Azure Activity Logs
Ship your Azure activity logs using an automated deployment process. At the end of this process, you'll have configured an event hub namespace, an event hub, and 2 storage blobs.
The resources set up by the automated deployment can collect data for a single Azure region.
Overview of the services you'll be setting up in your Azure accountβ
The automated deployment sets up a new Event Hub namespace and all the components you'll need to collect logs in one Azure region.
Each automated deployment sets up these resources in your Azure environment:
- 1 namespace
- 1 Azure function
- 1 event hub
- 2 blobs (1 to store logs from the Azure functions, 1 for failover storage)
Determining how many automated deployments to deployβ
You'll need an event hub in the same region as your services.
How many automated deployments you will need, depends on the number of regions involved.
You'll need at least 1 automated deployment for each region where you want to collect logs.This is because Azure requires an event hub in the same region as your services. The good news is you can stream data from multiple services to the same event hub, just as long as they are in the same region.
Configurationβ
If needed, configure an automated deploymentβ
If you already set up an automated deployment in this region, you can skip to step 2.
π Otherwise, click this button to start the automated deployment.
You'll be taken to Azure, where you'll configure the resources to be deployed. Make sure to use the settings shown below.
In the BASICS sectionβ
| Parameter | Description |
|---|---|
| Resource group | Click Create new. Give a meaningful Name, such as "logzioEventHubIntegration", and then click OK. |
| Location | Choose the same region as the Azure services that will stream data to this Event Hub. |
In the SETTINGS sectionβ
| Parameter | Description |
|---|---|
| Logs listener host | Use the listener host for your logs account region. For more information on finding your account's region, see Account region. |
| Logs account token | Use the token of the logs account you want to ship to. |
At the bottom of the page, select I agree to the terms and conditions stated above, and then click Purchase to deploy.
Deployment can take a few minutes.
(Optional) Add failsafes for shipping timeoutsβ
You can configure Azure to back up your logs to Azure Blob Storage. So if the connection to Logz.io times out or an error occurs, you'll still have a backup of any dropped data.
To do this, expand your function app's left menu, and then click Integrate.
In the top of the triggers panel, click Azure Blob Storage (outputBlob). The Azure Blob Storage output settings are displayed.
Leave Blob parameter name blank. Enter the Path for the Azure blob you're sending dropped logs to, and then click Save.
For more information on Azure Blob output binding, see Azure Blob storage bindings for Azure Functions > Output from Microsoft.
Stream data to the new event hubsβ
So far in this process, you've deployed an event hub and a function app.
Now you'll need to configure Azure to stream activity logs to the event hub you just deployed. When data comes into the event hub, the function app will forward that data to Logz.io.
In the search bar, type "Activity", and then click Activity log. This brings you to the Activity log page.
Navigate to the Diagnostics settings page (You can search for it). Choose a resource from the list of resources, and select Turn on diagnostics settings to open the Diagnostics settings panel for that resource.
- Give your diagnostic settings a Name.
- Select Stream to an event hub. Next, select Configure to open the Select event hub panel.
Choose your event hub:
- Event hub namespace: Choose the namespace that starts with LogzioNS (LogzioNS6nvkqdcci10p, for example)
- Event hub name: Choose insights-operational-logs
- Event hub policy name: Choose LogzioSharedAccessKey
- Click OK to return to Diagnostics settings.
In the log section, select the logs you want to stream, and then click Save. The selected logs will now stream to the event hub.
Check Logz.io for your logsβ
Give your logs some time to get from your system to ours, and then open Open Search Dashboards.
If everything went according to plan, you should see logs with the type eventHub in Open Search Dashboards.
If you still donβt see your logs, see log shipping troubleshooting.
Migration to Log Analytics Workspace-Based Modelβ
For users currently on the Classic Application Insights, it's essential to migrate to the Log Analytics workspace-based model. To do this:
- Navigate to your Application Insights resource that hasn't been migrated yet.
- Click on the notification that states "Classic Application Insights is deprecated."
- A "Migrate to Workspace-based" dialog will appear. Here, confirm your preferred Log Analytics Workspace and click 'Apply'.
Be aware that once you migrate to a workspace-based model, the process cannot be reversed.