// Usage Instruction : 
// Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias as Workplace_Facebook.
// Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. Workplace_Facebook | take 10).
// Reference : Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions
let Workplace_Facebook_view = view () {
    Workplace_Facebook_CL 
| extend tmp = parse_json(entry_s) 
| mv-expand tmp 
    | extend   
                EventUid = tmp["id"],
                EventEndTime = unixtime_seconds_todatetime(tolong(tmp["time"])),
                Changes = tmp["changes"],
                EventType = object_s,
                EventVendor = "Facebook",
                EventProduct = "Workplace"
    | project-away tmp, entry_s, object_s
};
Workplace_Facebook_view