Forum Discussion
Limit what data in Log Analytics to be passed on to Sentinel?
We have been using Sentinel in conjunction with Azure Log Analytics for quite some time to ingest selected security logs (AD, DNS, Windows Security etc.) from VM-agents in our server environment. Las...
GaryBushey Yes; only the manual counters that I had set up before I enabled "Azure monitor for VMs" are visible there. AMFVM seems to set up it's own data collection that you don't seem to be able to edit.
Please see the GA release info
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-ga-release-faq
Thanks CliveWatson. I read this before and have now read it again; and I realize that I can delete my old perfmon counters. However, I do not find any information regarding:
- Can I limit the "resolution" of data performance data sent to Log Analytics after upgrading to Azure Monitor for VMs? In the old solution, I could set intervals in seconds.- Can I choose not to collect data for a specific namespace? For us, Disk-metrics make up 90% of logs ingested and causes a lot of extra costs in Sentinel. If possible, I'd opt out.
And my wish would be to be able to exclude all performance counters from ingestion into Sentinel. This only results in added cost and no added value.
Magnus Tjerneld Were you able to find a solution to this? Filtering out which data that is ingested by sentinel?
- williamboyd We resorted to using separate workspaces for VM/Performance logs (not piped to Sentinel) and Security/Signin-logs (piped to Sentinel).
