Forum Discussion
Send LEEF format Logs to Sentinel
Hi ,
How can I send LEEF format logs to Sentinel Workspace. Will I have to use Logstash and how ?
Is it possible to send it through Linux machine.
- GBushey
Microsoft
Prashali_Shinde Not sure if the system you are accessing is using an API but you could look at using the Log Ingestion API (Logs ingestion API in Azure Monitor (Preview) - Azure Monitor | Microsoft Docs) which can then use a Data Collection rule to handle the formatting of the fields.
If you want to use Logstash, take a look at Connect data sources through Logstash to Microsoft Sentinel | Microsoft Docs
