Forum Discussion
Moving target data between Log Analytics workspaces
Hi,
I am after a simple way of moving target data between two log analytics workspaces.
The first log analytics workspace contains a significant volume of AKS logs. I want to copy a sub-set of these logs into Sentinel. As an example, AKS has a nginx ingress controller running, I want to copy the normalized logs from it over to Sentinel so I can run web-based detections on it.
Initially I tried doing this with a logic app. The logic app does a good job of extract what I am after. I can't get Azure Log Analytics Data Collector so upload the values correctly - it looks like it is designed to upload a single value at a time.
I am now looking at querying external workspaces or putting together an Azure function. Interested in other suggestions for how to solve this?
cheers,
Michael
Hey sneakypanda
Have you considered using a logstash server to forward logs from one log analytics workspace to another using the azure monitor plugins
This should you the bridge you need to transfer data between each of the workspaces
Its not pretty, but it will get it there
