SOLVED

Migrating data from blob to Log analytics

%3CLINGO-SUB%20id%3D%22lingo-sub-334262%22%20slang%3D%22en-US%22%3EMigrating%20data%20from%20blob%20to%20Log%20analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-334262%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EOur%20data%20was%20pushed%20to%20Azure%20blob%20via%20shoebox%20pipeline%20in%20the%20form%20of%20json%2Fjson%20lines.%3CBR%20%2F%3EWe%20are%20looking%20forward%20to%20depend%20on%20Log%20analytics%20for%20monitoring%2Freporting%20solution.%3C%2FP%3E%0A%3CP%3EWe%20would%20like%20to%20migrate%20that%20history%20data%20stored%20in%20blob%20to%20LogAnalytics.%26nbsp%3B%3CBR%20%2F%3EWhat%20is%20the%20best%20way%20to%20migrate%20the%20data%20from%20blob%20to%20loganalytics%3F%3CBR%20%2F%3EI%20came%20across%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-collector-api%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Edata%20collector%20api%3C%2FA%3E%20to%20ingest%20data%20to%20LA.%20My%20initial%20thought%20was%20creating%20custom%20tool%20to%20fetch%20data%20from%20blob%20container%20and%20ingest%20to%20LA%20using%20this%20API.%26nbsp%3B%3CBR%20%2F%3EI%20am%20wondering%20is%20there%20any%20existing%20tool%20to%20achieve%20this%20migration.%20If%20not%2C%20what%20is%20the%20best%20way%20to%20migrate%20data%20from%20blob%20to%20LA%3F%3C%2FP%3E%0A%3CP%3EAny%20pointers%20would%20be%20great.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-334262%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-338273%22%20slang%3D%22en-US%22%3ERe%3A%20Migrating%20data%20from%20blob%20to%20Log%20analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-338273%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EThere%20is%20no%20out%20of%20the%20box%20functionality%20that%20can%20do%20that%20so%20you%20will%20have%20to%20ingest%20the%20data%20by%20building%20your%20own%20solution.%20You%20can%20use%20automation%20tools%20like%20Azure%20Automation%2C%20Logic%20App%20or%20Azure%20Function.%20With%20those%20automation%20tools%20you%20will%20use%20the%20data%20ingestion%20API%20you%20have%20mentioned.%20One%20important%20thing%20to%20remember%20about%20the%20data%20ingestion%20api%20and%20Log%20Analytics%20is%20that%20you%20have%20retention%20in%20Log%20Analytics.%20By%20default%20that%20retention%20is%2031%20days%20and%20you%20can%20increase%20it%20up%20to%20two%20years.%20The%20retention%20purges%20any%20data%20that%20is%20old%20than%20the%20set%20retention%20period.%20Old%20data%20is%20looked%20by%20TimeGenerated%20column.%20When%20you%20use%20the%20data%20ingestion%20api%20when%20you%20import%20records%20you%20will%20have%20to%20set%20TimeGenerated%20column%20for%20your%26nbsp%3B%20records%20otherwise%20the%20date%20when%20you%20imported%20the%20log%20will%20be%20put%20in%20TimeGenerated%20column%20for%20that%20record.%20If%20you%20import%20the%20logs%20with%20TimeGenerated%20date%20of%20the%20ingestion%20you%20will%20have%20a%20bunch%20of%20records%20with%20wrong%20time%20period%20and%20will%20be%20hard%20to%20make%20sense%20of%20that%20data.%20When%20you%20set%20your%20TimeGenerated%20date%20remember%20that%20the%20date%20you%20are%20setting%20must%20be%20in%20the%20boundaries%20of%20the%20retention.%20If%20it%20is%20out%20of%20the%20boundaries%20of%20the%20retention%20the%20API%20will%20report%20successful%20ingestion%20but%20you%20will%20not%20see%20the%20logs%20as%20they%20will%20be%20purged%20immediately.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Microsoft

Hi,

Our data was pushed to Azure blob via shoebox pipeline in the form of json/json lines.
We are looking forward to depend on Log analytics for monitoring/reporting solution.

We would like to migrate that history data stored in blob to LogAnalytics. 
What is the best way to migrate the data from blob to loganalytics?
I came across data collector api to ingest data to LA. My initial thought was creating custom tool to fetch data from blob container and ingest to LA using this API. 
I am wondering is there any existing tool to achieve this migration. If not, what is the best way to migrate data from blob to LA?

Any pointers would be great.

 

1 Reply
Highlighted
Solution

Hi,

There is no out of the box functionality that can do that so you will have to ingest the data by building your own solution. You can use automation tools like Azure Automation, Logic App or Azure Function. With those automation tools you will use the data ingestion API you have mentioned. One important thing to remember about the data ingestion api and Log Analytics is that you have retention in Log Analytics. By default that retention is 31 days and you can increase it up to two years. The retention purges any data that is old than the set retention period. Old data is looked by TimeGenerated column. When you use the data ingestion api when you import records you will have to set TimeGenerated column for your  records otherwise the date when you imported the log will be put in TimeGenerated column for that record. If you import the logs with TimeGenerated date of the ingestion you will have a bunch of records with wrong time period and will be hard to make sense of that data. When you set your TimeGenerated date remember that the date you are setting must be in the boundaries of the retention. If it is out of the boundaries of the retention the API will report successful ingestion but you will not see the logs as they will be purged immediately.