Forum Discussion
Linux AMA log ingestion filtering specific logs
I had previously applied ingestion time data transformation for few incoming logs in syslog table when I was using MMA agent for linux. Now I am moving to AMA for Linux servers. How do I apply spec...
To apply table transformations to Linux logs, perform the following.
Find/Search your Log Analytics Workspace (it will be the same as your Microsoft Sentinel workspace name)
Find the settings section and select tables
Find the Syslog Table
Click the 3 dots on the right-hand side of the screen.
Select "Create Transformation"
From here follow the prompts and apply your KQL query as required to apply whatever filtering you need
Find/Search your Log Analytics Workspace (it will be the same as your Microsoft Sentinel workspace name)
Find the settings section and select tables
Find the Syslog Table
Click the 3 dots on the right-hand side of the screen.
Select "Create Transformation"
From here follow the prompts and apply your KQL query as required to apply whatever filtering you need