Forum Discussion

macfredn445's avatar
macfredn445
Copper Contributor
Aug 22, 2024

Elastic Logs sent for long term storage in Azure

Hello all, I am using Elastic SIEM in my environment, but due to some pressing requirements - we would like to send the logs for long term storage. Now, I am not really sure how to send the Elastic ...
sdtslmn's avatar
sdtslmn
Brass Contributor
Aug 23, 2024

macfredn445 

 

Azure Data Explorer (ADX) for Log Storage:

You can set up Elastic SIEM to export logs directly to Azure Data Explorer (ADX) for advanced querying and real-time analytics. This can be done using custom export pipelines or Logstash with an ADX output plugin. ADX is ideal for environments where you need to frequently analyze large volumes of log data. However, it may require more complex setup compared to Blob Storage.

Azure Blob Storage via Logic Apps:

For a simpler, cost-effective solution, use Azure Logic Apps to periodically export Elastic SIEM logs to Azure Blob Storage. This method is great for long-term storage where frequent querying isn't necessary. It’s easier to set up but lacks the advanced querying capabilities of ADX.

Recommendation:

If you prioritize simple storage and cost, go with Azure Blob Storage. For advanced analytics, ADX is more suitable, albeit with a more complex setup. Both methods are reliable, with minimal risk of data loss if properly configured.

Resources