This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
The capability to set the retention period per data type is now available for Log Analytics and Azure Sentinel. Setting per data type retention enables significant cost saving on retention cost.
For example, you may collect firewall logs using CEF or DNS logs, both of which are voluminous but become stale quite fast, but on the other hand, you need to keep Office 365 logs for a more extended period for compliance reasons. This is now possible as you can set the retention for CEF and DNS to 90 days, which incurs no retention cost, and the retention for Office 365 for a longer period, say 2 years.
To configure that, you will need to use ARM template, though the documentation suggests a handy tool that enables using the feature without in-depth knowledge of ARM
More info here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-cost-storage#retention-by-data-type
3rd party blog: https://cloudadministrator.net/2019/10/16/set-per-table-retention-in-log-analytics-via-arm-template/amp/
