Merge pull request #226610 from TomilolaAbiodun/patch-2

v-regandowner · web-flow · commit b3a9776b1c5e · 2023-02-08T11:24:49.000-05:00
Update how-to-monitor-with-azure-monitor.md
diff --git a/articles/purview/how-to-monitor-with-azure-monitor.md b/articles/purview/how-to-monitor-with-azure-monitor.md
@@ -18,7 +18,7 @@ Microsoft Purview admins can use Azure Monitor to track the operational state of
 
 ## Aggregated metrics
 
-The metrics can be accessed from the Azure portal for a Microsoft Purview account. Access to the metrics is controlled by the role assignment of Microsoft Purview account. Users need to be part of the "Monitoring Reader" role in Microsoft Purview to see the metrics. Check out [Monitoring Reader Role permissions](../azure-monitor/roles-permissions-security.md#built-in-monitoring-roles) to learn more about the roles access levels.
+The metrics can be accessed from the Azure portal of a Microsoft Purview account. Access to the metrics is controlled by the role assignment of Microsoft Purview account. Users need to be part of the "Monitoring Reader" role in Microsoft Purview to see the metrics. Check out [Monitoring Reader Role permissions](../azure-monitor/roles-permissions-security.md#built-in-monitoring-roles) to learn more about the roles access levels.
 
 The person who created the Microsoft Purview account automatically gets permissions to view metrics. If anyone else wants to see metrics, add them to the **Monitoring Reader** role, by following these steps:
 
@@ -67,55 +67,80 @@ The following table contains the list of metrics available to explore in the Azu
 | Scan Failed | Automated scan | Sum <br> Count | Aggregate the failed data source scans over time period |
 | Scan time taken | Automated scan | Min <br> Max <br> Sum <br> Avg | Aggregate the total time taken by scans over time period |
 
-## Sending Diagnostic Logs
+## Monitoring alerts
+
+Alerts can be accessed from the Azure portal of a Microsoft Purview account. Access to the alerts is controlled by the role assignment of Microsoft Purview account just like metrics. 
+A user can setup alert rules in their purview account to get notified when important monitoring events happen. 
+
+  :::image type="content" source="./media/how-to-monitor-with-azure-monitor/step-one-alerts-setting.png" alt-text="Screenshot showing creating an alert." lightbox="./media/how-to-monitor-with-azure-monitor/step-one-alerts-setting.png":::
+  
+The user can also create specific alert rules and conditions for signals within purview.
+
+  :::image type="content" source="./media/how-to-monitor-with-azure-monitor/step-two-alerts-setting.png" alt-text="Screenshot showing addition alerts rules and conditions to a signal." lightbox="./media/how-to-monitor-with-azure-monitor/step-two-alerts-setting.png":::
+
+## Sending diagnostic logs
 
 Raw telemetry events are sent to Azure Monitor. Events can be sent to a Log Analytics Workspace, archived to a customer storage account of choice, streamed to an event hub, or sent to a partner solution for further analysis. Exporting of logs is done via the Diagnostic settings for the Microsoft Purview account on the Azure portal.
 
 Follow these steps to create a diagnostic setting for your Microsoft Purview account and send to your preferred destination:
 
 1. Locate your Microsoft Purview account in the [Azure portal](https://portal.azure.com).
-1. In the menu under **Monitoring** select **Diagnostic settings**.
-1. Select **Add diagnostic setting** to create a new diagnostic setting to collect platform logs and metrics. For more information about these settings and logs, see [the Azure Monitor documentation.](../azure-monitor/essentials/diagnostic-settings.md).
+2. In the menu under **Monitoring** select **Diagnostic settings**.
+3. Select **Add diagnostic setting** to create a new diagnostic setting to collect platform logs and metrics. For more information about these settings and logs, see [the Azure Monitor documentation.](../azure-monitor/essentials/diagnostic-settings.md).
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/create-diagnostic-setting.png" alt-text="Screenshot showing creating diagnostic log." lightbox="./media/how-to-monitor-with-azure-monitor/create-diagnostic-setting.png":::
 
-1. You can send your logs to:
+4. You can send your logs to:
 
 - [A log analytics workspace](#destination---log-analytics-workspace)
 - [A storage account](#destination---storage-account)
+- [An event hub](#destination---event-hub)
 
 ### Destination - Log Analytics Workspace
 
 1. In the **Destination details**, select **Send to Log Analytics workspace**.
-1. Create a name for the diagnostic setting, select the applicable log category group and select the right subscription and workspace, then select save. The workspace doesn't have to be in the same region as the resource being monitored. You to create a new workspace, you can follow this article: [Create a New Log Analytics Workspace](../azure-monitor/logs/quick-create-workspace.md).
+2. Create a name for the diagnostic setting, select the applicable log category group and select the right subscription and workspace, then select save. The workspace doesn't have to be in the same region as the resource being monitored. You to create a new workspace, you can follow this article: [Create a New Log Analytics Workspace](../azure-monitor/logs/quick-create-workspace.md).
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/log-analytics-diagnostic-setting.png" alt-text="Screenshot showing assigning log analytics workspace to send event to." lightbox="./media/how-to-monitor-with-azure-monitor/log-analytics-diagnostic-setting.png":::
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/log-analytics-select-workspace-diagnostic-setting.png" alt-text="Screenshot showing saved diagnostic log event to log analytics workspace." lightbox="./media/how-to-monitor-with-azure-monitor/log-analytics-select-workspace-diagnostic-setting.png":::
 
