Solution that acts as an intermediate hub for "no internet connected" endpoints or incompliant endpoints, where you will be sending data using Azure Pipeline/Log Ingestion API
Video of "log-hub" solution (2 min)
Learn more about AzLogDcrPS powershell module
ClientInspector - cool solution using AzLogDcrIngestPS module
Instead of sending to DCE/Azure Pipeline, server sends JSON-file to specific UNC-path (LogHubPath).
Data-format contains the following fields
Files are sent to teporary loghub path and kept there for max 10 sec.
On the Log-hub server, there is a job, which is scanning the LogHubPath for new files (every 10 sec) It will process the files and send it to the correct DCE – with DCR information – and if succesfully, delete the file.
You need to adjust the variable-section according to the settings you have in for example ClientInspector.
Please note these 2 settings are specific for the log hub
$LogHubUploadPath = "\\<servername>\logupload$\INBOUND"
$LogHubPsModulePath = "\\<servername>\logupload$\MODULES"
All settings
$TenantId = ""
$LogIngestAppId = ""
$LogIngestAppSecret = ""
$DceName = ""
$LogAnalyticsWorkspaceResourceId = ""
$AzDcrResourceGroup = ""
$AzDcrPrefix = ""
$AzDcrSetLogIngestApiAppPermissionsDcrLevel = $false
$AzDcrLogIngestServicePrincipalObjectId = ""
$AzLogDcrTableCreateFromReferenceMachine = @()
$AzLogDcrTableCreateFromAnyMachine = $false
$LogHubUploadPath = "\\<servername>\logupload$\INBOUND"
$LogHubPsModulePath = "\\<servername>\logupload$\MODULES"