How do we go about Ingesting custom log analytics logs to Azure Sentinel?

Garrath Leeds 21 Reputation points

Can we redirect custom logs to the workspace used by Azure Sentinel, or do these need to be formatted before doing so?


Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,057 questions
0 comments No comments
{count} votes

Accepted answer
  1. VipulSparsh-MSFT 16,251 Reputation points Microsoft Employee

    @Garrath Leeds Thanks for reaching out.

    Yes, you can definitely ingest custom logs in Sentinel.

    1) Use the Log analytics workspace to ingest custom logs.
    It is a 6 step process where you define the custom logs , add a sample log and add log collection path with certain properties like this :


    Read more here :

    2) Use Azure Monitor HTTP data collector API

    You can use the HTTP Data Collector API to send log data to a Log Analytics workspace in Azure Monitor from any client that can call a REST API.
    You format your data to send to the HTTP Data Collector API as multiple records in JavaScript Object Notation (JSON).
    Read more here :

    If you feel your data is suitable for any of the above methods, you can check for few alternatives here :


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful