Forum Discussion
Prashali_Shinde
Dec 28, 2022Copper Contributor
Send logs from one workspace to another workspace in different subscriptions
Hi team ,
We are looking for solution to send logs from one sentinel workspace to another workspace which is in different subscriptions under one directory. How can we do that, I think one option will be to use event hubs but how we will do that. Also how will be the pricing for it.
Any other approaches to cater to the requirements will be helpful
Thanks
- Dean_GrossSilver Contributorwhy do you want to do this? what problem are you trying to solve?
- mikhailfSteel Contributor
Hello Prashali_Shinde,
Probably you can export data from "Log Analytics 1" into "Storage Account" under "Subscription 1" using "Logic App1" and then using "Logic App 2" pull that data from the "Storage Account" into "Log Analytics 2" in "Subscription 2". You will need to allow access from "Logic App 2" to "Storage Account" via a Private endpoint or Service endpoint.
Consider also security questions.
This can be the "Logic App1":
Azure-Sentinel/Playbooks/Move-LogAnalytics-to-Storage at master · Azure/Azure-Sentinel (github.com)
- Prashali_ShindeCopper ContributorThanks for the detailed reply mikhailf will try this.
- Chandrasekhar_AryaSteel Contributormaybe the below article" Moving log analtics workspace " will help you to move from one subscription to another
- Prashali_ShindeCopper ContributorThanks Chandrasekhar, I checked moving log analytics workspace, but it is asking to delete existing and add new, but I want to keep both as it is and forward the logs from one LA workspace to another LA workspace within different subscription,