Microsoft sentinel custom parsers

Occasional Contributor

Dear All,

 

There are charges as per the Microsoft website for creating custom coloumns during parsing. 

 

Please let me know the following:-

What is the charge exactly?

How much i will charge if i do parsing and create a single custom coloumns?

What is i do the parsing and use the already existing coloumns for example "Account", is there any charges for it? Kindly share any supporting documents or links from Microsoft for support.

 

Regards

Sammy.

 

 

https://techcommunity.microsoft.com/t5/microsoft-sentinel/latest-costing-billing-changes/m-p/3679568

 

2 Replies
The change is applicable only for the data ingested.
E.g. - If you ingest 1 GB data through your syslog server to Sentinel it will have a one time cost for
1. ingestion + analysis
2. 90 days retention
Now, if you create multiple parsers (similar to views) they query the ingested data for multiple time , they are free of cost.
Hope this helps.

@samikroy 

 

There is no cost for post-ingestion parsing and no change to the data. This is essentially a query or reusable function that displays the parsed data in a view.

 

Transformation or pre-ingestion parsing can change the data This feature is in preview and pricing information has not been announced. Data collection transformations - Azure Monitor | Microsoft Learn