cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Linux AMA log ingestion filtering specific logs

securityxpert1122
Copper Contributor

‎Aug 29 2023 11:13 AM

‎Aug 29 2023 11:13 AM

Linux AMA log ingestion filtering specific logs

I had previously applied ingestion time data transformation for few incoming logs in syslog table when I was using MMA agent for linux. Now I am moving to AMA for Linux servers. 

How do I apply specific log filtering on AMA for linux logsources? such as if ip is 1.1.1.1 and it contains err logs, drop them. 

 

I know it is possible in windows DCR but how can I built same DCR for linux in AMA to filter out them. 

 

Labels:
377 Views
0 Likes
1 Reply
Reply
1 Reply
BillClarksonAntill

‎Sep 04 2023 12:17 AM

‎Sep 04 2023 12:17 AM

Re: Linux AMA log ingestion filtering specific logs

To apply table transformations to Linux logs, perform the following.

Find/Search your Log Analytics Workspace (it will be the same as your Microsoft Sentinel workspace name)
Find the settings section and select tables
Find the Syslog Table
Click the 3 dots on the right-hand side of the screen.
Select "Create Transformation"
From here follow the prompts and apply your KQL query as required to apply whatever filtering you need
0 Likes
Reply