Forum Discussion
Magnus Tjerneld
May 04, 2020Copper Contributor
Limit what data in Log Analytics to be passed on to Sentinel?
We have been using Sentinel in conjunction with Azure Log Analytics for quite some time to ingest selected security logs (AD, DNS, Windows Security etc.) from VM-agents in our server environment. Las...
Magnus Tjerneld
May 05, 2020Copper Contributor
GaryBushey Yes; only the manual counters that I had set up before I enabled "Azure monitor for VMs" are visible there. AMFVM seems to set up it's own data collection that you don't seem to be able to edit.
CliveWatson
May 05, 2020Former Employee
Please see the GA release info
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-ga-release-faq
- Magnus TjerneldMay 05, 2020Copper Contributor
Thanks CliveWatson. I read this before and have now read it again; and I realize that I can delete my old perfmon counters. However, I do not find any information regarding:
- Can I limit the "resolution" of data performance data sent to Log Analytics after upgrading to Azure Monitor for VMs? In the old solution, I could set intervals in seconds.- Can I choose not to collect data for a specific namespace? For us, Disk-metrics make up 90% of logs ingested and causes a lot of extra costs in Sentinel. If possible, I'd opt out.
And my wish would be to be able to exclude all performance counters from ingestion into Sentinel. This only results in added cost and no added value.
- williamboydSep 24, 2020Copper Contributor
Magnus Tjerneld Were you able to find a solution to this? Filtering out which data that is ingested by sentinel?
- Magnus TjerneldSep 24, 2020Copper Contributorwilliamboyd We resorted to using separate workspaces for VM/Performance logs (not piped to Sentinel) and Security/Signin-logs (piped to Sentinel).