How to agentlessly upload logs to a default table in a log analytics workspace?

Question

I have built a system that creates a log analytics workspace and uploads logs to a custom table by following these Microsoft tutorials:

1. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-api?tabs=dcr
2. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-code?tabs=python

However, these tutorials upload logs to a custom table. Instead, I need to upload logs to one of the predefined tables in log analytics workspace. For example, let's say I want to upload logs to the SecurityEvent table. The goal is to upload sample data to a log analytics workspace and view the data in Microsoft Sentinel.

I assume I need to modify the data collection rule to forward logs to the SecurityEvent table, however, I haven't seen any documentation or examples online anywhere and haven't been successful when modifying it manually. I tried to make a Microsoft- type outputStream, but had no luck.

Is it possible to upload logs to a predefined table, like SecurityEvent? If so, then how?

Answer 1

Hi,

It is not possible to upload data to built-in tables, only to custom ones. If you have custom table nothing stops you from viewing the data in Microsoft Sentinel. All the data in Log Analytics is available for Microsoft Sentinel to use. You can visualize it via Azure Workbooks for example.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.