Already have an account? Sign In
In Microsoft Azure the Activity Log is a platform that provides insights into subscription level events, including auditable details of when a resource is modified or when a container is started. By configuring the required activity logs to forward to Event Hub we can then pull them into the Logit.io ELK Stack via Logstash.
In your Azure Portal browse to your Event Hub, from the dashboard you should be able to see messages arriving.
Once you have data streaming to your Azure event hub, it is recommended to create a Consumer Group specifically for Logstash and not to reuse any default or existing groups.
The Logstash input supports multiple event hubs - the connection string for each hub can be found in the Azure Portal -> Event Hub -> Shared access policies.
example connection string Endpoint=sb://<youreventhubnamespace>.servicebus.windows.net/;SharedAccessKeyName=<yoursharedaccesspolicyname>;SharedAccessKey=<yoursharedaccesskey>;EntityPath=<youreventhubname>
A blob storage account is used to preserve state across logstash reboots. The Storage account connection string can be found in the Access Keys section under the Storage Account Settings menu in the Azure Portal
example connection string DefaultEndpointsProtocol=https;AccountName=<storage-account-name>; AccountKey=<storage-account-key>; EndpointSuffix=core.windows.net
To start pulling logs and metrics from the Azure Event Hub to your Stack you need to configure an Azure Logstash Input on your Logit.io Stack.