Basic Logs, of course, is a preview feature for Microsoft Sentinel that enables customers a cheaper, but more limited way to ingest large volume, low security value logs. If you’ve not heard of this new feature yet, check out the following recent articles to catch up:
- When to Use and When NOT to Use Basic Logs with Microsoft Sentinel
- The Basic Logs for Microsoft Sentinel KQL Limitations
Over Twitter, a great question was raised last week about how to know which tables have been configure for Basic Logs and which ones have not.
Basic Logs is in preview and still a work in progress but there is one UI method to identify logs that have been configured as Basic Logs and a couple code-based methods including the API and CLI.
However, a new way to quickly identify Basic Logs configured tables is coming and it’s also in preview. And this preview is by request only.
As shown in the image, when released, a new Tables blade will be available in the Log Analytics workspace where you can filter by the table plan.
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]