Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Ingesting Sample data Log from GitHub repo to Sentinel

Copper Contributor

I am trying to ingest the Sample data logs from the Azure GitHub repository, GitHub link (https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data)

 

I am trying to ingest the Fortinet firewall logs in CEF format in the form of a CSV file, GitHub link  (https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/FortinetFortiGate.csv ).

 

I see majorly the log files are either .csv or .jason format. 

 

Can somebody help me in an easy way to ingest these Sample data logs to sentinel. 

 

Thanks, Much Appreciated. 

7 Replies
CSV files can be ingested as a Watchlist, as an alternative. You will then query the watchlist rather than a Table.

Also see https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/new-ingestion-sampledata-as-a-service...
Working on this. Let me see.
I did try this option and it worked. However, after entering the respective GitHub URL of the sample log data, and running the Test, I am getting an error as "PUT action failed".

the sample log path from GitHub I am trying to ingest is: https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/Forcepoint%20Cloud%20Security%...

Upon running the Test, getting an error as "PUT action failed". Also, if I click on the Ingest, i am getting the same error.

please guide further on this.


@mujju016

I do not have experience with Github URLs. 

Several times we used *.csv and *.log (text) files to ingest custom logs into Sentinel and it worked well.

This PowerShell command imports a PowerShell object into Sentinel, so if you can create a PowerShell object with data from the GitHub link, it will work.

 

I am not good with PowerShell.

I have done all the setup for the GUI based ingestion.
For AkamaiSIEM logs, i was able to ingest but not able to ingest any other one. I am Getting the same error as "PUT action failed" every time i try to run the Test.

Need help in resolving the issue. is there any limitation with the input here? is it only one input allowed per 24 hours or in a day ?

There is no input limitation. You can ingest logs once a day or every 10 minutes.