Forum Discussion
Solved
Sentinel Data - where to after 90 days?
Hey all, I currently have Sentinel and it's configured with data only stored in Log Analytics for 90 days. This has always been more than enough. However, I am now getting a new corporate directi...
DGMalcolm this isn't major, simply like many other Azure services you need to deploy it and run it. Unlike log analytics where Microsoft run the underlying service, with ADX you manage the cluster and also the Eventhub service that sends the data to ADX.
It may come down to simplicity and cost. ADX requires setup and on-going management but gives you quick access to the data. There is also a BLOB storage but that has its own cost vs usage to assess.
Archive is more set and forget but is best suited for occasional use hence its low cost. So if you are only keeping the data for compliance or very occasional use then this is often the best choice. Do factor in the restore costs for the occasions yiu do need the data restored
Archive is more set and forget but is best suited for occasional use hence its low cost. So if you are only keeping the data for compliance or very occasional use then this is often the best choice. Do factor in the restore costs for the occasions yiu do need the data restored
Clive_Watson Thank you for your response.
When you say that ADX has "ongoing management" requirements what do you mean?
DGMalcolm this isn't major, simply like many other Azure services you need to deploy it and run it. Unlike log analytics where Microsoft run the underlying service, with ADX you manage the cluster and also the Eventhub service that sends the data to ADX.
- Great, thanks for the info and the follow up.
