Schema differences between /api/v2/logs and log stream custom webhook?

I am trying to build some passive monitoring around connections to notice, for example, if a certain MS Azure AD connection has issues. We currently have a custom webhook log stream defined hitting an endpoint we’ve exposed to ingest logs. But, it seems the connection(_id) field is missing. However, if I call the management api to fetch the logs, I notice those fields do exist (in addition to a lot more [eg. details]). Is there any way to adjust the schema for the log stream? If not and I want this data, does that mean I need to write a log puller?