Forum Discussion
Ronak_Shah
Aug 10, 2021Copper Contributor
Data Ingestion speed in Azure Sentinel
Hi,
We are working on creating a custom connector to ingest the data in Azure Sentinel. We are trying to replicate a product that we made in Splunk. However, the time taken to ingest our data in Azure Sentinel is significantly higher than in Splunk. For ingesting 1.5K-2K data splunk takes a minute while Azure Sentinel takes 10-15 mins. Is there any way to improve ingestion speed in Azure?
- CliveWatsonMicrosoftWhat technology are you using, Azure Functions, Playbook, API etc... Have you looked at https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors#guide-to-building-azure-sentinel-data-experiences ?
- Ronak_ShahCopper ContributorCliveWatson, We are using Azure Function (Python). We have followed the same link you provided above.However, we cannot identify any best practices to follow to make sure performance is improved in the data collection. Can you please help us with any checklist or best practices to follow to make the data collection intact and optimized?