This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 32%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hi all,
I have a Log Analytics Workspace that is linked to Sentinel.
I have a lot of logs that I need to export from the Workspace into Blob Storage.
Th logs date back 30 days and it is about 400GB, it is about 500 million logs.
Please let me know what the best way is to approach this.
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello Adriaan Boshoff,
Thanks for your question.
You can leverage logic apps. See how to do so here:
Export data from a Log Analytics workspace to a storage account by using Logic Apps
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola
Thank you, this works, but we are unable to export 500 million logs we have to do it 60000 logs at a time and this logic app ran for 9 hours, so this solution will take a very long time. Do you have a workaround for this? Only 60000 logs are being exported because I believe on queries there is a limit of 500 000 rows or a limit of 64MB per file.
Hi,
You can achieve your goal through Data Export, please follow this documentation
I hope this helps!
Remember to accept the answer if it is helpful.
Thank you Carlos, this seems to only work for live data feeding into the workspace we need to do this for historical data going back 30 days. Or is there a way that you know of to do this for historical data?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
You can also set up data export from your Log Analytics workspace to Azure Data Lake Storage (ADLS Gen2). Azure Synapse Analytics provides tools to query the exported data, including T-SQL scripts, Spark code, and machine learning models. You can analyze the data using Spark for machine learning or complex analytics or use the serverless database for auditing scenarios2.
Thank you Karishma, this seems to only work for live data feeding into the workspace we need to do this for historical data going back 30 days. Or is there a way that you know of to do this for historical data?
Let me look into it and get back.