Sep 07 2022 10:41 PM
Hi ,
How can I send LEEF format logs to Sentinel Workspace. Will I have to use Logstash and how ?
Is it possible to send it through Linux machine.
Sep 12 2022 09:32 AM
@Prashali_Shinde Not sure if the system you are accessing is using an API but you could look at using the Log Ingestion API (Logs ingestion API in Azure Monitor (Preview) - Azure Monitor | Microsoft Docs) which can then use a Data Collection rule to handle the formatting of the fields.
If you want to use Logstash, take a look at Connect data sources through Logstash to Microsoft Sentinel | Microsoft Docs