Forum Discussion
Log forwarder sending duplicate logs
I have two log forwarders sending logs to Sentinel. One is logstash and other one is Azure log forwarder I setup on Ubuntu. Since logstash was sending logs to commonsecuritylogs_CL table and those ...
Run the following KQL query to get the list of log forwarders (set the timeframe according to you need)
CommonSecurityLog
| distinct DeviceVendor
CommonSecurityLog
| distinct DeviceVendor