Hello there,
The path for your Windows Terminal settings.json file may be found in one of the following directories:
Terminal (stable / general release): %LOCALAPPDATA%\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\settings.json
Terminal (preview release): %LOCALAPPDATA%\Packages\Microsoft.WindowsTerminalPreview_8wekyb3d8bbwe\LocalState\settings.json
Terminal (unpackaged: Scoop, Chocolately, etc): %LOCALAPPDATA%\Microsoft\Windows Terminal\settings.json
The easiest way to accomplish what you're trying is to install the Azure Diagnostics Extension on the VM and configure it to output log data to an Event Hub sink.
Azure diagnostic logs can be streamed in near real-time to any application using the built-in “Export to Event Hubs” option in the Portal, or by enabling the Event Hub Authorization Rule ID in a diagnostic setting via the Azure PowerShell Cmdlets or Azure CLI.
After data is displayed in the event hub, you can access and read the data in two ways:
Configure a supported SIEM tool. To read data from the event hub, most tools require the event hub connection string and certain permissions to your Azure subscription.
This article provides a brief description of how to stream data and then lists some of the partners with whom you can send it. Some partners have special integration with Azure Monitor and might be hosted on Azure. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-stream-event-hubs
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–
an update: I wa able to receive the logs in the Splunk. so the above configuration worked. I have another question if you can help me with.
the sample public settings.json is somehow limited to the level of logs I would like to see in Splunk.
This is the json. Do you know about a guide how to specify "IIS Logs" SharePoint Logs that are in a specific directory etc?
thank you again for your help.