I've connected vRLI Cloud to an Azure Storage Account to pull in NSG Flowlogs. In order to make them helpful I need a way to split the log into multiple entries for each Rule:FlowTuple event in a single log. See Log network traffic flow to and from a VM - tutorial - Azure portal | Microsoft Docs for an example logfile. Using this an an example I'd like to turn this single record into 9 separate ones like so:
"DefaultRule_DenyAllInBound,1542110402,94.102.49.190,10.5.16.4,28746,443,U,I,D,B,,,,"
"DefaultRule_DenyAllInBound,1542110424,176.119.4.10,10.5.16.4,56509,59336,T,I,D,B,,,,"
"DefaultRule_DenyAllInBound,1542110432,167.99.86.8,10.5.16.4,48495,8088,T,I,D,B,,,,"
"DefaultRule_AllowInternetOutBound,1542110377,10.5.16.4,13.67.143.118,59831,443,T,O,A,B,,,,"
"DefaultRule_AllowInternetOutBound,1542110379,10.5.16.4,13.67.143.117,59932,443,T,O,A,E,1,66,1,66"
"DefaultRule_AllowInternetOutBound,1542110379,10.5.16.4,13.67.143.115,44931,443,T,O,A,C,30,16978,24,14008"
"DefaultRule_AllowInternetOutBound,1542110406,10.5.16.4,40.71.12.225,59929,443,T,O,A,E,15,8489,12,7054"
Any hints? Attached is an ingested log sample.