Azure Container Activity Logs

Pull Container Activity logs from an Azure Event Hub to Logstash

Learn how to ship Azure Container activity logs into the Logit.io ELK Stack via Logstash.

Send Your Data Metrics AzureAzure Container Activity Logs Guide

Follow this step by step guide to get 'logs' from your system to Logit.io:

Step 1 - Ensure Azure Event Hub

Before you begin you will need to ensure you have an available Azure Event Hub in your Azure Portal.

We will configure your Container instance to ship activity logs directly to this Azure Event Hub.

View your Event hub

Once you have configured your Event Hub and Event Hub namespace, we need to configure the Container Activity Logs.

Step 2 - Configure Container Activity Logs

Browse to the Azure Containers on the Azure Portal and select an existing or choose to Add a new container.

Azure containers showing in Azure Portal

Select the required container and from the left menu and choose Activity Logs. You will see recent Activity logs for the selected container instance.

Select container

Step 3 - Configure Activity Log Diagnostic Settings

In order to direct the Azure Container Activity Logs to our Event Hub we need to configure the diagnostic settings.

Choose Diagnostic settings from the top menu, then choose Add diagnostic setting. Here we can specify which activity logs we want to stream to the Event Hub.

Diagnostic settings

Step 4 - Confirm Messages in Event Hub

In your Azure Portal browse to your Event Hub and confirm that messages are arriving.

You should see spikes in the graph and the incoming requests count should not be zero.

Graphs showing messages arriving to event hub

Step 5 - Configure permissions

Once you have data streaming to your Azure event hub, it is recommended to create a Consumer Group specifically for Logstash and not to reuse any default or existing groups.

The Logstash input supports multiple event hubs - the connection string for each hub can be found in the Azure Portal -> Event Hub -> Shared access policies.

example connection string
Endpoint=sb://<youreventhubnamespace>.servicebus.windows.net/;SharedAccessKeyName=<yoursharedaccesspolicyname>;SharedAccessKey=<yoursharedaccesskey>;EntityPath=<youreventhubname>

A blob storage account is used to preserve state across logstash reboots. The Storage account connection string can be found in the Access Keys section under the Storage Account Settings menu in the Azure Portal

example connection string

DefaultEndpointsProtocol=https;AccountName=<storage-account-name>;
AccountKey=<storage-account-key>;
EndpointSuffix=core.windows.net

Step 6 - Configure Logstash for Azure Event Hub

To start pulling logs and metrics from the Azure Event Hub to your Stack you need to configure an Azure Logstash Input on your Logit.io Stack.

Go to Dashboard

Logit.io will verify your input before it is applied, we will contact you to confirm when this has been completed.

Step 7 - Check Logit.io for your logs

Data should now have been sent to your Stack.

View my data

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 8 - How to diagnose no data in Stack

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.

Logging

Metrics

Observability

Features

Grafana Demo

Prometheus as a Service

ELK as a Service

Monitoring

Logging

Compliance and Auditing

Analysis

Platform-Specific Logging

CMMC Solution

Datadog Alternative

Splunk Alternative

Logz.io Alternative

New Relic Alternative

Source Integrations

Platform Status

Help Centre

Blog

Integrations

Why Logit?

Security

Consultancy

Partners

Legal