🔥 3-day streak
Microsoft Azure Solutions Architect Expert101 / 187
Question 101 of 187
A company collects verbose application and system logs from 200 Azure VMs into a single Log Analytics workspace using the Azure Monitor Agent. Compliance requires that security-relevant events be retained, but the operations team reports that ingesting all raw logs is driving costs too high. Approximately 60% of the ingested log volume is low-value debug and informational entries that are never queried. The architect must reduce ingestion cost while keeping the required security events and continuing to use the Azure Monitor Agent. What should the architect recommend?
Reviewed for accuracy · Report an issueNext question