We are looking for solution to send logs from one sentinel workspace to another workspace which is in different subscriptions under one directory. How can we do that, I think one option will be to use event hubs but how we will do that. Also how will be the pricing for it.
Any other approaches to cater to the requirements will be helpful
Thanks Chandrasekhar, I checked moving log analytics workspace, but it is asking to delete existing and add new, but I want to keep both as it is and forward the logs from one LA workspace to another LA workspace within different subscription,
Probably you can export data from "Log Analytics 1" into "Storage Account" under "Subscription 1" using "Logic App1" and then using "Logic App 2" pull that data from the "Storage Account" into "Log Analytics 2" in "Subscription 2". You will need to allow access from "Logic App 2" to "Storage Account" via a Private endpoint or Service endpoint.
