Share via

Looking to Stream logs from Intune to Splunk using Event Hub

Cliff 0 Reputation points
2023-08-08T13:30:12.2733333+00:00

Hi there,

I'm looking to stream data from Intune to Splunk. Based on the information that I've found, streaming to an Event hub is the simple option to use.

I've created the namespace and set the diagnostic settings within Intune to stream to the Event Hub but it shows there are 0 Messages coming through on the Event Hub side. If anyone has an ideas, I'd be grateful.

Maybe Event Hub isn't the best way to go? New to this configuration.

Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
708 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,570 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA 90,601 Reputation points
    2023-08-09T05:41:33.07+00:00

    @Cliff - Thanks for the question and using MS Q&A platform.

    It seems like you are trying to stream data from Intune to Splunk using Event Hub, but you are facing some issues with the configuration. I can definitely help you with that.

    Event Hub is a good option to use for streaming data from Intune to Splunk. However, there could be several reasons why you are not seeing any messages coming through on the Event Hub side. Here are a few things you can check:

    Make sure that the diagnostic settings in Intune are configured correctly. Double-check the settings to ensure that you have selected the correct log categories and that the destination is set to stream to an Event Hub.

    Check if the Event Hub namespace is configured correctlly. Make sure that you have created the Event Hub namespace and that it is associated with the correct subscription.

    Verify that the Event Hub policy name is correct. Make sure that you have created the policy name and that it has the correct permissions to send messages to the Event Hub.

    If you have checked all of the above and are still not seeing any messages coming through, you can try enabling diagnostic logs in Intune and checking the logs to see if there are any errors or issues. You can also try using a different destination, such as Log Analytics, to see if you are able to stream data successfully.

    For more details, refer to Send log data to storage, event hubs, or log analytics in Intune.

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.