I'm looking to monitor logs for several clients and I believe the best way to handle this might be to send their logs to a single Log Analytics workspace within my own tenant. However, I haven't found many resources on this topic. Can anyone confirm if this is possible? If so, what's the recommended approach? I've heard mentions of Event Hubs and Lighthouse, but I'm unsure about the specifics.
3 Answers
If you have a Microsoft representative, definitely reach out to them. They can provide resources to help with your log ingestion design. Just a heads-up: Lighthouse doesn't stream logs across tenants; it allows you to query logs across workspaces, meaning you'll need a separate Log Analytics Workspace in each tenant for this to work.
I totally agree with the idea of keeping logs in the customer tenant. Using Lighthouse lets you query those logs from your tenant instead. What made you think that moving them to your own tenant is the best solution?
I wouldn't advise sending the logs to your own tenant. Keeping the logs in each client’s tenant seems safer and more compliant with data privacy laws. Plus, it lets each client manage their own data retention settings rather than having a one-size-fits-all approach in your workspace. Cross-tenant queries in Log Analytics should be able to handle this setup just fine.
Thanks for pointing that out!