Ingest Keycloak logs into Sentinel


Has anyone ingested keycloak logs into Azure Sentinel before, if so, how did you do it?

We currently ingest INFO and ERROR level keycloak logs into Splunk via HEC but now there is a requirement to dual feed them into Sentinel for a period and then turn off the splunk logging