Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Ingesting Sample data Log from GitHub repo to Sentinel

Copper Contributor

I am trying to ingest the Sample data logs from the Azure GitHub repository, GitHub link (


I am trying to ingest the Fortinet firewall logs in CEF format in the form of a CSV file, GitHub link  ( ).


I see majorly the log files are either .csv or .jason format. 


Can somebody help me in an easy way to ingest these Sample data logs to sentinel. 


Thanks, Much Appreciated. 

7 Replies
CSV files can be ingested as a Watchlist, as an alternative. You will then query the watchlist rather than a Table.

Also see
Working on this. Let me see.
I did try this option and it worked. However, after entering the respective GitHub URL of the sample log data, and running the Test, I am getting an error as "PUT action failed".

the sample log path from GitHub I am trying to ingest is:

Upon running the Test, getting an error as "PUT action failed". Also, if I click on the Ingest, i am getting the same error.

please guide further on this.


I do not have experience with Github URLs. 

Several times we used *.csv and *.log (text) files to ingest custom logs into Sentinel and it worked well.

This PowerShell command imports a PowerShell object into Sentinel, so if you can create a PowerShell object with data from the GitHub link, it will work.


I am not good with PowerShell.

I have done all the setup for the GUI based ingestion.
For AkamaiSIEM logs, i was able to ingest but not able to ingest any other one. I am Getting the same error as "PUT action failed" every time i try to run the Test.

Need help in resolving the issue. is there any limitation with the input here? is it only one input allowed per 24 hours or in a day ?

There is no input limitation. You can ingest logs once a day or every 10 minutes.