Hi @Bhuvaneswari Maddi (iCORE-CIS - iCORE-CIS) ,
Thank you for the clarifications provided above. Based on the requirement, all logs to be sent to Log Analytics workspace's Event (or any other table) could also be forwarded to another destination using Log Analytics workspace data export. To enable this, please follow the steps below:
1. Create an Event Hub resource. Event hubs are used to stream data/logs/events. In current case, the Event data from VM would come to Log Analytics Workspace --> and also be streamed from Log Analytics Workspace through EventHubs. The ELK stack would consume the event data from event hubs.
2. On the Log Analytics Workspace, click on Data Export under Settings
3. Click on "+New export rule" --> Provide name and ensure that "Enable upon creation" is selected --> Select the tables of interest (Event) --> Next --> Select the Event Hub created in step 1 --> Next --> Create
4. Use Azure Event Hubs Plugin for consuming the incoming events for use with Logstash with ELK. For help regarding this step, please see Getting Help section of the official Elastic doc here - Getting Help | Azure Event Hubs Plugin
Please let me know if you have any questions.
---
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.