Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,169 questions
Azure Sentinel Built-in Data Connector Does not Ingest Logs from Storage Container into Log Table
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 23%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
z88pu
6
Reputation points
We were receiving logs from a particular log source (Cloudflare Firewall logs) into Sentinel using Sentinel's built-in data connectors. (The data connector was automatically deployed using ARM Template.)
Few days ago we made some configuration changes on the log source so that the logs would be pushed into Sentinel when matching certain criteria ( for example when they are associated with a particular host). But, after those config changes, the data connector stoped ingesting logs into the table. The logs are still being pushed into the storage container on Azure and are being consistently updated, but the are not being pushed into the log table. We even tried to reverse the changes on the source side so that logs would be exactly the same as before, but the problem still persists.
Trying to reconfigure the data connector by redeploying it using ARM Template also didn't help.
We would appreciate it if anybody could assist us on this urgent issue.
Azure Blob Storage
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,275 questions
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 35,601 Reputation points Microsoft Employee Moderator2022-12-29T09:47:52.76+00:00 @z88pu Thank you for reaching out to us, this issue requires deeper investigation, lets connect offline.
Sign in to comment
Sign in to answer