Additional information in the raw request hashtable for custom logging + UTC option

[Badgerati]

Discussed in #1491

^{Originally posted by chris-dma February 18, 2025}
Would it be possible to look at including additional information in the raw request hash table for custom request logging? Specifically, it would be great if we could have the hostname and the query strings portion of the request included. Additionally, it would be great if there was an option to use UTC in the raw hash table as well.

Here is an example of what I mean:

@{
Host = '10.10.0.3'
RfcUserIdentity = '-'
User = '-'
Date = '2018-06-14T20:23:52Z'
Request = @{
Method = 'GET'
Hostname = 'https://api.domain.com'
Resource = '/api/users'
QueryStrings = 'query1=vlaue&query2=value'
Protocol = "HTTP/1.1"
Referrer = '-'
Agent = ''
}
Response = @{
StatusCode = '200'
StautsDescription = 'OK'
Size = '9001'
}
}

I am currently using a custom logging script block to change the date format to UTC and then convert the raw hash table to compressed JSON then writing that to a newline-delimited JSON logfile, which is then picked up by the Elastic Agent to ingest the request logs. This works quite well but it would save some processing if the date format could be in UTC format already and the additional information would be helpful to be included.

[Badgerati]

@chris-dma I can look at adding the Querystring and Hostname, the data is a little different as it's best to use [DateTime]::Now and have the actually underlying server configured to use UTC. However, I can see an enhancement with the dates being passed, where it'd be better to have the raw DateTime object and not a string - so I might have a Date and a UtcDate in the raw object

[chris-dma]

@Badgerati thank you. I've had a look at the Logging.ps1 and create a pull request which adds these to the $item variable. Apologies if I have done anything wrong with the pull request - this is my first time using GitHub.