====== Azure Sentinel ======
  * #SIEM

====== Costs ======
  * [[https://docs.microsoft.com/en-us/azure/sentinel/azure-sentinel-billing]]

=== KQL for log volume ===

<code>
// Billable performance data over the last 30 days

Usage
| where TimeGenerated > ago(30d)
| where IsBillable == true
| summarize TotalVolumeGB = sum(Quantity) / 1024
</code>

====== Related ======
  * [[qnd:azure:kusto_query_language_kql|Kusto Query Language (KQL)]]