Problem with Sentinel logs ingestion (data dropped) - System.Runtime.Caching.CacheItem

Paulo Matos 0 Reputation points
2024-03-18T19:16:11.5733333+00:00

I am trying to ingest logs from a Logic App I created. The playbook seems to work fine, it sends everything with status 200.

I created a custom analytics log table, mapped it correctly with the schema from the logs I'll be inserting.

It took me a while to find the logs (had to switch to the old sentinel dashboard), and when I run this query:

union Operation 

This returns a failure for every log I tried to send (which responded with status 200):

TenantId: b084b5f6-a51a-4a37-b1df-ffc93acadc49
SourceSystem: OpsManager
TimeGenerated [UTC]: 2024-03-18T17:10:41.342Z
OperationStatus: Failed
Detail: Data of type mycustomlogtable was dropped: System.Runtime.Caching.CacheItem
OperationCategory: Ingestion
OperationKey: Custom log ingestion
CorrelationId: 7dd7d9de-dfa3-4062-bc87-129b310ff855
MG: 00000000-0000-0000-0000-000000000000
SourceComputerId: 00000000-0000-0000-0000-000000000000
Type: Operation

Some other errors that also appeared in this logs query (only a few, and didn't interrupt the other following requests with logs - that gotten the main error above):

Detail: Data of type mycustomlogtable was dropped: Custom log limit for workspace reached for customer - "my-id-12345678941321"

Detail: 

NOTE: All the logs have the same structure.

This is my Logic App (I can provide the code if needed, but since it will need some sanitizing I won't be posting it just yet, in case is not needed):

User's image

(In my Parsed JSON I added the TimeGenerated field properly)

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,133 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Paulo Matos 0 Reputation points
    2024-04-02T19:44:14.6866667+00:00

    Solution: This was deprecated and I had to use logs ingestion API instead.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.