Doc changes - Azure WebApps

docs/integrations/microsoft-azure/azure-application-gateway.md

@@ -86,7 +86,8 @@ Create the following field extraction rules (FER) for Azure Storage by following
    ```
 
    ```sql title="Parse Expression"
-   json "resourceId"
+   json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop
+   | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId
    | toUpperCase(resourceId) as resourceId
    | parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
    | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop

docs/integrations/microsoft-azure/azure-functions.md

@@ -85,15 +85,16 @@ Scope (Specific Data): tenant_name=*
 ```
 
 ```sql title="Parse Expression"
-json "resourceId"
+json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop
+| if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId
 | toUpperCase(resourceId) as resourceId
 | parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
 | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop
 | parse regex field=resourceId "/PROVIDERS/(?<provider_name>[^/]+)" nodrop
 | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?<resource_type>[^/]+)/(?<resource_name>.+)" nodrop
 | parse regex field=resource_name "(?<parent_resource_name>[^/]+)(?:/PROVIDERS/[^/]+)?/(?<service_type>[^/]+)/?(?<service_name>.+)" nodrop
 | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name
-| fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type,service_name
+| fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name
 ```
 
 
@@ -104,7 +105,7 @@ json "resourceId"
 If this rule already exists, there's no need to create it again.
 
 ```sql
-Rule Name: AzureObservabilityMetadataExtractionFunctionAppLevel
+Rule Name: AzureObservabilityMetadataExtractionAppServiceLevel
 ```
 
 ```sql title="Metric match expression"

docs/integrations/microsoft-azure/azure-load-balancer.md

@@ -78,7 +78,8 @@ Create the following Field Extraction Rules (FER) for Azure Storage by following
    ```
 
    ```sql title="Parse Expression"
-   json "resourceId"
+   json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop
+   | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId
    | toUpperCase(resourceId) as resourceId
    | parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
    | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop

docs/integrations/microsoft-azure/azure-storage.md

@@ -111,15 +111,16 @@ Create a Field Extraction Rule (FER) for Azure Storage by following the instruct
    ```
 
    ```sql title="Parse Expression"
-   json "resourceId"
-   | toUpperCase(resourceId) as resourceId
-   | parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
-   | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop
-   | parse regex field=resourceId "/PROVIDERS/(?<provider_name>[^/]+)" nodrop
-   | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?<resource_type>[^/]+)/(?<resource_name>.+)" nodrop
-   | parse regex field=resource_name "(?<parent_resource_name>[^/]+)(?:/PROVIDERS/[^/]+)?/(?<service_type>[^/]+)/?(?<service_name>.+)" nodrop
-   | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name
-   | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name
+   json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop
+    | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId
+    | toUpperCase(resourceId) as resourceId
+    | parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
+    | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop
+    | parse regex field=resourceId "/PROVIDERS/(?<provider_name>[^/]+)" nodrop
+    | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?<resource_type>[^/]+)/(?<resource_name>.+)" nodrop
+    | parse regex field=resource_name "(?<parent_resource_name>[^/]+)(?:/PROVIDERS/[^/]+)?/(?<service_type>[^/]+)/?(?<service_name>.+)" nodrop
+    | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name
+    | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name
    ```
 ### Configure metric rules
 

docs/integrations/microsoft-azure/sql.md

@@ -143,15 +143,16 @@ Create a Field Extraction Rule (FER) by following the instructions [here](/docs/
    ```
 
    ```sql title="Parse Expression"
-   json "resourceId"
+   json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop
+   | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId
    | toUpperCase(resourceId) as resourceId
    | parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
    | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop
    | parse regex field=resourceId "/PROVIDERS/(?<provider_name>[^/]+)" nodrop
    | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?<resource_type>[^/]+)/(?<resource_name>.+)" nodrop
    | parse regex field=resource_name "(?<parent_resource_name>[^/]+)(?:/PROVIDERS/[^/]+)?/(?<service_type>[^/]+)/?(?<service_name>.+)" nodrop
    | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name
-   | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type,service_name
+   | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name
    ```
 ### Configure metric rules