Skip to content

Commit 867ef4c

Browse files
Merge pull request #303038 from EdB-MSFT/lakeupdates-2107
fixes
2 parents 0232a0f + b39523d commit 867ef4c

File tree

5 files changed

+6
-6
lines changed

5 files changed

+6
-6
lines changed

articles/sentinel/billing-monitor-costs.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ While cost analysis in Cost Management supports most Azure account types, not al
3232

3333
For information about assigning access to Microsoft Cost Management data, see [Assign access to data](../cost-management/assign-access-acm-data.md?WT.mc_id=costmanagementcontent_docsacmhorizontal_-inproduct-learn).
3434

35-
## Manage and monitor costs for the Analytics tier
35+
## Manage and monitor costs for the analytics tier
3636
As you use Azure resources with Microsoft Sentinel, you incur costs. Azure resource usage unit costs vary by time intervals such as seconds, minutes, hours, and days, or by unit usage, like bytes and megabytes.
3737

3838
### View costs by using cost analysis

articles/sentinel/datalake/kql-jobs.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ A job is a one-time or repeatedly scheduled task that runs a KQL (Kusto Query La
2323

2424
+ Combine current and historical data in the analytics tier to run advanced analytics and machine learning models on your data.
2525

26-
+ Reduce query costs by running queries in the Analytics tier.
26+
+ Reduce query costs by running queries in the analytics tier.
2727
+ Combine data from multiple workspaces to a single workspace in the analytics tier.
2828
+ Combine Microsoft Entra ID, Microsoft 365, and Microsoft Resource Graph data in the analytics tier to run advanced analytics across data sources.
2929

articles/sentinel/datalake/kql-queries.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ ms.collection: ms-security
1616

1717
Data lake exploration in the Defender portal, provides a unified interface for analyzing your data lake, enabling you to run KQL (Kusto Query Language) queries, and create and manage jobs.
1818

19-
The **KQL queries** page under **Data lake exploration** allows you to edit and run KQL queries against data lake resources. You can create jobs to promote data from the data lake to the Analytics tier. Jobs can be run on-demand or scheduled. The **Jobs** page provides an interface to manage jobs, enabling, disabling, editing, or deleting jobs. For more information, see [Create jobs in the Microsoft Sentinel data lake (preview)](kql-jobs.md).
19+
The **KQL queries** page under **Data lake exploration** allows you to edit and run KQL queries against data lake resources. You can create jobs to promote data from the data lake to the analytics tier. Jobs can be run on-demand or scheduled. The **Jobs** page provides an interface to manage jobs, enabling, disabling, editing, or deleting jobs. For more information, see [Create jobs in the Microsoft Sentinel data lake (preview)](kql-jobs.md).
2020

2121
## Prerequisites
2222

articles/sentinel/log-plans.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ For logs containing secondary security data, use the [**Auxiliary logs**](#auxil
7272
> [!IMPORTANT]
7373
> We recommend that users consider Microsoft Sentinel data lake as the preferred solution for storing secondary and long-term data. Microsoft Sentinel data lake is designed to offer enhanced scalability, flexibility, and integration capabilities for advanced security and compliance scenarios.
7474
> For more information, see [Microsoft Sentinel data lake (Preview)](datalake/sentinel-lake-overview.md).
75-
> Microsoft Sentinel Data Lake is currently in public preview and not yet generally available. We advise users to monitor updates and announcements regarding its availability status.
75+
> Microsoft Sentinel data lake is currently in public preview and not yet generally available. We advise users to monitor updates and announcements regarding its availability status.
7676
7777

7878

@@ -107,7 +107,7 @@ When the analytics retention period ends, data goes into the **long-term retenti
107107
> [!IMPORTANT]
108108
> We recommend that users consider Microsoft Sentinel data lake as the preferred solution for storing secondary and long-term data. Microsoft Sentinel data lake is designed to offer enhanced scalability, flexibility, and integration capabilities for advanced security and compliance scenarios.
109109
> For more information, see [Microsoft Sentinel data lake (Preview)](datalake/sentinel-lake-overview.md).
110-
> Microsoft Sentinel Data Lake is currently in public preview and not yet generally available. We advise users to monitor updates and announcements regarding its availability status.
110+
> Microsoft Sentinel data lake is currently in public preview and not yet generally available. We advise users to monitor updates and announcements regarding its availability status.
111111
112112
The **Auxiliary logs** plan keeps data in the **analytics retention** state for **30 days**. In the Auxiliary plan, this state has low retention costs as compared to the Analytics plan. However, the query capabilities are limited: queries are charged per gigabyte of data scanned and are limited to a single table, and performance is significantly lower. While this data remains in the interactive retention state, you can run [summary rules](/azure/azure-monitor/logs/summary-rules) on this data to create tables of aggregate, summary data in the analytics logs plan, so that you have the full query capabilities on this aggregate data.
113113

articles/sentinel/overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ Microsoft Sentinel provides a modern data lake, designed to help security operat
6868
| Capability | Description | Get started |
6969
|-------------|------------|--------------|
7070
| Optimize costs and coverage | Manage costs and coverage with seamless data tiering and a centralized management experience. | [Log retention plans in Microsoft Sentinel](log-plans.md) |
71-
| Interactive KQL Exploration | KQL queries allow you to interactively explore and analyze data in the Microsoft Sentinel data lake. You can run ad-hoc queries, create scheduled jobs, and promote data to the Analytics tier for further analysis. The KQL query editor provides a familiar interface for security analysts to work with long-term data. | [KQL and Microsoft Sentinel data lake (overview)](datalake/kql-overview.md) |
71+
| Interactive KQL Exploration | KQL queries allow you to interactively explore and analyze data in the Microsoft Sentinel data lake. You can run ad-hoc queries, create scheduled jobs, and promote data to the analytics tier for further analysis. The KQL query editor provides a familiar interface for security analysts to work with long-term data. | [KQL and Microsoft Sentinel data lake (overview)](datalake/kql-overview.md) |
7272
| Notebooks for Exploration | Jupyter notebooks are an integral part of the Microsoft Sentinel data lake ecosystem, offering powerful tools for data analysis and visualization. The notebooks are provided by a Visual Studio Code extension that allows you to interact with the data lake using Python and Apache Spark. Notebooks enable you to perform complex data transformations, run machine learning models, and create visualizations directly within the notebook environment. | [Notebooks (overview)](datalake/notebooks-overview.md) |
7373

7474

0 commit comments

Comments
 (0)