How to Send VM Connection Logs of both Windows and Linux to EventHub

Question

The Task is to send the VM ConnectionLogs to the eventhub is there anyway to do it . Documentations referred: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-stream-event-hubs. Already tried using this method by explicitly setting the sink as Eventhub in Configuration but the data is not reaching the eventhub.

Answer 1

Hi @V, Gukan Thanks for posting your query on Microsoft Q&A.

Were you able to follow the validating configuration and Troubleshoot Event Hubs sinks steps to get more information on what could be the issue behind data not reaching the EventHub?

Validating configuration You can use a variety of methods to validate that data is being sent to the event hub. One straightforward method is to use Event Hubs capture as described in Capture events through Azure Event Hubs in Azure Blob Storage or Azure Data Lake Storage.

Troubleshoot Event Hubs sinks

• Look at the Azure Storage table WADDiagnosticInfrastructureLogsTable which contains logs and errors for Azure Diagnostics itself. One option is to use a tool such as Azure Storage Explorer to connect to this storage account, view this table, and add a query for TimeStamp in the last 24 hours. You can use the tool to export a .csv file and open it in an application such as Microsoft Excel. Excel makes it easy to search for calling-card strings, such as EventHubs, to see what error is reported.
• Check that your event hub is successfully provisioned. All connection info in the PrivateConfig section of the configuration must match the values of your resource as seen in the portal. Make sure that you have a SAS policy defined (SendRule in the example) in the portal and that Send permission is granted.

See Use Linux Diagnostic extension to monitor metrics and logs for details on Linux VMs.

Please check on each of these and let me know the results/error details in the comments so that I can further investigate.