Introduction
If your logs are currently stored in Azure, OpsRamp can use Microsoft Azure Resource Manager (ARM) to forward them. OpsRamp achieves this through an Azure EventHub template.
To start streaming your platform logs to OpsRamp, you need to create an Azure Event Hub instance. Follow below steps to stream Azure activity logs into OpsRamp:
Create a resource group
A resource group is a logical collection of Azure resources. All resources are deployed and managed in a resource group. To create a resource group:
- Sign in to the Azure portal.
- In the search bar, look for Resource groups and click Create.
- Choose the Azure subscription where you want to create the resource group.
- Enter a unique name for the resource group. Azure immediately verifies if the name is available within the selected subscription.
- Select a region for the resource group where Azure resources will be deployed.
- Click Review + Create.The Review + Create page is displayed.
- Verify the details and click Create to finalize the creation of the resource group.
You need to create the Event Hubs namespace and an Event Hub within Azure:
Create an eventhub namespace
An Event Hubs namespace acts as a container where you can create multiple event hubs. Follow below steps to create a namespace using the Azure portal:
- In the Azure portal, use the search bar to find Event Hubs and select Create.
- On the Create namespace page, perform below steps:
Choose the Azure subscription in which the resource group was created.
Select the resource group you created in Create a resource group.
Enter a unique name for the namespace. The system checks for name availability.
Choose the location (Azure region) for the namespace.
Select Basic as the pricing tier. Refer to Azure documentation for tier differences.
Leave the throughput units or processing units settings as default (if applicable).
Click Review + Create at the bottom of the page.The Review + Create page is displayed.
Review your settings and click Create to initiate deployment and wait for the deployment to complete.
Once deployment is finished, click Go to resource to access the namespace details.
Create an eventhub
Navigate to the Event Hubs Namespace page and select Event Hubs from the left menu.
Click + Event Hub at the top of the window.
Enter a name for your Event Hub.
Click Create.
- The partition count setting enables parallel consumption across multiple consumers. For details, refer to information on partitions.
- Specify the message retention setting to determine how long the Event Hubs service will retain data. For more information, review details on event retention. You can check the status of the event hub creation in alerts. Once completed, the Event Hub will appear in the list.
Configure settings to stream logs
Stream Activity logs
- Use the search bar in the Azure portal to find Activity Logs".
- Click Create.
- Click Export Activity Logs.
- Click Add Diagnostic Settings.
- Provide a name for your setting if it has not been named already.
- For logs, choose either a category group or select individual checkboxes for each category of data you want to send to the Event Hub.
- Select Stream to an Event Hub.
- Choose the subscription where you have created the Resource Group.
- Select the Event Hub Namespace you created in Create an eventhub namespace.
- Choose the Event Hub created in Create an eventhub.
- (Optional) Define an Event Hub policy to specify the permissions for the streaming mechanism. For further details, refer to Event Hubs features.
- Click Save.
Stream Azure log analytics
To stream Azure Log Analytics data to OpsRamp through Event Hub using the Data Export functionality in the Azure portal, follow below steps:
- Navigate to your Azure Log Analytics workspace menu, go to Settings, and select Data Export.
- Click New export rule at the top of the pane.
- In the Basics tab, provide a name for your export rule.
- In the Source tab, select the specific tables or data sources from Azure Log Analytics that you want to export to Event Hub.
- In the Destination tab, configure the destination type as Event Hub. Choose the Event Hub Namespace and Event Hub Name where you want to send the logs.
- Click Create to finalize and save your export rule.
Create a function app
To effectively manage the execution of your functions, you need a function app, which organizes functions into a cohesive unit for streamlined management, deployment, scaling, and resource allocation.
Follow below steps to create a function app in Azure:
- From the Azure portal menu or Home page, select Create a resource.
- In the New page, navigate to Compute > Function App.
- On the Basics page, configure the function app settings as follows:
- Subscription: Choose the subscription where you want to create the function app.
- Resource Group: Select the name of the resource group created earlier.
- Function App Name: Provide a globally unique name for your function app.
- Publish: Choose Code as OpsRamp recommends.
- Runtime stack: For the runtime stack selection, select a runtime that supports your preferred programming language. In-portal editing capabilities are limited to JavaScript, PowerShell, TypeScript, and C# script. Functions developed using C# class library, Java, and Python languages require local development. The recommended choice is PowerShell.
- Version: Select the runtime version (e.g., 7.0 as suggested by OpsRamp).
- Region: Choose a region close to your location or other services your functions interact with.
- Operating System: The operating system is preselected based on your runtime stack (OpsRamp suggests Windows).
- Click Review + create to confirm your app configuration selections.
- On the Review + createpage, review your settings, then click “Create” to provision and deploy the function app.
- Select the Notifications icon in the upper-right corner of the portal and watch for the Deployment succeeded message.
Create a function in the function app
Navigate to the Function App created in Create a function app, select Functions.
Click Create.
Choose the Azure Event Hub trigger template.
Provide a name for your function if it has not been named already.
Configure Event Hub Connection:
- Click New under Event Hub Connection, select Event Hub, then choose Event Hub namespace, Event Hub name, and Event Hub policy name from the dropdown menus.
Enter the Event Hub Name created in Create an eventhub.
(Optional) Set the consumer group used to subscribe to events in the hub. If omitted, the $Default consumer group is used.
Navigate to the function you created, click Code + Test.
Replace the PowerShell script with the script provided below:
param($eventHubMessages, $TriggerMetadata) $bodyJSON = ($eventHubMessages | ConvertTo-JSON -AsArray -Depth 10 -EscapeHandling EscapeNonAscii -Compress) try { $request = Invoke-WebRequest -Uri "" -Method "POST" -ContentType "application/json" -Body $bodyJSON } catch { }
Click Save.
Supported labels
When integrating Azure logs with OpsRamp, the following labels can be used to categorize and manage your log data effectively:
Activity logs
- eventCategory
- resourceId
- tenantId
- level
- operationName
- subscriptionId
Log Analytics workspaces
- resourceId
- level
- operationName
- subscriptionId
- tableName