Diagnostics with Event Hub and ELK

Code Sample
07/06/2022

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

This template deploys an Elasticsearch cluster, Logstash and Kibana. Logstash is configured using an Event Hub input plugin, logstash-input-azurewadeventhub, to pull diagnostics data.

To ensure there are no conflicts deploy to a new resource group.

After the deployment completes you can view the diagnostics data in Kibana. To get the public IP for Kibana, visit the Azure Portal, navigate to the resource group used for the deployment and look for the Public IP address resource named "elasticsearch-kibana-pip". Then point your browser to "http://insert.kibana.ip.here:5601". Under Kibana configure an index pattern with name "wad".

Notes

This template uses the Elasticsearch template from: azure-quickstart-templates/elasticsearch/

It installs the Logstash input plugin for Event Hub from: logstash-input-azurewadeventhub

Tags: Microsoft.Resources/deployments, Microsoft.Network/networkSecurityGroups, Microsoft.Network/publicIPAddresses, Microsoft.Network/networkInterfaces, Microsoft.Storage/storageAccounts, Microsoft.Compute/virtualMachines, Microsoft.Compute/virtualMachines/extensions, CustomScript