none
Filtering Windows Events before ingesting into Log Analytics RRS feed

  • Question

  • Hi all -

    Is there a way I can filter out unnecessary event ids before ingesting into log analytics?

    Thursday, January 9, 2020 8:53 PM

All replies

  • Thanks for reaching out! AFAIK , Its not possible to filter out Windows event data before ingesting into log analytics. One suggestion which might work is that you can filter data using a Powershell script and store it in different location and use Custom Logs feature to ingest data into log analytics.

    You can share the product feedback or suggestions directly with responsible Azure feature team here.

    Hope this helps!

    Monday, January 13, 2020 4:44 AM
    Moderator
  • Powershell script + custom logging wouldn't work for me because this would interfere with Azure Sentinels ability. I'm trying to filter out noise on Windows Security logs.

    According to the Azure feedback website, this has been requested since 2014. As mentioned by others, this is not cost effective. This was said to be in preview in 2018 and it's 2020... 

    https://feedback.azure.com/forums/267889-azure-monitor-log-analytics/suggestions/6658106-log-filtering

    Tuesday, January 14, 2020 1:02 PM