![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Microsoft 365 Defender | Other | Other
An integrated threat protection solution designed to detect, investigate, and respond to cyber threats across Microsoft 365 services.
Hi Foram,
I'm Maj, an Independent Advisor. Thanks for getting in touch with the Microsoft Community. Let's work on this together.
If you want to segregate your logs in the Log Analytics workspace, you’ll want to create custom tables for each data source. This allows you to organize and query logs more efficiently. You can achieve this by setting up data collection rules or using Azure Monitor’s data ingestion features to route specific logs into these custom tables. Once the custom tables are created, configure your data sources or queries to direct logs accordingly. This approach keeps your workspace clean and improves log management.
To help you better, could you share how your current logs are ingested? Are you using agents, diagnostic settings or something else? Also, do you want this segregation to happen in real-time or as a scheduled process?