event hub activity log

Maayan Dugma 20 Reputation points

the action of creating or delete a table in storage account doesn't show log in activity log monitor,
what can be the reason?

Azure Table Storage
Azure Table Storage
An Azure service that stores structured NoSQL data in the cloud.
162 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,821 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Amrinder Singh 3,795 Reputation points Microsoft Employee

    Hi Maayan Dugma - Thanks for reaching out.

    Can you please confirm the flow in here? Have you created a diagnostic setting for the Table service on the storage account with destination as that of Event Hub?

    If yes, can you also try configuring the Diagnostic setting with LA workspace and then perform the similar operation to see if you are able to track via that mechanism?

    Also, the activity logs are mainly for management plane operations however you are referring to the data plane one. Can you please confirm how are you performing the operation? Via Portal, CLI or any PS cmdlets?

  2. Nehruji R 3,726 Reputation points Microsoft Vendor

    Hello Maayan Dugma,

    Greetings! Welcome to Microsoft Q&A Platform.

    When you create or delete a table in a storage account, the corresponding activity log entries might not appear in the Azure Monitor activity log directly and you need to enable diagnostic settings for activity logs to send the logs to either EventHub or Storage account. The diagnostic setting specifies where the logs should be stored (e.g., Azure Storage or Event Hubs).

    Depending on your choice of destination, the diagnostic logging information will be stored in either Azure Storage or Event Hubs.

    If you use Azure Storage, the information is stored in containers named insights-logs-operationlogs and insights-metrics-pt1m.

    If you use Azure Event Hubs, the information is stored in Event Hubs instances with the same names (insights-logs-operationlogs and insights-metrics-pt1m).

    You can also select an existing Event Hub (except for the one you’re configuring) as the destination for diagnostic settings. Remember to configure the diagnostic settings appropriately, and you should start seeing the relevant activity log entries for table creation and deletion in Azure Monitor.

    To enable diagnostic logs for Activity logs : Go to any resource -> Click on Activity Log Tab on left pane -> Click on Export Activity Logs -> Click on "Add Diagnostic Settings" link -> Enter the diagnostic name , Select the Logs , choose the log analytic workspace where you want to query your data. For more information, check this document.

    Azure Event Hubs generates monitoring data using Azure Monitor, which is a full-stack monitoring service in Azure. It provides features to monitor your Azure resources, including Event Hubs. The monitoring data collected by Azure Event Hubs includes platform metrics and the activity log.

    • Platform metrics and the activity log are automatically collected and stored, but they can also be routed to other locations using diagnostic settings.
    • Resource logs (including activity logs) are not collected and stored until you create a diagnostic setting and route them to specific locations.

    When creating a diagnostic setting, you specify which categories of logs to collect. For Azure Event Hubs, the relevant categories are listed in the Azure Event Hubs monitoring data reference.

    Note that Azure Monitor doesn’t include dimensions in the exported metrics data sent to destinations like Azure Storage, Azure Event Hubs, or Log Analytics.

    refer - https://learn.microsoft.com/en-us/azure/storage/tables/monitor-table-storage?tabs=azure-portal#azure-table-storage-diagnostic-settings, https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-capture-overview, https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema for more details.

    Hope this answer helps!  Please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.