For more information about Log Analytics functions refer to:

• KQL user defined functions
• Managing user functions in Azure Monitor

These functions help to simplify the projection of the Manadatory and Recommended columns based of the selected ASIM Schema.

Because you don't have to think about the fields you need to either project or project-away when parsing data from the CommonEventLog or Syslog table, you can now fully focus on optimizing the parser itself.

Using this function also increases the processing speed which has been tested in multiple large enterprise environments

The Project Schema function is extremely easy to use!
There are two ways to use the functions. You can either let the base function automatically deside what schema to use based on the EventSchema column or manually specify the desired schema.

Just add the following line to the end of your parser, and you are good to go.

only project Mandatory and Recommended ASIM columns

| invoke ASIM_ProjectSchema()

Project ALL Mandatory, Recommended and Optional ASIM columns

| invoke ASIM_ProjectSchema(optional=true)

only project Mandatory and Recommended ASIM columns

| invoke ASIM_ProjectNetworkSessionSchema()

Project ALL Mandatory, Recommended and Optional ASIM columns

| invoke ASIM_ProjectNetworkSessionOptional()

• The ASIM_ProjectSchema function will evaluate the value Mandatory EventSchema column
  
• Based on the value in the EventSchema column the appropriate project function will be called
• The dedicated Schema function will project the Mandatory, Recommended and optionally the Optional columns related to the specific schema.