Forum Discussion
Porter76
Jan 10, 2024Brass Contributor
Can I create DCR on a custom Data table?
Currently have a custom data table setup to ingest our AWS WAF logs. It is ingesting an enormous amount of data and I need a way to reduce this for the sake of cost. Is it possible to accomplish this with a Data Collection Rule? Do I need to configure a Data Collection Endpoint?
Appreciate any insight.
- MHenshawBrass ContributorHi there
If you are using the aws connector to bring in your logs, you can go to the log workspace > tables > $YOURAWSTABLE > 3 little dots and create transformation. here you can drop the logs you dont need and they wont ingested 🙂 - Clive_WatsonBronze ContributorYou need to be on the Log Ingestion API, have you seen: https://learn.microsoft.com/en-gb/azure/azure-monitor/logs/custom-logs-migrate
- Porter76Brass ContributorHi Clive,
The initial connector was setup with an AWS Lambda PS script that created the custom table in Sentinel and then periodically pushes the logs from an S3 to Sentinel.. How can I confirm whether i'm already on the Log Ingestion API?- Clive_WatsonBronze Contributor
If you go from Sentinel --> Settings --> Workspace settings. Then look at [tables] if they are (classic) then you are NOT on the right API. Select "edit schema" to get more info