Forum Discussion

Copper Contributor

Feb 08, 2022

How to find the azure vm ingested log size to sentinel

Hi all, I need some help. I want to find the total ingested log size (daily or weekly) from azure VM which is used for syslog-forwarder. I can find the only Usage table which is billable or not. Th...

Clive_Watson

Bronze Contributor

Feb 08, 2022

zaylinhtun

Usage no longer holds Computer info, so you can check the Syslog Table instead. This shows each day for the last 7days (adjust to suit).

Syslog
| where TimeGenerated > ago(7d)
| where _IsBillable = true
| where Computer == ' name of your Syslog server '
| summarize sum(_BilledSize) by bin(TimeGenerated, 1d)

Syslog
| where TimeGenerated > ago(7d)
| where _IsBillable = true
//| where Computer == ' .. '
| summarize GBytes=sum(_BilledSize)/(1024*1024*1024) by bin(TimeGenerated, 1d), Computer
| render barchart 

Syslog
| where TimeGenerated > ago(7d)
| where _IsBillable = true
| summarize bytes=sum(_BilledSize) by bin(TimeGenerated, 1d), Computer
| render barchart

or for all Syslog Servers

Forum Discussion

How to find the azure vm ingested log size to sentinel

Share

Resources