You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/azure/azure-monitor/activity-logs/config-export/export-directory-level-activity-logs-to-event-hubs.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Export Directory-Level Activity Logs to Event Hubs
3
3
description: Provides guidance for exporting directory-level activity logs to Event Hubs by using Azure management group-level diagnostic settings.
4
-
ms.date: 07/28/2025
4
+
ms.date: 08/04/2025
5
5
ms.reviewer: v-liuamson; v-gsitser; v-sisidhu
6
6
ms.service: azure-monitor
7
7
ms.custom: I can’t configure export of Activity Logs
@@ -16,7 +16,7 @@ You can export directory-level activity logs to an event hub through an API call
16
16
## Common issues and solutions
17
17
18
18
-**Issue:** Logs don't appear in Event Hubs.
19
-
-**Solution:** Double-check the event hub configuration to make sure that the correct namespace and key ID are used.
19
+
-**Solution:** Double-check the event hub configuration to make sure that the correct namespace is used.
20
20
21
21
-**Issue:** Permission errors occur when making diagnostic settings.
22
22
-**Solution:** Make sure that you have the necessary permissions to create or update diagnostic settings in Azure.
@@ -29,7 +29,7 @@ You can export directory-level activity logs to an event hub through an API call
29
29
30
30
3. Select **Add diagnostic setting**, and select the resource that you want to export logs for.
31
31
32
-
4. Under **Destination details**, select **Event Hub**, and then provide the required **Event Hub namespace** and **Event Hub name** values. Make sure that the **Event Hub key ID** value is entered correctly.
32
+
4. Under **Destination details**, select **Event Hubs**, and then provide the required **Event Hubs namespace** and **Event Hubs name** values.
33
33
34
34
5. Select **Save** to apply the settings. Check the event hub for incoming data to verify that the logs are exported.
Copy file name to clipboardExpand all lines: support/azure/azure-monitor/activity-logs/config-export/push-subscription-activity-logs-to-sentinel.md
+16-14Lines changed: 16 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,19 +1,19 @@
1
1
---
2
-
title: Push Subscription Activity Logs to Sentinel
2
+
title: Troubleshoot Pushing Subscription Level Activity Logs to Sentinel
3
3
description: Provides detailed instructions for pushing subscription activity logs to Sentinel.
4
-
ms.date: 07/28/2025
4
+
ms.date: 08/04/2025
5
5
ms.reviewer: v-liuamson; v-gsitser; v-sisidhu
6
6
ms.service: azure-monitor
7
7
ms.custom: I can’t configure export of Activity Logs
8
8
---
9
9
10
-
# Push subscription Activity Logs to Sentinel
10
+
# Troubleshoot pushing subscription level Activity Logs to Sentinel
11
11
12
12
This article provides guidance for how to push subscription activity logs to Microsoft Sentinel by using Microsoft Azure Diagnostic Settings. This process is essential to monitor and analyze activity logs effectively.
13
13
14
14
Users might encounter challenges when they try to push subscription activity logs to Sentinel. This guide outlines the steps to configure Azure Diagnostic Settings to achieve seamless data transfer to Sentinel.
15
15
16
-
###Common issues and solutions
16
+
## Common issues and solutions
17
17
18
18
-**Issue**: Logs aren't appearing in Sentinel.
19
19
-**Solution**: Make sure that the correct Log Analytics workspace is selected and that the diagnostic settings are correctly configured.
@@ -22,27 +22,29 @@ Users might encounter challenges when they try to push subscription activity log
22
22
23
23
1. Navigate to the Azure portal.
24
24
25
-
2. Open Diagnostic Settings:
25
+
1. Open Diagnostic Settings:
26
26
1. Go to the **Azure Monitor** section.
27
27
1. On the menu, select **Diagnostic Settings**.
28
28
29
-
3.**Configure Diagnostic Settings**:
30
-
1. Select the resource that you want to configure the logs for.
31
-
1. Select **Add Diagnostic Setting**.
32
-
1.Name your setting, and select the logs that you want to send to Sentinel.
29
+
1.**Configure Diagnostic Settings**:
30
+
1. Select the resource that you want to verify the logs for.
31
+
1. Select **Edit Diagnostic Setting**.
32
+
1.Review the diagnostic settings are set correctly.
33
33
34
-
4.**Select Log Analytics workspace**:
35
-
1. Under **Destination details**, select **Send to Log Analytics**.
36
-
1.Select the appropriate Log Analytics workspace that you want to send the logs to.
34
+
1.**Select Log Analytics workspace**:
35
+
1. Under **Destination details**, select **Log Analytics**.
36
+
1.Verify the correct Log Analytics workspace is selected.
37
37
38
-
5. Review your settings, and select **Save** to apply the changes.
38
+
1. Review your settings, and select **Save** to apply the changes.
39
39
40
-
6. To verify the data transfer, run the following query in your Log Analytics workspace:
40
+
1. To verify the data transfer, run the following query in your Log Analytics workspace:
41
41
42
42
```plaintext
43
43
AzureActivity | where SubscriptionId contains "<YourSubscriptionId>"
44
44
```
45
45
46
+
1. Validate your [connector settings](/azure/sentinel/connect-services-diagnostic-setting-based#prerequisites).
47
+
46
48
## References
47
49
48
50
-[Azure Sentinel data connectors reference](/azure/sentinel/data-connectors-reference)
0 commit comments