This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 42%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELA%3C/text%3E%3C/svg%3E)
Currently we have a Hub and Spoke topology implemented and we do have shared resources like Azure Firewall, API Management and App Gateway, we would like to validate what would be the recommended approach to split those logs into the spokes (Storage Accounts or Log Analytivs Workspaces) based on the data ownership of each, it would be also fine if this could be achived by some automated rules like the subscription that a private or public IP was deployed.
Hi there,
You can't split logs from the shared services natively. As a workaround you can send the logs to a centralized workspace or a storage account and then process the logs with API\LogicApps\PowerShell by patterns (public IP address, etc). It will be overcomplicated, imho.
Hi @Maxim Sergeev ,
We do have a central log analytics workspace in the hub and that would be definitely an option and we already had it in mind. But as it is not a unusual scenario and we know that no native solution is available, we were wondering if anyone in the community has done at least the kind of mapping of possible links (to resources+spokes) that we wanted to do; we know that based on NICs, Private Endpoints and a couple more resources there will be a way, but we wanted to really check and be sure before moving on starting from scratch.
Thank you for the collaboration.