Contact Us

The Data Collector API Is Going Away: How to Migrate Your Azure Monitor Logs

The Data Collector API Is Going Away: How to Migrate Your Azure Monitor Logs

If you run anything on Azure Monitor, you may have recently received an email like this:

Data Collector API will be retired on 14 September 2026 – transition to DCR-based custom log ingestion.

On 14 September 2026, we’ll retire the Data Collector API for ingesting custom logs to Azure Monitor logs. Before that date, you’ll need to transition to the Data Collection Rules based log ingestion API… While existing integrations may continue to function, support for the Data Collector API will be limited beyond this date.

It’s easy to skim past. But if your application ships its logs to a Log Analytics Workspace through a custom table, this one is about you. Here’s what it means and what to do about it.

Why This Is Happening

For years, the Data Collector API was the easiest way to get application logs into Azure Monitor. You POSTed some JSON to a Microsoft endpoint, authenticated with a shared workspace key, and your data showed up in a custom table with a _CL suffix. Done.

Easy, but not great. The shared key was a long-lived password sitting in your config. The table schema was inferred on the fly, so you had little control over it. And you couldn’t filter or reshape anything on the way in. Whatever you sent is what landed.

The newer Logs Ingestion API fixes all three. It authenticates with Entra ID tokens instead of a shared key, lets you define the table schema yourself, and can filter and transform records as they come in. It’s a better design, and as of next September it’s the only one Microsoft supports.

Does This Affect You?

It depends on how your logs reach the workspace today.

If you only use Azure Monitor for platform logs (Container Insights, AKS, VM diagnostics), you’re fine. Those already run on the modern Data Collection Rules pipeline. Nothing to do.

If you have an application writing to a custom _CL table, you’re in scope. And there’s one very common way teams got there.

The Serilog Case

Take a typical .NET service. It uses Serilog for structured logging, and somewhere in its config there’s a sink pointed at a Log Analytics Workspace, usually the old Serilog.Sinks.AzureAnalytics package. Every log line flows through Serilog, gets batched, and is POSTed into a custom table that your dashboards and queries read from.

That sink only speaks one protocol: the Data Collector API that’s being retired. The package isn’t actively maintained anymore, and the transport it relies on loses support on 14 September 2026. Your logs might keep flowing for a while after that, but with no guarantees and no one to call when they stop.

If that’s your setup, you have a decision to make. There are two good ways forward.

Option 1: Keep Serilog, Replace the Plumbing

You can keep everything about how your logs look today (the same Serilog pipeline, the same custom table, the same dashboards) and only swap out the transport underneath. This is the change-as-little-as-possible path.

The problem is there’s no ready-made Serilog sink for the new Logs Ingestion API. So “as little as possible” still means building and owning several pieces:

  • A custom Serilog sink. You write the C# that batches events, gets Entra ID tokens, handles throttling and retries, and serializes each event into the shape the new API expects.
  • A Data Collection Endpoint (DCE). A managed Azure resource that gives you an authenticated ingestion URL. Microsoft hosts it; you just create it.
  • A Data Collection Rule (DCR). This is where the work happens. It declares the incoming schema, optionally transforms each record, and routes the result into your table.
  • A custom table plus the schema mappings. This is the part that trips people up. The mapping lives in two places that have to stay in sync: your sink’s JSON and the DCR’s stream declaration. Change a column in one and forget the other, and rows just vanish at ingestion with no error.

The payoff is that your historical data, queries, and dashboards keep working untouched. The cost is that you now own a hand-written sink and a few pieces of Azure infrastructure, indefinitely, so that you don’t have to change your logs.

Option 2: Move to Application Insights and Stop Maintaining Plumbing

The other path asks a more basic question: why are we hand-building a logging transport at all?

For new .NET work, Microsoft points you to the Azure Monitor OpenTelemetry Distro exporting to a workspace-based Application Insights resource. You drop Serilog’s Azure sink, add the distro, point it at a connection string, and you’re done. It authenticates with your existing workload identity. No DCE to create, no DCR to keep in sync, no custom sink to maintain. Microsoft owns the whole ingestion path and the schema.

You also come out ahead. Because it’s OpenTelemetry, the same pipeline that carries your logs also carries traces, metrics, and dependency calls. You can follow a request’s full timeline, catch an N+1 query, and tie a log line back to the exact operation that produced it. The Serilog-only setup never gave you that.

The catch: your logs move from a custom _CL table into Application Insights’ standard tables (AppTraces, AppExceptions, and the rest). That’s a schema change, so you’ll rewrite the queries and dashboards built on the old shape. You pay that once, and in return you delete a pile of code and infrastructure you’d otherwise maintain forever.

Which One to Pick

If you’re heavily invested in custom-table dashboards and have to keep that exact schema, Option 1 leaves everything in place. Just go in knowing you’re signing up to own a sink and three Azure resources.

