Forum Discussion
zaylinhtun
Feb 08, 2022Copper Contributor
How to find the azure vm ingested log size to sentinel
Hi all, I need some help.
I want to find the total ingested log size (daily or weekly) from azure VM which is used for syslog-forwarder. I can find the only Usage table which is billable or not.
Thanks all.
- Clive_WatsonBronze Contributor
Usage no longer holds Computer info, so you can check the Syslog Table instead. This shows each day for the last 7days (adjust to suit).
Syslog | where TimeGenerated > ago(7d) | where _IsBillable = true | where Computer == ' name of your Syslog server ' | summarize sum(_BilledSize) by bin(TimeGenerated, 1d)
Syslog | where TimeGenerated > ago(7d) | where _IsBillable = true //| where Computer == ' .. ' | summarize GBytes=sum(_BilledSize)/(1024*1024*1024) by bin(TimeGenerated, 1d), Computer | render barchart Syslog | where TimeGenerated > ago(7d) | where _IsBillable = true | summarize bytes=sum(_BilledSize) by bin(TimeGenerated, 1d), Computer | render barchart
or for all Syslog Servers