Versions Compared

Version Old Version 26 New Version 29
Changes made by

Laszlo Frazer

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Azure Event Hub collector brings gets data to Devofrom:

  • Azure Monitor, which includes auditing, metrics, and logs of all Azure cloud computing services.

  • Entra ID, which includes authentication and role threats.

  • Any other kind of string data, which can be sent using a simple script.

...

  1. In Azure Portal, search for Entra ID.

    image-20250206-182248.png

  2. Click App registrations in the left menu and click new registration

    image-20250206-182408.png

  3. Register the application

  4. Search for the Event Hubs service and click on it. 

    image-20250206-195245.png

  5. Click Create.

    image-20250206-195421.png

  6. Select the subscription and resource group corresponding to the resources that must be monitored.

  7. Enter a name.

  8. In the Location field, select the region containing the resources that must be monitored.

  9. To capture Blob or Data Lake, see How Event Hubs Capture is charged to select a tier. Otherwise, select the cheapest tier and one throughput unit. If you need more resources, they can be added later.

    image-20250206-200043.png

  10. Select “Review+Create,” then “Create.”

  11. Return to Event Hubs and open the namespace created in the previous steps.

    image-20250206-200452.png

  12. Select Access control (IAM) in the left menu, click Add, and click Add Access Role Assignment.

    image-20250206-211925.png

  13. Search for the Azure Event Hubs Data Receiver role and select it and then click Next.

    image-20250206-212040.png

  14. Click Select members and search for the previously created App registration.

  15. Select the Application by clicking its name.

  16. Once the application is already listed as a selected member, click Select.

    image-20250206-214343.png

  17. Click Review + Assign.

  18. In the namespace, Create a shared access policy for sending data to the event hub.

    image-20250211-222119.png

  19. Create a second shared access policy for listening to the event hub.

    image-20250211-222210.png

  20. Open the listen policy and copy the primary connection string.

    image-20250211-222044.png

  21. Return to the event hub and check the list of consumer groups. The Devo collector must have a dedicated consumer group. Devo recommends using the $Default consumer group for the collector without allowing other entities to use the event hub. If the consumer group is shared with other entities, data will be lost.

    image-20250224-213601.pngImage Added

Send Data

  • Enable Monitor to get audit, reliability, metrics, and Microsoft recommendation data.

  • Enable Entra ID to get authentication data.

  • Use an SDK to send data from your custom applications.

  • Use HTTPs.

...

Code Block
{
  "inputs": {
    "azure_event_hub": {
      "enabled": true,
      "id": "<UNIQUE VALUE>",
      "services": {
        "event_hubs": {
          "queues": {
            "<REGION>": {
              "consumer_group": "$Default",
              "event_hub_connection_string": "<CONNECTION STRING>",
              "event_hub_name": "<EVENT HUB>",
              "namespace": "<NAMESPACE OF EVENT HUB>"
            }
          }
        }
      }
    }
  }
}

For each event hub, the consumer group should only be used by one collector. If the consumer group is shared with other entities, data will be lost. To check if your collector has been enabled successfully, validate it.

...

Create an inactivity alert to detect interruptions of transfer of data from the source to the SQS queue event hub using the query

Code Block
from cloud.azure
where toktains(hostchain,"collector-") 
select split(hostchain,"-",1) as collector_id

...