Azure Monitor Sink Node
Quick Reference
Tenant ID
Azure Active Directory tenant ID.
ex: a1b2c3d4-e5f6-7890-abcd-ef1234567890
DCE Endpoint
The Data Collection Endpoint (DCE) URL.
ex: https://my-dce-xxxx.eastus-1.ingest.monitor.azure.com
DCR Immutable ID
The immutable ID of the Data Collection Rule (DCR) that defines the target table and schema.
ex: dcr-abc123
Stream Name
The name of the stream in the DCR to ingest into.
ex: Custom-MyTable_CL
Use Credentials Azure Service Principal credential (client ID and secret) used to obtain an Entra ID token for ingestion.
Time Generated Field
The field in each record that represents the record timestamp sent to Azure Monitor.
ex: TimeGenerated
Batch Size
Number of records sent per ingestion request.
ex: 500
Overview
The Azure Monitor Sink node forwards pipeline records to Azure Monitor Logs via the Azure Monitor Ingestion API (Data Collection Endpoint). It authenticates using an Azure Service Principal and routes records into a custom log table defined by a Data Collection Rule, making it suitable for centralising pipeline output in Azure Monitor or Microsoft Sentinel.
Configuration
| Field | Description | Required | Default |
|---|---|---|---|
| Tenant ID | Azure Active Directory tenant ID used when obtaining an Entra ID access token. | Yes | — |
| DCE Endpoint | The Data Collection Endpoint (DCE) URL that receives the ingested data. | Yes | — |
| DCR Immutable ID | The immutable ID of the Data Collection Rule (DCR) that specifies the target table and expected schema. | Yes | — |
| Stream Name | The name of the stream within the DCR to ingest records into. | Yes | — |
| Use Credentials | Select or create an Azure Service Principal credential (client ID and secret) used to obtain an Entra ID token for ingestion. | Yes | — |
| Time Generated Field | The field in each record that represents the record timestamp forwarded to Azure Monitor. | No | TimeGenerated |
| Batch Size | Number of records bundled into a single ingestion API request. | No | 500 |
Related Nodes
- Azure Monitor Source: Query Azure Monitor Log Analytics using KQL and emit each result row as an record
- Splunk HEC Sink: Forward pipeline records to Splunk via the HTTP Record Collector