Forum Discussion
Issue with log collection from Microsoft XDR to Azure storage
Hello, We are currently facing an issue with collecting logs from Microsoft XDR and forwarding them to Azure Storage. We are aware of below two methods for forwarding logs from Microsoft XDR to Azur...
Hi, using Forward events to Azure Storage creates multiple containers, while Forward events to Azure Event Hub results in a single container but stores the logs in Avro format. One potential solution is to implement an Azure Function that converts the logs from Avro to JSON in real time, ensuring a single container with the desired format.
Have you considered this approach?
