cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Event to Log Workspace Delays

shockotechcom
Brass Contributor

‎Apr 07 2020 04:33 PM - last edited on ‎Apr 08 2022 10:22 AM by

‎Apr 07 2020 04:33 PM - last edited on ‎Apr 08 2022 10:22 AM by

Event to Log Workspace Delays

Guys, is their a delay/latency in say the export of sign-in logs from AzureAD into a log analytics workspace? My security team have asked for real-time alerts on certain account sign ins. Should I look at Event hubs?

3,671 Views
0 Likes
2 Replies
Reply
2 Replies
CliveWatson

‎Apr 08 2020 01:57 AM

‎Apr 08 2020 01:57 AM

Re: Event to Log Workspace Delays

@shockotechcom 

This lists the latency details.

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-ingestion-time

 

You can measure it with the queries in the link or via my Usage Workbook, which has a whole Tab (page) for latency  https://techcommunity.microsoft.com/t5/azure-sentinel/usage-reporting-for-azure-sentinel/ba-p/126738... 

 

Other solutions may decrease latency, but you need to weigh that against complexity and costs etc...

1 Like
Reply
shockotechcom

‎Apr 09 2020 06:21 AM

‎Apr 09 2020 06:21 AM

Re: Event to Log Workspace Delays

@CliveWatson Thanks! We are using a 3rd party SIEM so we don't have Azure Sentinel. Specifically for the AzureAD sign in logs, would an event hub have less latency than a LA workspace? 

0 Likes
Reply