Azure Event Hubs Beat
Version 6.0.9
Microsoft Azure Event Hubs is a fully managed, real-time data ingestion service that is simple, trusted, and scalable. It allows you to build real-time big data pipelines and respond to business challenges right away. The LogRhythm Azure Event Hub connector collects activity and diagnostic logs from Azure Monitor.
Azure Event Hub Beat supports the following Resource IDs:
- microsoft.compute
- microsoft.network
- microsoft.cache
- microsoft.aadiam
- microsoft.keyvault
- microsoft.security
- microsoft.sql
- microsoft.eventhub
- microsoft.storage
- microsoft.recoveryservices
- microsoft.datalakestore
- microsoft.apimanagement
- microsoft.web
Can I use a single instance of the Event Hub Beat to connect to more than one subscription?
No. Each instance of the Event Hub Beat can only connect to one subscription. If you want to collect from multiple subscriptions, you must create an instance of the Event Hub Beat for each subscription. Each beat can point to the same Open Collector.
If I have multiple Event Hub beats, do I need multiple Open Collectors?
No. You can point multiple instances of the Event Hub Beat to a single Open Collector instance.
Can I have multiple storage accounts feed into a single subscription? Conversely, can I have one storage account with many subscriptions feed into Event Hub Beat?
No. We currently support one subscription per storage account. There is a 1:1 relationship between them. If you want to leverage multiple subscriptions or storage accounts, you must create an instance of the Event Hub Beat for each subscription or storage account.
Can I pull diagnostic logs from multiple regions into a single Event Hub on Azure?
No. Azure requires diagnostic logs to go to an Event Hub in the same region as the resource those logs are gathered from. If you have multiple regions of diagnostic logs, you must create a unique Event Hub Beat instance for each region.
