Issue Description
When querying DGrep logs via the SRE Agent's
PerformDgrepSearch
tool for EU regions (e.g.,
westeurope
,
northeurope
), the
LogMessage
column content is returned as "Scrubbed" due to EUDB data residency sanitization. This makes it impossible to search for or filter on any unique identifiers (resource IDs, trace IDs, correlation IDs, error messages, etc.) within log content, as
LogMessage contains "..."
filters match zero rows against the scrubbed text.
All other metadata columns (
PreciseTimeStamp
,
ContainerName
,
PodName
,
Tenant
,
AzureResourceId
, etc.) are returned intact — only the
LogMessage
content is redacted.
This significantly degrades the agent's ability to investigate incidents for EU-hosted resources, as DGrep log trace analysis is a core step in the investigation workflow. Non-EU regions are unaffected.
Thread ID
51fccda2-be32-427b-9c2a-d77b311052db
Steps to Reproduce
- Use
PerformDgrepSearch
with the following parameters:
nameSpace:AzMonMetrics
eventName: ContainerLogV2
filters: Tenant=westeurope
startTime: 2026-04-07T19:09:00Z
endTime: 2026-04-07T19:11:00Z
serverQuery:
source | project PreciseTimeStamp, LogMessage, ContainerName, PodName | take 5
- Observe that rows are returned but LogMessage shows "Scrubbed" for every row.
- Now try filtering: change serverQuery to
source | where LogMessage contains "cosmos-dti-weu-dev" | project PreciseTimeStamp, LogMessage | take 50
- Observe 0 rows returned — the filter cannot match against scrubbed content.
- Repeat the same queries with any non-EU region (e.g., Tenant=westus3) to confirm LogMessage content is returned normally there.
Expected Behavior
The DGrep connector should return unscrubbed
LogMessage
content for EU regions, the same as it does for non-EU regions. The Geneva EU portal (
portal-eu.microsoftgeneva.com
) provides access to unscrubbed EU logs — the connector should route EU region queries through the appropriate EU endpoint to return full log content.
Actual Behavior
LogMessage
content is returned as the literal string "Scrubbed" for all rows in EU regions. All metadata columns are intact. Any
LogMessage contains "..."
filter returns 0 results, effectively blocking DGrep-based investigation for all EU-hosted resources.
Issue Description
When querying DGrep logs via the SRE Agent's
PerformDgrepSearch
tool for EU regions (e.g.,
westeurope
,
northeurope
), the
LogMessage
column content is returned as "Scrubbed" due to EUDB data residency sanitization. This makes it impossible to search for or filter on any unique identifiers (resource IDs, trace IDs, correlation IDs, error messages, etc.) within log content, as
LogMessage contains "..."
filters match zero rows against the scrubbed text.
All other metadata columns (
PreciseTimeStamp
,
ContainerName
,
PodName
,
Tenant
,
AzureResourceId
, etc.) are returned intact — only the
LogMessage
content is redacted.
This significantly degrades the agent's ability to investigate incidents for EU-hosted resources, as DGrep log trace analysis is a core step in the investigation workflow. Non-EU regions are unaffected.
Thread ID
51fccda2-be32-427b-9c2a-d77b311052db
Steps to Reproduce
PerformDgrepSearch
with the following parameters:
nameSpace:AzMonMetrics
eventName: ContainerLogV2
filters: Tenant=westeurope
startTime: 2026-04-07T19:09:00Z
endTime: 2026-04-07T19:11:00Z
serverQuery:
source | project PreciseTimeStamp, LogMessage, ContainerName, PodName | take 5
source | where LogMessage contains "cosmos-dti-weu-dev" | project PreciseTimeStamp, LogMessage | take 50
Expected Behavior
The DGrep connector should return unscrubbed
LogMessage
content for EU regions, the same as it does for non-EU regions. The Geneva EU portal (
portal-eu.microsoftgeneva.com
) provides access to unscrubbed EU logs — the connector should route EU region queries through the appropriate EU endpoint to return full log content.
Actual Behavior
LogMessage
content is returned as the literal string "Scrubbed" for all rows in EU regions. All metadata columns are intact. Any
LogMessage contains "..."
filter returns 0 results, effectively blocking DGrep-based investigation for all EU-hosted resources.