For most teams, Option 2 is the better long-term call. Less code, less infrastructure, and a path Microsoft is actively investing in, plus a real step up in observability. You take a one-time dashboard rewrite and end up with less to maintain than you have now.

Either way, the date is 14 September 2026, and the one option that isn’t on the table is doing nothing. Need help moving off the Data Collector API, or getting more out of Azure Monitor in general? Trailhead can help you pick the right path. Contact us to find out more.

Picture of Piotr Kolodziej

Piotr Kolodziej
Born and raised in Poland, Piotr did his first programming on Atari 800XL. He covered his first dial-up modem with a duve, so his mom wouldn’t hear it and freak over the internet bills. He graduated with a degree in Telecommunication and Business Application Programming. Piotr is a certified .NET and Azure Developer, and is passionate about excellent software architecture.
Read more posts by Piotr Kolodziej

Free Consultation

Sign up for a FREE consultation with one of Trailhead's experts.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Related Blog Posts

We hope you’ve found this to be helpful and are walking away with some new, useful insights. If you want to learn more, here are a couple of related articles that others also usually find to be interesting:

Ditching SaaS Platforms With AI

June 16, 2026

Microsoft CEO Satya Nadella was widely misquoted as saying SaaS is dead in his BG2 Podcast interview. What he was really saying is that AI is moving the build-versus-buy line—and this year we crossed it twice.

Read More

Our Gear Is Packed and We're Excited to Explore With You

Ready to come with us? 

Together, we can map your company’s software journey and start down the right trails. If you’re set to take the first step, simply fill out our contact form. We’ll be in touch quickly – and you’ll have a partner who is ready to help your company take the next step on its software journey. 

We can’t wait to hear from you! 

Main Contact

This field is for validation purposes and should be left unchanged.

Together, we can map your company’s tech journey and start down the trails. If you’re set to take the first step, simply fill out the form below. We’ll be in touch – and you’ll have a partner who cares about you and your company. 

We can’t wait to hear from you! 

Montage Portal

Montage Furniture Services provides furniture protection plans and claims processing services to a wide selection of furniture retailers and consumers.

Project Background

Montage was looking to build a new web portal for both Retailers and Consumers, which would integrate with Dynamics CRM and other legacy systems. The portal needed to be multi tenant and support branding and configuration for different Retailers. Trailhead architected the new Montage Platform, including the Portal and all of it’s back end integrations, did the UI/UX and then delivered the new system, along with enhancements to DevOps and processes.

Logistics

We’ve logged countless miles exploring the tech world. In doing so, we gained the experience that enables us to deliver your unique software and systems architecture needs. Our team of seasoned tech vets can provide you with:

Custom App and Software Development

We collaborate with you throughout the entire process because your customized tech should fit your needs, not just those of other clients.

Cloud and Mobile Applications

The modern world demands versatile technology, and this is exactly what your mobile and cloud-based apps will give you.

User Experience and Interface (UX/UI) Design

We want your end users to have optimal experiences with tech that is highly intuitive and responsive.

DevOps

This combination of Agile software development and IT operations provides you with high-quality software at reduced cost, time, and risk.

Trailhead stepped into a challenging project – building our new web architecture and redeveloping our portals at the same time the business was migrating from a legacy system to our new CRM solution. They were able to not only significantly improve our web development architecture but our development and deployment processes as well as the functionality and performance of our portals. The feedback from customers has been overwhelmingly positive. Trailhead has proven themselves to be a valuable partner.

– BOB DOERKSEN, Vice President of Technology Services
at Montage Furniture Services

Technologies Used

When you hit the trails, it is essential to bring appropriate gear. The same holds true for your digital technology needs. That’s why Trailhead builds custom solutions on trusted platforms like .NET, Angular, React, and Xamarin.

Expertise

We partner with businesses who need intuitive custom software, responsive mobile applications, and advanced cloud technologies. And our extensive experience in the tech field allows us to help you map out the right path for all your digital technology needs.

  • Project Management
  • Architecture
  • Web App Development
  • Cloud Development
  • DevOps
  • Process Improvements
  • Legacy System Integration
  • UI Design
  • Manual QA
  • Back end/API/Database development

We partner with businesses who need intuitive custom software, responsive mobile applications, and advanced cloud technologies. And our extensive experience in the tech field allows us to help you map out the right path for all your digital technology needs.

Our Gear Is Packed and We're Excited to Explore with You

Ready to come with us? 

Together, we can map your company’s tech journey and start down the trails. If you’re set to take the first step, simply fill out the contact form. We’ll be in touch – and you’ll have a partner who cares about you and your company. 

We can’t wait to hear from you! 

Thank you for reaching out.

You’ll be getting an email from our team shortly. If you need immediate assistance, please call (616) 371-1037.