New Sentinel data ingestion reports make your life easier

Microsoft Sentinel customers have long faced the challenge of understanding exactly what data is flowing into their SIEM environment. Where is it landing? Are the ingestion patterns healthy? Are we losing data or having jumps in ingestion that will lead to a surprise bill?

Welcome to a new preview feature called Data Insights - Connector Observability. It’s designed to address that problem directly with a centralized observability dashboard for ingestion monitoring and connector visibility.

Previously, to get the data you needed scripts or manual Log Analytics queries, portal hopping, or billing analysis after the fact. But the new feature will show you:

• How much data is being ingested

• Which tier the data flows into

• Whether ingestion anomalies are occurring

• Which connectors are responsible for individual tables

• Whether ingestion gaps are impacting security coverage

What’s new?

When you click into Microsoft Sentinel → Configuration → Tables, you’ll find a new section named Table insights. There are two new items there. The first is Table ingestion fluctuations. This will show you any huge drops or spikes in your table ingestion.

There is also a graph named Top 5 tables by daily ingestion volume. That one is pretty self explanatory.

You’ll also find some new column in the section listing all the tables. These include Last data received, Avg. daily ingestion (this is a measure of volume), Est. daily ingestion (this is a cost estimate) and Volume anomaly.

Use Cases

1. 1. Detect data loss or ingestion gaps early

   1. Drift detection highlights sudden drops in ingestion volume

   2. Tier-aware visibility shows if data stopped flowing into Analytics vs. Lake

   3. Table-level breakdown pinpoints which logs/tables are impacted

2. 2. Identify abnormal spikes and cost drivers

   1. Surfaces volume spikes by table and tier

   2. Shows billable vs non-billable tables Enables correlation between volume growth and billing impact

   3. Proactively identify cost anomalies instead of reacting to billing surprises

3. 3. Prevent security blind spots

   1. Surfaces ingestion gaps early. Ensures critical tables are continuously monitored