Microsoft Sentinel Destination

Docs > Observability Pipelines > Destinations > Microsoft Sentinel Destination

Use Observability Pipelines’ Microsoft Sentinel destination to send logs to Microsoft Sentinel.

Setup

Set up the Microsoft Sentinel destination and its environment variables when you set up a pipeline. The information below is configured in the pipelines UI.

Set up the destination

Enter the client ID for your application.
Enter the directory ID for your tenant.
Enter the name of the table to which you are sending the logs.
Enter the Data Collection Rule (DCR) immutable ID.

Set the environment variables

Data collection endpoint (DCE)
- Stored as the environment variable: DD_OP_DESTINATION_MICROSOFT_SENTINEL_DCE_URI
Client secret
- Stored as the environment variable: DD_OP_DESTINATION_MICROSOFT_SENTINEL_CLIENT_SECRET

How the destination works

Event batching

A batch of events is flushed when one of these parameters is met. See event batching for more information.

Max Events	Max Bytes	Timeout (seconds)
None	10,000,000	1