Sentinel
Use the HTTP Sink to integrate your data with Microsoft Sentinel.
Select HTTP from the list of Data sink types and click Configuration to start.
Data sink configuration
Now you need to specify how and where to send the data, and how to establish a connection with HTTP.
Metadata
Enter the basic information for the new Data sink.
Name*
Enter a name for the new Data sink.
Description
Optionally, enter a description for the Data sink.
Tags
Add tags to easily identify your Data sink. Hit the Enter
key after you define each tag


Metrics display
Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.


Click Finish when complete. Your new Data sink will appear in the Data sinks area list.
Pipeline configuration
When it comes to using this Data sink in a Pipeline, you must configure the following output parameters. To do it, simply click the Data sink on the canvas and select Configuration.
HTTP method*
POST
URL*
{Data Collection Endpoint URI}/dataCollectionRules/{DCR Immutable ID}/streams/{Stream Name}?api-version=2023-01-01
A URL only points to one single table inside the DCR (Stream Name).
Message
Choose the field containing the message you wish to send on.
Authentication configuration
Authentication type*
Choose the OAuth2 authentication type.
OAuth URL* -
From 1.c
OAuth method* -
POST
Send body as -
From URL Encoded
OAuth token path* -
access_token
Query Key / Value pairs
grant_type
:client_credentials
client_id
: from 1.aclient_secret
: from 1.bscope
:https://monitor.azure.com/.default
Header Key / Value pair
Content-Type
:application/x-www-form-urlencoded

Last updated
Was this helpful?