Forum Discussion
Sentinel cost per month for 500GB per day - questions
Thanks guys, this is very helpful!
Another question based on this same example (please and thanks).
If you want to keep data available for kql queries up to 1 year, would I set Data Archive to 1 year?
So:
- Basic Logs: zero
- Analytic Logs: 500GB/day (is this for 30 or 90 days?)
- Data Archive: 1 year (can this still be queried via kql?)
- Azure Monitor Data Restore - not needed? Assume this is a 'typical' use case.
- Azure Monitor Search Queries and Search Jogs - not needed? Assume this is a 'typical' use case.
= Total monthly cost: $41,600k
SocInABox You can keep the data in Microsoft Sentinel for up to two years. If you want to keep it for just one, set the Data Retention to 365. You will pay for the difference between the 90 free days and the 365 days in a year (275 days).
Keep in mind that you will keep adding to the amount being archived each month after your first 90 days and then it will level off after a year. Also, you can set table level data retention so you only keep those tables you need for 90 days (see link below)
If you don't think you will be using the data all the time, take a look at archival capabilities that will still allow you to search (for a cost) without having them retained in MS Sentinel: Configure data retention and archive in Azure Monitor Logs (Preview) - Azure Monitor | Microsoft Docs
