGenerated, RequestUri, path - To extract the domain from the URL, you can use a combination of split and indexOf:
AGWFirewallLogs | extend parts = split(RequestUri, '/') | extend domain = parts[1] // Assume the domain is the third element after splitting by '/' | project TimeGenerated, RequestUri, domain - It's essential to verify the diagnostic settings of your Application Gateway to ensure that the logging level is set to capture detailed information, including complete request URLs. The logging level determines the granularity of information captured in the logs, and an insufficient logging level might result in missing URL data. Please refer the document.
Kindly let us know if the above helps or you need further assistance on this issue.
Your feedback is important so please take a moment to Accept answers.
If you still have questions, please let us know what is needed in the comments so the question can be answered.
Thank you for helping to improve Microsoft Q&A!