Use Observability Pipelines’ Microsoft Sentinel destination to send logs to Microsoft Sentinel.

Setup

Set up the Microsoft Sentinel destination and its environment variables when you set up a pipeline. The information below is configured in the pipelines UI.

Set up the destination

1. Enter the client ID for your application.
2. Enter the directory ID for your tenant.
3. Enter the name of the table to which you are sending the logs.
4. Enter the Data Collection Rule (DCR) immutable ID.

Set the environment variables

• Data collection endpoint (DCE)
  • Stored as the environment variable: DD_OP_DESTINATION_MICROSOFT_SENTINEL_DCE_URI
• Client secret
  • Stored as the environment variable: DD_OP_DESTINATION_MICROSOFT_SENTINEL_CLIENT_SECRET

How the destination works

Event batching

A batch of events is flushed when one of these parameters is met. See event batching for more information.