Forum Discussion
Log Ingestion Delay in all Data connectors
Hi,
I have integrated multiple log sources in sentinel and all the log sources are ingesting logs between 7:00 pm to 2:00 am I want the log ingestion in real time. I have integrated Azure WAF, syslog, Fortinet, Windows servers. For evidence I am attaching a screenshots.
I am totally clueless if anyone can help I will be very thankful!
1 Reply
Hello, I've not seen this before across such a range of connectors (assuming its not a blip and fixed itself) you might want to confirm in the Logs what the "lastSeen" or Last log recieved is.
KQLunion * | extend lastSeen = datetime_diff('minute',now(), TimeGenerated) | summarize arg_max(TimeGenerated,lastSeen) by TableName=Type | order by lastSeen desc
