Forum Discussion
Microsoft sentinel custom parsers
Dear All, There are charges as per the Microsoft website for creating custom coloumns during parsing. Please let me know the following:- What is the charge exactly? How much i will charge ...
The change is applicable only for the data ingested.
E.g. - If you ingest 1 GB data through your syslog server to Sentinel it will have a one time cost for
1. ingestion + analysis
2. 90 days retention
Now, if you create multiple parsers (similar to views) they query the ingested data for multiple time , they are free of cost.
Hope this helps.
E.g. - If you ingest 1 GB data through your syslog server to Sentinel it will have a one time cost for
1. ingestion + analysis
2. 90 days retention
Now, if you create multiple parsers (similar to views) they query the ingested data for multiple time , they are free of cost.
Hope this helps.
AndrewBlumhardt
Microsoft
Microsoft
There is no cost for post-ingestion parsing and no change to the data. This is essentially a query or reusable function that displays the parsed data in a view.
Transformation or pre-ingestion parsing can change the data This feature is in preview and pricing information has not been announced. Data collection transformations - Azure Monitor | Microsoft Learn
