Can I use data collection rule to reduce log data traffic ?

Question

I want to reduce log data traffic volume from on-premise servers.
Can I use data collection rule to reduce log data traffic with Azure Monitor Agent and Azure Arc ?
I want to know that log filters are applied ether agent side or Azure side.

Answer 1

Hi,
Using data collection rules you are basically using Azure Monitor Agent. Azure Monitor agent can be installed side by side with Log Analytics agent without problem. If you do data collection rule association to a Azure Arc server the Azure Monitor agent will be installed automatically and start sending data. For on-premises servers (Azure Arc) you can reduce logs in several ways:

• Performance counters. If you create different data collection rules that are associated to different Azure Arc servers. For example, one data collection rule can contain some performance counters for Networks and second one will not contain those. That way you can gather Network performance counters only for those servers that you want. You will have to remove the settings from the Log Analytics workspace on performance counters data collection as those apply to any server (Azure or non-Azure) onboarded to your workspace. Another scenario is for example if for one set of servers you want the data collection frequency to be higher and for another lower.
• Windows Event logs - Same story as performance counters. When you configure windows event logs from the Log Analytics workspace setting those logs apply to all servers (Azure and non-Azure) onboarded to the workspace. With data collection rules you can have different rules that gather different set of events. You can also gather specific event IDs for example instead of gathering all events in a specific event log.
• Syslog - basically the same scenarios like for Windows Event logs but for Syslogs on Linux machines.

More information.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.