-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Figure out how to collect any Azure logs using the generic event hub integration #74
Comments
PrerequisitesApplicationSearch for a Diagnostic Settings that exports Azure Application insights logs. For this test, I will use an application insight app (or component) named Event HubWe need a new event hub to collect all the logs for this application.
|
ConfigurationSet up the Diagnostic SettingsUsing the application
Generate some logsUse the application connected to the application insights resource to get some test logs. In this example, I am sending a few requests to the HTTP endpoint, and here are a few logs: Check the Event Hub for exported logsIf I go back to the event hub "insightslogs", the charts start reporting some data: |
Collect the logsSet up the agent
Set up the integration using the "insightslogs" event hub and the other options. See https://docs.elastic.co/integrations/azure#setup to learn more. In this first iteration:
Explore the logsAssign the agent policy to an agent and start exploring the logs. Open Analytics > Discover and then filter documents using |
Explore the logsBasic parsingWith the current configuration, the integration collects the applications insights logs as string in the Next StepsAt this point, we have two options:
Enable the "Parse azure message"This is a quick option to start using the logs. Go back to the agent policy and flip the "Parse azure message" switch: Here is an example document with parsing enabled: Add a custom pipeline and mappingThe document parsing is great, but there are downsides:
Conclusions"Parse azure message" is a great option, but I recommend considering building custom pipelines and mappings to take complete control. |
I want to collect Azure Application insights logs using the Elastic Agent.
Unfortunately, at the time of this writing, there isn't a specialized integration to collect such logs. But we can leverage the generic Event Hub integration to collect Azure Application insights logs and any other log exported using a Diagnostic Settings.
The text was updated successfully, but these errors were encountered: