Diagnostics with Event Hub and ELK
This template deploys an Elasticsearch cluster, Logstash and Kibana. Logstash is configured using an Event Hub input plugin, logstash-input-azurewadeventhub, to pull diagnostics data.
To ensure there are no conflicts deploy to a new resource group.
After the deployment completes you can view the diagnostics data in Kibana. To get the public IP for Kibana, visit the Azure Portal, navigate to the resource group used for the deployment and look for the Public IP address resource named "elasticsearch-kibana-pip". Then point your browser to "http://insert.kibana.ip.here:5601". Under Kibana configure an index pattern with name "wad".
Notes
- This template uses the Elasticsearch template from: azure-quickstart-templates/elasticsearch/
- It installs the Logstash input plugin for Event Hub from: logstash-input-azurewadeventhub
Tags: Microsoft.Resources/deployments, Microsoft.Network/networkSecurityGroups, Microsoft.Network/publicIPAddresses, Microsoft.Network/networkInterfaces, Microsoft.Storage/storageAccounts, Microsoft.Compute/virtualMachines, Microsoft.Compute/virtualMachines/extensions, CustomScript