This blog post is authored by Nicholas DiCola
In the last few months working on Microsoft Sentinel, many customers have asked me about scaling up syslog CEF collection for getting data into Mic...
Updated Nov 03, 2021
Version 4.0
Blog Post
Hi Nicholas,
My Question might be somewhat in general.
1.) What types of data formats (Syslog, CEF, custom) can be taken up by Logstash for which it has some kind of mapping mechanism to ingest the data into Log Analytics workspace.
2.) Does Logstash have any mapping mechanism to map data format from any data source to convert into CEF or syslog which I suppose are the preferred choices of Sentinel?
3.) Do we really need Log Analytics Agent in between Logstash and Log Analytics workspace of sentinel?
4.) Which would be the best choice of data format (syslog, CEF, or custom) out from logstash to ingest into Log Analytics workspace of sentinel?
5.) Can the logstash-vmss be deployed on-prem?
6.) Could you please suggest to me the best choices of data intake format (I do understand various data sources may have their own data formats ) to Logstash from any data sources and data output format from Logstash to Log Analytics workspace of sentinel?
Regards,
Simranjeet