-1. Verify the changes in your Log Analytics Workspace by performing some operations to populate data. For example, creating/updating/deleting a policy. After which you can open the **Log Analytics Workspace**, navigate to **Logs**, enter query filter as **"purviewsecuritylogs"**, then select **"Run"** to execute the query.
+3. Verify the changes in your Log Analytics Workspace by performing some operations to populate data. For example, creating/updating/deleting a policy. After which you can open the **Log Analytics Workspace**, navigate to **Logs**, enter query filter as **"purviewsecuritylogs"**, then select **"Run"** to execute the query.
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/log-analytics-view-logs-diagnostic-setting.png" alt-text="Screenshot showing log results in the Log Analytics Workspace after a query was run." lightbox="./media/how-to-monitor-with-azure-monitor/log-analytics-view-logs-diagnostic-setting.png":::
 
 ### Destination - Storage account
 
 1. In the **Destination details**, select **Archive to a storage account**.
-1. Create a diagnostic setting name, select the log category, select the destination as archive to a storage account, select the right subscription and storage account then select save. A dedicated storage account is recommended for archiving the diagnostic logs. If you need a storage account, you can follow this article: [Create a storage account](../storage/common/storage-account-create.md?tabs=azure-portal).
+2. Create a diagnostic setting name, select the log category, select the destination as archive to a storage account, select the right subscription and storage account then select save. A dedicated storage account is recommended for archiving the diagnostic logs. If you need a storage account, you can follow this article: [Create a storage account](../storage/common/storage-account-create.md?tabs=azure-portal).
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/storage-diagnostic-setting.png" alt-text="Screenshot showing assigning storage account for diagnostic log." lightbox="./media/how-to-monitor-with-azure-monitor/storage-diagnostic-setting.png":::
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/storage-select-diagnostic-setting.png" alt-text="Screenshot showing saved log events to storage account." lightbox="./media/how-to-monitor-with-azure-monitor/storage-select-diagnostic-setting.png":::
 
-1. To see logs in the **Storage Account**, perform a sample action (for example: create/update/delete a policy), then open the **Storage Account**, navigate to **Containers**, and select the container name.
+3. To see logs in the **Storage Account**, perform a sample action (for example: create/update/delete a policy), then open the **Storage Account**, navigate to **Containers**, and select the container name.
 
   :::image type="content" source="./media/how-to-monitor-with-azure-monitor/storage-two-diagnostic-setting.png" alt-text="Screenshot showing container in storage account where the diagnostic logs have been sent to." lightbox="./media/how-to-monitor-with-azure-monitor/storage-two-diagnostic-setting.png":::
 
-1. Navigate to the file and download it to see the logs.
+4. Navigate to the file and download it to see the logs.
 
    :::image type="content" source="./media/how-to-monitor-with-azure-monitor/storage-navigate-diagnostic-setting.png" alt-text="Screenshot showing folders with details of logs." lightbox="./media/how-to-monitor-with-azure-monitor/storage-navigate-diagnostic-setting.png":::
 
    :::image type="content" source="./media/how-to-monitor-with-azure-monitor/storage-select-logs-diagnostic-setting.png" alt-text="Screenshot showing details of logs." lightbox="./media/how-to-monitor-with-azure-monitor/storage-select-logs-diagnostic-setting.png":::
 
+### Destination - Event hub
+
+1. In the **Destination details**, select **Stream to an event hub**.
+2. Create a diagnostic setting name, select the log category, select the destination as stream to event hub, select the right subscription, event hubs namespace, event hub name and event hub policy name then select save. An event hub name space is required before you can stream to an event hub. If you need to create an event hub namespace, you can follow this article: [Create an event hub & event hubs namespace storage account](../event-hubs/event-hubs-create.md)
+
+  :::image type="content" source="./media/how-to-monitor-with-azure-monitor/step-four-diagnostic-setting.png" alt-text="Screenshot showing streaming to an event hub for diagnostic log." lightbox="./media/how-to-monitor-with-azure-monitor/step-four-diagnostic-setting.png":::
+
+  :::image type="content" source="./media/how-to-monitor-with-azure-monitor/step-four-one-diagnostic-setting.png" alt-text="Screenshot showing saved log events to event hub." lightbox="./media/how-to-monitor-with-azure-monitor/step-four-one-diagnostic-setting.png":::
+
+3. To see logs in the **Event Hubs Namespace**, Go to the [Azure portal](https://portal.azure.com), and search for the name of the event hubs namespace you created earlier, go the Event Hubs Namespace and click on overview. To find our more about capturing and reading captured audit events in the event hubs namespace, you can follow this article: [Audit Logs & diagnostics](../purview/tutorial-purview-audit-logs-diagnostics.md)
+
+  :::image type="content" source="./media/how-to-monitor-with-azure-monitor/step-four-one-diagnostic-setting.png" alt-text="Screenshot showing activities in the event hub." lightbox="./media/how-to-monitor-with-azure-monitor/step-four-one-diagnostic-setting.png":::
+
 ## Sample Log
 
 Here's a sample log you'd receive from a diagnostic setting.
@@ -187,6 +212,6 @@ The Sample log for an event instance is shown in the below section.
 }
 ```
 
-## Next steps
+## Next steps 
 
 [Elastic data map in Microsoft Purview](concept-elastic-data-map.md)
