As there are lots of question on this topic, I’m hoping this post will help. Also see my other post if you DO have Log Analytics What to do if you don’t have Log Analytics already in use in your company today, but want to price Azure Sentinel: Here I discuss three Options: An…Read more
As there are lots of question on this topic, I’m hoping this post will help. What to do if you have Log Analytics already in use in your company today: Step 1: Read my blog post on getting your average daily per Gigabyte value from Log Analytics Step 2: Run the query I provided…Read more
Why Average GB per day, it’s because that’s the information the Azure Pricing Calculator needs now that Azure Sentinel is released. This query looks at all billable data in your Log Analytics workspace and takes an average over the period. Example https://azure.microsoft.com/en-gb/pricing/calculator/ Then search for Sentinel / or look in the Security section. —————————————————————————————————————— //…Read more
In this example, now that Azure Sentinel is Generally Available (GA) we can look at the Azure Monitor Logs (Log Analytics) and Azure Sentinel charges. I have used Pay as You Go (PAYG) for both, using USD $ and EASTUS as the region, but please feel free to adapt to you local region or currency….Read more
We have a rich array of Microsoft and 3rd party connectors in Azure Sentine…Read more
I often blog about various Log Analytics syntax after I get asked the same question a few times, in this case a few times last month and twice this week so far! Also posted as a reply here _______________________________________________________________________________________________________________________________________ You can use externaldata operator to read files, like csv or tsv, scsv, sohsv, psv, txt,…Read more
// // // Now that the pricing is released – please see https://azure.microsoft.com/en-gb/pricing/calculator/ // // Please use https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/10/03/azure-sentinel-average-gb-per-day/ // ———————————————————————————————— Please use the above link – posted retained for examples only, now that Sentinel has been released ———————————————————————————————— This post combines two previous posts, one on Log Analytics and one on Sentinel Dashboards. https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/07/22/azure-log-analytics-looking-at-data-and-costs-part-4/ https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/07/19/azure-sentinel-dashboard-queries/…Read more
Building on Post 3 https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/07/18/azure-log-analytics-looking-at-data-and-costs-part-3/ You would probably take the data projection (see post 3) and add it into Excel to do the math, but you can also use KQL for that. I assigned a price of $2.30 (line 1); most of the rest of the syntax is the same. This is correct as of…Read more
I almost forgot about this set of tips, but I was asked again yesterday – so decided to post this. Often when investigating Event logs or Security Event logs, you look at the EventID. These are two of the most common basic methods. Event | summarize count() by EventID, RenderedDescription | sort by count_ desc…Read more
The vast majority of my day job at the moment includes Azure Sentinel. Some of the queries I’ve shown in the previous posts can be used to see data points for Sentinel as well. Typically I display all these on an Azure Dashboard, but you can also just use the queries. Sentinel specifc DashBoards can…Read more
Part1: https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/03/28/azure-log-analytics-looking-at-data-and-costs/ Part2: https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/05/09/azure-log-analytics-looking-at-data-and-costs-part-2/ Part3 – This post : https://cloudblogs.microsoft.com/industry-blog/en-gb/cross-industry/2019/07/18/azure-log-analyt…and-costs-part-3/ There are two parts to this post: 1. Predict Forward 2. Add more computers 1. Predict forward In the previous two posts on this topic, we’ve seen the data ‘as is’ and in the past (normally the past month) – but how to we predict…Read more
I’ve had the script for a while, but didn’t finish the last part until today. Many of my Azure connected Servers are dual-homed to Azure Monitor Logs (required by our IT Security people). So this report shows me which ones are connected to one or both workspaces. Instructions: You need to provide the long form…Read more
