Azure Activity Logs

Before you begin you will need to ensure you have an available Azure Event Hub in the Azure Portal.

You should create a diagnostic setting to send the Activity logs to this Event Hub.

Once you have configured your Event Hub we now need to confirm messages are arriving.

In your Azure Portal browse to your Event Hub, from the dashboard you should be able to see messages arriving.

Ensure there is recent activity on the graph and the incoming requests isn't zero.

Once you have data streaming to your Azure event hub, it is recommended to create a Consumer Group specifically for Logstash and not to reuse any default or existing groups.

The Logstash input supports multiple event hubs - the connection string for each hub can be found in the Azure Portal -> Event Hub -> Shared access policies.

example connection string
Endpoint=sb://<youreventhubnamespace>.servicebus.windows.net/;SharedAccessKeyName=<yoursharedaccesspolicyname>;SharedAccessKey=<yoursharedaccesskey>;EntityPath=<youreventhubname>

A blob storage account is used to preserve state across logstash reboots. The Storage account connection string can be found in the Access Keys section under the Storage Account Settings menu in the Azure Portal

example connection string

DefaultEndpointsProtocol=https;AccountName=<storage-account-name>;
AccountKey=<storage-account-key>;
EndpointSuffix=core.windows.net

To start pulling logs and metrics from the Azure Event Hub to your Stack you need to configure an Azure Logstash Input on your Logit.io Stack.

Go to Dashboard

Logit.io will verify your input before it is applied, we will contact you to confirm when this has been completed.

Now you should view your data:

View my data

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.