Use this guide to set up log forwarding from an Azure Event Hub to any Datadog site.
Setup
Azure portal
Click the button below and fill in the form on the Azure Portal. The Azure resources required to get activity logs streaming into your Datadog account are deployed for you. To forward Activity Logs, set the Send Activity Logs option to true.
After creating the necessary Azure resources, set up diagnostic settings for each log source to send Azure platform logs (including resource logs) to the created Event Hub.
Note: Resources can only stream to Event Hubs in the same Azure region.
Troubleshooting
Naming conflicts
If you have Azure resources with the same resource name as one of the default parameters, it can lead to naming conflicts. Azure does not allow resources to share resource names within an individual subscription. Datadog recommends renaming the default parameter with a unique name that does not already exist within your environment.
Note: If you are rerunning the template due to this failure, it is also advised that you remove the entire resource group to create a fresh deployment.
Unregistered resource provider
If your template deployment is failing due to the error The subscription is not registered to use namespace ‘Microsoft.EventHub’:
Azure has resource providers for each of its services, for example: Microsoft.EventHub for the Azure EventHub. If your Azure subscription is not registered to a required resource provider the script fails. You can fix this issue by registering with the resource provider. Run this command in CloudShell.
Example
az provider register --namespace Microsoft.EventHub
Exceeding log quota
Did you install the script successfully, but you are still not seeing activity/platform logs within the Logs Explorer?
Ensure that you have not exceeded your daily quota for log retention.
Note: It is advised that you take at least five minutes after the execution of the script to start looking for logs in the Logs Explorer.
Further Reading
Additional helpful documentation, links, and articles:
