Logging output from any Azure Event Hub logs
Your organization collects Azure Event Hub data for a wide range of Azure infrastructures, including custom applications. Event Hubs can process and store events, data, or telemetry produced by distributed software and devices. After Event Hub logs are collected in your Splunk deployment, you can accelerate incident investigations involving Cloud infrastructure.
Data required
Microsoft: Azure Event Hub data
Procedure
- Configure the Splunk Add-on for Microsoft Cloud Services.
- Run the following search. You can optimize it by specifying an index and adjusting the time range.
sourcetype=mscs:azure:eventhub <optional keywords>
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
Splunk Search | Explanation |
---|---|
sourcetype=mscs:azure:eventhub | Search only Azure Event Hub data. |
<optional keywords> | Add keywords here, for example (error OR fail*) |
Next steps
You can replace <optional keywords> with any additional keywords relevant to the investigation. You could also update the source filter to return logs from a specific log group, such as the log group associated with a specific Event Hub.
You might also be interested in other processes associated with the Managing Azure cloud infrastructure use case.