May 23 2022 02:02 PM
I am retrieving sign in and activity audit logging from 3 source systems with 3 different scripts, one for each system, and preparing to send them to a custom log in Azure Monitor.
I know that once in Azure Monitor I will be writing queries and having to join or union the 3 datasets, so my questions are;
I remember in Filebeat, it would hold many different log sources in the one index (table), and so wondering if i should do the same here in Azure?