Jan 16 2024 01:03 PM
I am going to configure a pipeline to push out AWS API GW logs to sentinel using S3 and lambda. In the past when I have used this same method, I am unable to create transformations on the custom data table or user DCR's.
How can I go about doing this so when I create the custom table I am able to create transformations and DCR's? There will be an enormous amount of data thats being sent so I need to be able to filter on only the data I need.
Thanks
Jan 17 2024 05:25 AM
Jan 17 2024 06:42 AM
Jan 23 2024 03:51 AM - edited Jan 23 2024 03:52 AM
Hi if you cannot add a transformation through the LAW > tables etc, then you can add a custom transformation to the DCR itself 🙂
This link goes more in depth on this here - https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations
Thats how i've gotten round not being able to add transformations to custom tables in the past
Hope that helps