Forum Discussion
Ingesting Logs through Azure Private Link
For API-based log sources behind private networking, I would design this around Azure Monitor Private Link Scope plus Data Collection Endpoint/Data Collection Rule and the Logs Ingestion API. CCF connectors are SaaS-hosted, so they are not a good fit when the connector itself must run inside your private network.
There is not a universal "pre-made Logs Ingestion API config" because each source needs a DCR stream/schema and a transform that matches the source payload. The reusable part is the pattern:
1. Create or reuse the Log Analytics workspace used by Sentinel.
2. Create a DCE in the region and add it to AMPLS.
3. Create a DCR with a custom table or supported stream.
4. Run a small collector inside the private network, for example Container Apps, AKS, VM, or Function if still acceptable for your lifecycle.
5. Send to the DCE Logs Ingestion API endpoint using managed identity or Entra app auth.
For many API sources, one generic collector can support multiple sources if you normalize each source to its own DCR/table. You do not necessarily need one app per source.
Useful docs:
https://learn.microsoft.com/azure/azure-monitor/fundamentals/private-link-security
https://learn.microsoft.com/azure/sentinel/create-custom-connector
https://learn.microsoft.com/azure/sentinel/create-codeless-connector