Hello Dear ELKs
i was using "microsoft-sentinel-log-analytics-logstash-output-plugin" to forward the logs to azure sentinel but we switched to AMA( azure native) recently but post this switch the amount of logs doubled/tripled. I tried comparing the log count post and pre switch and its evident that the with logstash plugin we had less count and with AMA we count matching with log source.
By any chance the Logstash plugin aggregates or drops logs. I trying to find the root cause for this huge difference in logs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.