Forum Discussion

Porter76's avatar
Porter76
Brass Contributor
Jan 10, 2024

Can I create DCR on a custom Data table?

Currently have a custom data table setup to ingest our AWS WAF logs. It is ingesting an enormous amount of data and I need a way to reduce this for the sake of cost. Is it possible to accomplish this with a Data Collection Rule? Do I need to configure a Data Collection Endpoint? 

 

Appreciate any insight.

  • MHenshaw's avatar
    MHenshaw
    Brass Contributor
    Hi there

    If you are using the aws connector to bring in your logs, you can go to the log workspace > tables > $YOURAWSTABLE > 3 little dots and create transformation. here you can drop the logs you dont need and they wont ingested 🙂
    • Porter76's avatar
      Porter76
      Brass Contributor
      Hi Clive,
      The initial connector was setup with an AWS Lambda PS script that created the custom table in Sentinel and then periodically pushes the logs from an S3 to Sentinel.. How can I confirm whether i'm already on the Log Ingestion API?
      • Clive_Watson's avatar
        Clive_Watson
        Bronze Contributor

        Porter76 

         

        If you go from Sentinel --> Settings --> Workspace settings.  Then look at [tables]  if they are (classic) then you are NOT on the right API.   Select "edit schema" to get more info 

         

Resources