Forum Discussion
Log analytics agent basic logs / analytics logs
Does this mean the log analytics agent will be able to send important logs directly to the LAW and mundane logs into basic logs? Or will you still need some proxy/log collector in between to distingu...
Ah yes interesting. But if you have a log aggregator in the middle like a logstash or fluentd, you can convert them to custom logs and send all that info to basic logs ? Of course this means you have to be very well aware of your own generated logs.
That might indeed be possible.
However, you would need to use the Data Collection Rule (DCR)-based custom logs API.
The current data connector for logstash does not use the above API, but instead uses the HTTP Data Collector REST API, so you would need to migrate to the required API or not use the data connector at all.
https://docs.microsoft.com/en-us/azure/sentinel/connect-logstash
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate
I do not have any experience here so cannot give a definite answer unfortunately.
However, you would need to use the Data Collection Rule (DCR)-based custom logs API.
The current data connector for logstash does not use the above API, but instead uses the HTTP Data Collector REST API, so you would need to migrate to the required API or not use the data connector at all.
https://docs.microsoft.com/en-us/azure/sentinel/connect-logstash
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/custom-logs-migrate
I do not have any experience here so cannot give a definite answer unfortunately.