azure Winevent logs

2022-09-13T11:27:44.9+00:00

I want get the windows event logs data from Azure VM's to ELK stack. Please let me know the procedure ?

https://www.elastic.co/guide/en/observability/7.17/monitor-azure.html

from the article is there any documentation to get the windows event logs to ELK?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,196 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AnuragSingh-MSFT 21,361 Reputation points
    2022-09-15T06:11:24.79+00:00

    Hi @Bhuvaneswari Maddi (iCORE-CIS - iCORE-CIS) ,

    Thank you for the clarifications provided above. Based on the requirement, all logs to be sent to Log Analytics workspace's Event (or any other table) could also be forwarded to another destination using Log Analytics workspace data export. To enable this, please follow the steps below:

    1. Create an Event Hub resource. Event hubs are used to stream data/logs/events. In current case, the Event data from VM would come to Log Analytics Workspace --> and also be streamed from Log Analytics Workspace through EventHubs. The ELK stack would consume the event data from event hubs.

    2. On the Log Analytics Workspace, click on Data Export under Settings

    3. Click on "+New export rule" --> Provide name and ensure that "Enable upon creation" is selected --> Select the tables of interest (Event) --> Next --> Select the Event Hub created in step 1 --> Next --> Create

    4. Use Azure Event Hubs Plugin for consuming the incoming events for use with Logstash with ELK. For help regarding this step, please see Getting Help section of the official Elastic doc here - Getting Help | Azure Event Hubs Plugin

    Please let me know if you have any questions.

    ---
    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.