Your organization collects Azure Event Hub data for a wide range of Azure infrastructures, including custom applications. Event Hubs can process and store events, data, or telemetry produced by distributed software and devices. After Event Hub logs are collected in your Splunk deployment, you can accelerate incident investigations involving Cloud infrastructure.
Microsoft: Azure Event Hub data
- Configure the Splunk Add-on for Microsoft Cloud Services.
- Run the following search. You can optimize it by specifying an index and adjusting the time range.
sourcetype=mscs:azure:eventhub <optional keywords>
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
|sourcetype=mscs:azure:eventhub||Search only Azure Event Hub data.|
|<optional keywords>||Add keywords here, for example
You can replace <optional keywords> with any additional keywords relevant to the investigation. You could also update the source filter to return logs from a specific log group, such as the log group associated with a specific Event Hub.
You might also be interested in other processes associated with the Managing Azure cloud infrastructure use case.