question

SoumyaBanerjee-9177 avatar image
0 Votes"
SoumyaBanerjee-9177 asked MarileeTurscak-MSFT answered

Archive Az Activity and Usage for 120 days

Need some suggestions

I have been able to set the archive through the powershell code as mentioned in "https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Archive-Log-Tool/ArchiveLogsTool-PowerShell/Configure-Long-Term-Retention.ps1" .

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/ingest-archive-search-and-restore-data-in-microsoft-sentinel/ba-p/3195126

However, I could not find the Azure Activity table through this. How can I setup archive for "Azure activity" and "Usage" tables ? I would also need to setup archiving for 6 months for these 2 tables.

Kindly suggest as I understand AzActivity and Usage are free for 90 days. So I would like to archive them for some more duration(4 months). What should be the best way to do this.

microsoft-sentinel
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @SoumyaBanerjee-9177,

Apologies for the delayed response!

As you suggested, you will need to archive the logs to a storage account in Azure Monitor as described in the article, Create diagnostic settings to send Azure Monitor platform logs and metrics to different destinations.

Activity logs use a different method for archiving since diagnostic settings for Activity logs are created for a subscription, not for a resource group like settings for Azure resources.

The diagnostic setting for activity logs section in this article contains a example of creating a diagnostic setting for an Activity log by adding a resource of type Microsoft.Insights/diagnosticSettings to the ARM template.

Through this method you should be able to retain the data longer.

Let me know if this helps and if you have further questions!


If this answer was helpful to you, please consider "marking as answer" so that others in the community with similar questions can more easily find a solution.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.