Share via

Better to have separate workspace for Azure Monitor and Sentinel?

Erik Stimpfle 21 Reputation points
2024-10-08T23:52:04.15+00:00

Hello. My organization has a log analytics workspace, and we currently have all of the data collected into one workspace. I'm wondering if we would gain any cost advantage by having a dedicated workspace for Azure monitor and the other for Sentinel. Currently, both are on the 500 gigabytes per day tier. I do notice that Azure monitor has a little less data than sentinel to the point where we could switch that to 400 gigabytes per day. My question is are we unnecessarily paying to ingest Azure Monitor data into Sentinel? Would we lower that cost by having a dedicated workspace?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,285 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,146 questions
0 comments
Accepted answer
  1. Stanislav Zhelyazkov 24,376 Reputation points MVP
    2024-10-09T06:25:31.7566667+00:00

    Hi,

    I do not see any real advantage of separating those. In fact separating those might result in higher cost due to with such daily usage you could use one of the commitment tiers which lowers the prices.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.