![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Azure Event Hubs
An Azure real-time data ingestion service.
721 questions
@Pravendra Rajput - Thanks for the question and using MS Q&A platform.
It seems like you have followed the correct steps to stream Azure Firewall logs to Splunk via Event Hub, but you are still not able to capture the logs in Splunk. Here are some troubleshooting steps that you can try:
- Check if the Azure Firewall logs are being sent to the Event Hub. You can use the Azure Portal orcheck if the logs are being sent to the Event Hub. You can also use the Azure Event Hub Monitor tool to monitor the Event Hub and check if the logs are being received. For more details, Monitor Azure Event Hubs
- Check if the Azure AD app has the correct permissions. Make sure that the Azure AD app has the necessary permissions to access the Event Hub and read the logs. You can check the permissions in the Azure Portal .
- Check if the Splunk Add-on for Microsoft Cloud Services is configured correctly. Make sure that the add-on is configured correctly to receive the logs from the Event Hub.
- Check if the Event Hub is configured correctly. Make sure that the Event Hub is configured correctly to send the logs to the Splunk Add-on. You can check the configuration in the Azure Portal.
- Check if there are any network issues. Make sure that there are no network issues that are preventing the logs from being sent to Splunk. You can check the network configuration in the Azure Portal.
If none of the above steps work, you can share the document or steps which you have followed and along with the screenshot of monitor Azure Event Hubs for further assistance.