Event Hub: Microsoft Azure Resource Manager (ARM)
Azure Event Hubs can ingest large volumes of data from various sources, such as applications, devices, and sensors. For monitoring purposes, you can configure your systems or applications to send relevant monitoring data as events to an Event Hub.
Coralogix provides seamless integration with Azure cloud, allowing you to send your logs from anywhere and parse them according to your needs. The Event Hub integration supports JSON objects, JSON arrays, JSON strings, and plain text logs, and uses the OpenTelemetry (OTLP) protocol log ingestion. Deploy the integration using the ARM template below.
Prerequisites
- Azure account with an active subscription
Azure resource manager template deployment
Sign into your Azure account and deploy the Event Hub integration by clicking here.
Fields
| Field | Description |
|---|---|
| Subscription | Azure subscription within which you wish to deploy the integration. Must be the same as the monitored Event Hub namespace |
| Resource Group | Resource group in which you wish to deploy the integration |
| Coralogix Region | Region associated with your Coralogix domain |
| Custom URL | Custom URL associated with your Coralogix account. Ignore if you do not have a custom URL. |
| Coralogix Private Key | Coralogix Send-Your-Data API key |
| Coralogix Application | Mandatory metadata field sent with each log and helps to classify it |
| Coralogix Subsystem | Mandatory metadata field sent with each log and helps to classify it |
| Coralogix Application Selector | Optional. Dynamic application name selector. Supports template syntax {{$.field}} for JSON logs or regex syntax /pattern/ for plain text. Supports fallback expressions with \|\| (e.g., {{$.category \|\| $.metricName}}). Falls back to static Coralogix Application when selector doesn't match. |
| Coralogix Subsystem Selector | Optional. Dynamic subsystem name selector. Supports template syntax {{$.field}} for JSON logs or regex syntax /pattern/ for plain text. Supports fallback expressions with \|\| (e.g., {{$.operationName \|\| $.ApiName}}). Falls back to static Coralogix Subsystem when selector doesn't match. |
| Event Hub Resource Group | Name of the resource group that contains the Event Hub |
| Event Hub Namespace | Name of the Event Hub namespace |
| Event Hub Instance Name | Name of the Event Hub instance to be monitored |
| Event Hub Shared Access Policy Name | Name of the shared access policy of the Event Hub namespace |
| Event Hub Consumer Group | Optional. Name of the Event Hub Consumer Group. Defaults to $Default if not specified. |
| Function App Service Plan Type | Type of service plan to use for the integration. Consumption is cheapest with support for 'public' Event Hubs. Use Premium if you need to use VNet to configure access to restricted Event Hubs. |
| Function App Name | Optional. Custom name for the Azure Function to be used in Coralogix logs. Defaults to coralogix-eventhub-func-{uniqueId} if not specified. |
| Newline Pattern | Optional. Regex pattern to split multi-line text logs into separate entries. Example: \n to split on newlines. Leave empty to treat text as a single log entry. |
| Blocking Pattern | Optional. Regex pattern to filter/block logs. Logs matching this pattern will not be sent to Coralogix. Example: healthcheck\|heartbeat to filter health check logs, or secret to block logs containing sensitive data. |
Optional configuration options
If your Event Hub has restricted access, review this optional configuration documentation to learn about VNet support options.
Pricing
Azure's Basic Plan may include additional fees. Find out more here.
Learn more
| Github | Event Hub Documentation |
| Terraform | Terraform Modules for Microsoft Azure Event Hub |
| Microsoft Azure Functions Manual Integrations | Blob Storage Queue Storage |