Forum Discussion
Ingesting Sample data Log from GitHub repo to Sentinel
I am trying to ingest the Sample data logs from the Azure GitHub repository, GitHub link (https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data). I am trying to ingest the Fortinet f...
I did try this option and it worked. However, after entering the respective GitHub URL of the sample log data, and running the Test, I am getting an error as "PUT action failed".
the sample log path from GitHub I am trying to ingest is: https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/Forcepoint%20Cloud%20Security%20Gateway.csv
Upon running the Test, getting an error as "PUT action failed". Also, if I click on the Ingest, i am getting the same error.
please guide further on this.
the sample log path from GitHub I am trying to ingest is: https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/Forcepoint%20Cloud%20Security%20Gateway.csv
Upon running the Test, getting an error as "PUT action failed". Also, if I click on the Ingest, i am getting the same error.
please guide further on this.
I do not have experience with Github URLs.
Several times we used *.csv and *.log (text) files to ingest custom logs into Sentinel and it worked well.
This PowerShell command imports a PowerShell object into Sentinel, so if you can create a PowerShell object with data from the GitHub link, it will work.
I am not good with PowerShell.
I have done all the setup for the GUI based ingestion.
For AkamaiSIEM logs, i was able to ingest but not able to ingest any other one. I am Getting the same error as "PUT action failed" every time i try to run the Test.
Need help in resolving the issue. is there any limitation with the input here? is it only one input allowed per 24 hours or in a day ?- There is no input limitation. You can ingest logs once a day or every 10 minutes.