Forum Discussion
Azure Sentinel Built-in Data Connector Does not Ingest Logs from Storage Container into Log Table
mikhailf Yes. We tried 2 different storage account. But it problem is the same. The logs are being pushed into them. But, there is no log in the Cloudflare_CL table even after automatic deployment of the data connector using ARM template. We reverted the changes on the log source and even created new low push jobs on the source, but the issue persists and the logs do not appear in the log table.
Hello ParsaZ,
By deploying the data connector you deploy Azure Function. Please, find this function and under "Overview" verify that the Function Execution Count is not 0.
We created another container specifically for the firewall logs. The logs are being pushed in the container but again, not in the log table. And as we check the related function app's execution count, it is more than 0. But still no logs.
- The count is more than 0 because we are pushing different type of Cloudflare logs into Sentinel. But, Sentinel is only pushing the logs that we haven't made any changes on into the log table ( In the container, there are for example 5 log folders. One is for example DNS logs folder, one is Network, one is firewall etc. The logs in the firewall folder ( which are the logs that we tried to make changes on) are not being pushed into the Cloudflare table. But the logs in the other folders are. So, that is why the function app count is not 0.