Filter logs and metrics using Azure Resource Management template

Follow

Alexey Martson

• November 26, 2020 07:40

So, I successfully configured the export of logs and metrics from azure to sumo following this instruction (https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Azure_Blob_Storage).

Due to the fact that this template sends all data and in Sumo I exceed the data limit per day - there is a need to filter the data that coming from azure.

So, I tried to modify one of the features that comes with the ARM template. You can see it on screenshot below.

I did get rid of some data, but for some reason it caused a very large growth of data in sumo.

 

How i need to filter out of logs and metrics by message contains?

0

• Official comment

  

  Rahul Choudhary

  • December 03, 2020 10:44

  Hi Alexey,

  You can perform this by creating Exclude Processing Rule. This will help you to not ingest any data that matches a specific pattern.
  
  The documentation for this can be found at:

  https://help.sumologic.com/Manage/Collection/Processing-Rules/Include-and-Exclude-Rules

  Regards,
  Rahul

  Comment actions Permalink

Please sign in to leave a comment.