Forum Discussion
Latest costing/billing changes
Dear team, As of 18/9/22, i wanted to know the following things from Microsoft experts related to Microsoft sentinel Are there any charges related to 1) sending data to custom tables 2) use o...
Not sure of the 1 & 2 but KQL charges are as per the volume of data scanned per query. Check the "Search Job" Section of following https://azure.microsoft.com/en-us/pricing/details/microsoft-sentinel/
Now regarding the data forwarding to/from sentinel, it depends on the SIEM solution you're using. For splunk you need to use the following add-on: https://splunkbase.splunk.com/app/5312/
Refer to this link for more details: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-export-data-from-splunk-to-azure-sentinel/ba-p/1891237
Now regarding the data forwarding to/from sentinel, it depends on the SIEM solution you're using. For splunk you need to use the following add-on: https://splunkbase.splunk.com/app/5312/
Refer to this link for more details: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-export-data-from-splunk-to-azure-sentinel/ba-p/1891237
1. There are no charges specifically for the use of custom tables.
You pay for Log analytics ingestion, Sentinel ingestion just like any other regular table that is not specifically designated as free such as Azure Activity.
2. Not to my knowledge.
3. There is no cost for running regular kql queries. The search job mentioned above only applies when you want to search large amounts of data and the search requires more than 10 minutes to continue etc.
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2