Forum Discussion
Linux AMA log ingestion filtering specific logs
I had previously applied ingestion time data transformation for few incoming logs in syslog table when I was using MMA agent for linux. Now I am moving to AMA for Linux servers.
How do I apply specific log filtering on AMA for linux logsources? such as if ip is 1.1.1.1 and it contains err logs, drop them.
I know it is possible in windows DCR but how can I built same DCR for linux in AMA to filter out them.
1 Reply
- To apply table transformations to Linux logs, perform the following.
Find/Search your Log Analytics Workspace (it will be the same as your Microsoft Sentinel workspace name)
Find the settings section and select tables
Find the Syslog Table
Click the 3 dots on the right-hand side of the screen.
Select "Create Transformation"
From here follow the prompts and apply your KQL query as required to apply whatever filtering you need
