Merge pull request #9364 from amsliu/v-liuamson-CI6611

New article for CI 6611.

Author: Amson Liu

support/azure/azure-monitor/activity-logs/config-export/centralized-configuration-of-activity-logs-to-event-hub.md

@@ -0,0 +1,50 @@
+---
+title: Centralized Configuration of Activity Logs to Event Hubs
+description: Provides guidance to set up Azure Activity Logs to be centrally exported to a single Event Hub.
+ms.date: 07/22/2025
+ms.reviewer: v-liuamson; v-gsitser
+ms.service: azure-monitor
+ms.custom: I can’t configure export of Activity Logs
+---
+
+# Centralized Configuration of Activity Logs to Event Hubs
+
+## Introduction
+
+This article provides guidance for setting up Azure Activity Logs to be centrally exported to a single hub in Azure Event Hubs. This setup is useful for organizations that want to streamline log management across multiple Azure subscriptions and forward logs to third-party SIEM solutions.
+
+Organizations often require a centralized approach to manage Activity Logs across numerous subscriptions. This guide discusses common challenges and considerations for configuring Azure Policies to automate streaming these logs to a specified event hub.
+
+## Instructions to configure Activity Logs
+
+1. **Create an Azure Policy for Activity Logs:**
+   - Navigate to the Azure portal, and access the **Azure Policy** service.
+   - Create a policy definition by using the JSON file that's provided in the community example. This policy should automate the enablement of activity log diagnostic settings across all subscriptions under a management group.
+
+2. **Assign the Policy to Management Group:**
+   - Assign the newly created policy to the desired management group that contains the required subscriptions.
+   - Make sure that the policy is set to send data to the specified Event Hub.
+
+3. **Configure Log Analytics Workspace:**
+   - Access **Log Analytics Workspace** in the Azure portal.
+   - Set up data export rules to forward logs from the Log Analytics Workspace to the event hub. Specify the source table as `AzureActivity` and the destination as the central event hub.
+
+4. **Verify event hub configuration:**
+   - Make sure that the event hub is configured to handle the expected log volume from all subscriptions.
+   - Review performance benchmarks and adjust the event hub tier if it's necessary to manage logs efficiently.
+
+5. **Monitor and adjust:**
+   - Regularly monitor the event hub performance and log flow.
+   - Adjust configurations as necessary to optimize performance and cost.
+
+## Common issues and solutions
+
+- **Performance concerns:** If the event hub experiences difficulty in handling the log volume, consider upgrading the tier or distributing logs across multiple hubs.
+- **Policy Limitations:** Azure Policy might require manual steps for each subscription. Make sure that all configurations are correctly applied.
+
+## Reference
+
+- [Azure Policy Assignment to Enable Activity Log on Subscription](/azure/policy-assignment-to-enable-activity-log-on-subscription)
+- [Azure Event Hubs Overview](/azure/event-hubs/event-hubs-about)
+
+If the issue persists after you follow these steps, open a support case for further assistance.

support/azure/azure-monitor/activity-logs/config-export/understanding-and-transitioning-from-legacy-to-diagnostic-settings.md

@@ -1,7 +1,7 @@
 ---
 title: Understanding and Transitioning from Legacy to Diagnostic Settings for Activity Logs
 description: Provides step-by-step instructions to transition from legacy to diagnostic settings.
-ms.date: 07/16/2025
+ms.date: 07/22/2025
 ms.reviewer: v-liuamson; v-gsitser
 ms.service: azure-monitor
 ms.custom: I can’t configure export of Activity Logs
@@ -11,9 +11,17 @@ ms.custom: I can’t configure export of Activity Logs
 
 When Azure announced the transition from legacy solutions to diagnostic settings for forwarding activity logs, users received notifications about necessary updates. This article provides guidance on how to manage this transition effectively.
 
-### Introduction
+## Introduction
 Azure is retiring the legacy solution for forwarding activity logs and replacing it with diagnostic settings. This change is automatic, but users with automation relying on the legacy API need to update their configurations. This guide will help you verify your current setup and make necessary adjustments.
 
+## Common Issues and Solutions
+
+- **Issue:** Unable to find existing log profiles.
+  - **Solution:** Ensure you are using the correct commands and have the necessary permissions to access log profiles.
+
+- **Issue:** Automation scripts fail after the transition.
+  - **Solution:** Double-check that all scripts are updated to use the new diagnostic settings API.
+
 ### Step-by-Step Instructions to Transition to Diagnostic Settings
 
 1. **Verify Existing Log Profiles**
@@ -22,24 +30,16 @@ Azure is retiring the legacy solution for forwarding activity logs and replacing
 
 2. **Update Automation Scripts**
    - If you have automation scripts using the legacy API, update them to use the diagnostic settings API by September 30, 2026.
-   - Refer to the [Azure Monitor documentation](https://learn.microsoft.com/azure/azure-monitor/platform/activity-log?tabs=powershell#managing-legacy-log-profiles---retiring) for detailed instructions.
+   - Refer to the [Azure Monitor documentation](/azure/azure-monitor/platform/activity-log?tabs=powershell#managing-legacy-log-profiles---retiring) for detailed instructions.
 
 3. **Manual Transition to Diagnostic Settings**
    - For users with legacy log profiles, manually transition to diagnostic settings by following the steps outlined in the Azure documentation.
    - Ensure all configurations are updated before the retirement date to avoid disruptions.
 
-### Common Issues and Solutions
-
-- **Issue:** Unable to find existing log profiles.
-  - **Solution:** Ensure you are using the correct commands and have the necessary permissions to access log profiles.
-
-- **Issue:** Automation scripts fail after the transition.
-  - **Solution:** Double-check that all scripts are updated to use the new diagnostic settings API.
-
-### Reference
+## Reference
 
-- [Azure Monitor Documentation](https://learn.microsoft.com/azure/azure-monitor/platform/activity-log?tabs=powershell#managing-legacy-log-profiles---retiring)
-- [Get-AzLogProfile Command](https://learn.microsoft.com/powershell/module/az.monitor/get-azlogprofile?view=azps-14.0.0)
-- [Azure CLI Log Profiles](https://learn.microsoft.com/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-list)
+- [Azure Monitor Documentation](/azure/azure-monitor/platform/activity-log?tabs=powershell#managing-legacy-log-profiles---retiring)
+- [Get-AzLogProfile Command](/powershell/module/az.monitor/get-azlogprofile?view=azps-14.0.0&preserve-view=true)
+- [Azure CLI Log Profiles](/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-list&preserve-view=true)
 
 If the issue persists after following the solution steps, please open a support case for further assistance.

support/azure/azure-monitor/toc.yml

@@ -17,6 +17,8 @@ items:
         href: activity-logs/config-export/exporting-directory-level-activity-logs-to-event-hub.md
       - name: Resolving Log Limit Issues in Azure Function Apps
         href: activity-logs/config-export/resolving-log-limit-issues-in-azure-function-apps.md
+      - name: Centralized Configuration of Activity Logs to Event Hub
+        href: activity-logs/config-export/centralized-configuration-of-activity-logs-to-event-hub.md
       - name: Troubleshoot Azure CLI Configuration Issues
         href: activity-logs/config-export/troubleshoot-azure-cli-configuration-issues.md
 - name: Application Insights