You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/investigate-large-datasets.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.author: cwatson
11
11
12
12
One of the primary activities of a security team is to search logs for specific events. For example, you might search logs for the activities of a specific user within a given time-frame.
13
13
14
-
In Microsoft Sentinel, you can search across long time periods in extremely large datasets by using a search job. While you can run a search job on any type of log, search jobs are ideally suited to search archived logs. If need to do a full investigation on archived data, you can restore that data into the hot cache to run high performing queries and analytics.
14
+
In Microsoft Sentinel, you can search across long time periods in extremely large datasets by using a search job. While you can run a search job on any type of log, search jobs are ideally suited to search archived logs. If you need to do a full investigation on archived data, you can restore that data into the hot cache to run high performing queries and analytics.
15
15
16
16
> [!IMPORTANT]
17
17
> The search job and restore features are currently in **PREVIEW**. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -69,7 +69,7 @@ Before you start to restore an archived log table, be aware of the following lim
69
69
70
70
- Restore data for a minimum of two days.
71
71
- Restore data more than 14 days old.
72
-
- Restore up to 60TB.
72
+
- Restore up to 60 TB.
73
73
- Restore is limited to one active restore per table.
74
74
- Restore up to four archived tables per workspace per week.
75
75
- Limited to two concurrent restore jobs per workspace.
@@ -78,7 +78,7 @@ To learn more, see [Restore logs in Azure Monitor](../azure-monitor/logs/restore
78
78
79
79
## Bookmark search results or restored data rows
80
80
81
-
Similar to the [threat hunting dashboard](hunting.md#use-the-hunting-dashboard), you bookmark rows that contain information you find interesting so you can attach them to an incident or refer to them later. To learn more, see [Create bookmarks](hunting.md#create-bookmarks).
81
+
Similar to the [threat hunting dashboard](hunting.md#use-the-hunting-dashboard), bookmark rows that contain information you find interesting so you can attach them to an incident or refer to them later. For more information, see [Create bookmarks](hunting.md#create-bookmarks).
0 commit comments