![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 64%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXB%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,631 questions
Kindly follow: Custom data ingestion and transformation in Microsoft Sentinel, which offers "Filtering"
Ingestion-time transformation provides you with the ability to filter out irrelevant data even before it's first stored in your workspace.
You can filter at the record (row) level, by specifying criteria for which records to include, or at the field (column) level, by removing the content for specific fields. Filtering out irrelevant data can:
- Help to reduce costs, as you reduce storage requirements
- Improve performance, as fewer query-time adjustments are needed
Ingestion-time data transformation supports multiple-workspace scenarios.
Kindly follow Tutorial, as Transformations allow you to modify incoming data before it's stored in Azure Monitor.
If you don't have any further queries and the suggested answer is as per your business need, please "Accept the answer", This will help us and others in the community as well.
Thanks,
Akshay Kaushik