[azure logs] Improve time parsing for ServicePrincipalSignInLogs #15083
Description
Context
It seems that the ServicePrincipalSignInLogs log category is missing the expected top-level common schema field time:
{
"AADTenantId": "c93c9793-5f58-41df-bf2b-cdc6b0e44570",
"Agent": "{\"agentType\":\"notAgentic\"}",
"AppId": "5c6d5e9a-e2a7-4c74-b4f8-df28e00aab6a",
"AppOwnerTenantId": "c93c9793-5f58-41df-bf2b-cdc6b0e44570",
"Category": "ServicePrincipalSignInLogs",
"ClientCredentialType": "clientSecret",
"CorrelationId": "83d4a233-76a0-4cc0-bbe6-9ce7ad506fc9",
"CreatedDateTime": "2025-07-01T10:45:17.5824212Z",
"DurationMs": 0,
"IPAddress": "10.0.4.1",
"Id": "078a3ffa-6d44-440d-b276-0aa760de8e02",
"Location": "US",
"OperationName": "Sign-in activity",
"OperationVersion": "1.0",
"ResourceDisplayName": "Microsoft Graph",
"ResourceGroup": "Microsoft.aadiam",
"ResourceIdentity": "1dee9afe-9a11-4682-9a2a-756481f09923",
"ResourceOwnerTenantId": "378375af-dc31-4802-9dd7-ee483673d812",
"ResultSignature": "SUCCESS",
"ResultType": "0",
"ServicePrincipalId": "91d04fb1-7754-4c2e-ac12-91abcafadf38",
"ServicePrincipalName": "Test",
"SourceSystem": "Azure AD",
"TenantId": "2a0bb6ef-8a1d-4e8b-83d6-c682d5ca56db7",
"TimeGenerated": "2025-07-01T10:46:52.1698784Z",
"Type": "AADServicePrincipalSignInLogs",
"UniqueTokenIdentifier": "whatever"
}Goal
- Update the signin logs data stream to use on of the existing time fields as a value for
@timestampforServicePrincipalSignInLogslog events.
Impact
Without this field, the event @timestamp would not be correctly represented in the indexed document, or cause errors.