Start your 14-day free trial today & Get 20% Off All Annual Managed ELK Plans

No Credit Card Required

Try Logit.io Free

Already have an account? Sign In

Send data via Azure Container Activity Logs to your Logstash instance provided by Logit.io

Azure Container Activity Logs

Pull Container Activity logs from an Azure Event Hub to Logstash

Learn how to ship Azure Container activity logs into the Logit ELK Stack via Logstash.

Step 1 - Ensure Azure Event HubCopy

Before you begin you will need to ensure you have an available Azure Event Hub in your Azure Portal.

We will configure your Container instance to ship activity logs directly to this Azure Event Hub.

Once you have configured your Event Hub and Event Hub namespace, we need to configure the Container Activity Logs.

Step 2 - Configure Container Activity LogsCopy

Browse to the Azure Containers on the Azure Portal and select an existing or choose to Add a new container.

Select the required container and from the left menu and choose Activity Logs. You will see recent Activity logs for the selected container instance.

Step 3 - Configure Activity Log Diagnostic SettingsCopy

In order to direct the Azure Container Activity Logs to our Event Hub we need to configure the diagnostic settings.

Choose Diagnostic settings from the top menu, then choose Add diagnostic setting. Here we can specify which activity logs we want to stream to the Event Hub.

Step 4 - Confirm Messages in Event HubCopy

In your Azure Portal browse to your Event Hub and confirm that messages are arriving.

You should see spikes in the graph and the incoming requests count should not be zero.

Step 5 - Configure permissionsCopy

Once you have data streaming to your Azure event hub, it is recommended to create a Consumer Group specifically for Logstash and not to reuse any default or existing groups.

The Logstash input supports multiple event hubs - the connection string for each hub can be found in the Azure Portal -> Event Hub -> Shared access policies.

example connection string
Endpoint=sb://<youreventhubnamespace>.servicebus.windows.net/;SharedAccessKeyName=<yoursharedaccesspolicyname>;SharedAccessKey=<yoursharedaccesskey>;EntityPath=<youreventhubname>

A blob storage account is used to preserve state across logstash reboots. The Storage account connection string can be found in the Access Keys section under the Storage Account Settings menu in the Azure Portal

example connection string

DefaultEndpointsProtocol=https;AccountName=<storage-account-name>;
AccountKey=<storage-account-key>;
EndpointSuffix=core.windows.net

Step 6 - Configure Logstash for Azure Event HubCopy

To start pulling logs and metrics from the Azure Event Hub to your Stack you need to configure an Azure Logstash Input on your Logit.io Stack.

Go to Dashboard

Logit.io will verify your input before it is applied, we will contact you to confirm when this has been completed.
Toggle View

Expand View

Return to Search