Skip to content

[azure logs] Document Azure logs categories routing rules #13863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 12, 2025
Merged

[azure logs] Document Azure logs categories routing rules #13863

merged 5 commits into from
May 12, 2025

Conversation

@zmoog
Copy link
Contributor

@zmoog zmoog commented May 9, 2025
edited
Loading

Proposed commit message

Add a table with all the supported log categories and the destination dataset. It also highlights that the integration indexes the unsupported log categories using the azure.platformlogs dataset.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

cd azure/packages elastic-package build && elastic-package stack up -d -v --version 8.17.0

Screenshots

CleanShot 2025-05-09 at 20 12 01@2x
@zmoog zmoog self-assigned this May 9, 2025
@zmoog zmoog added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:azure Azure Logs Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels May 9, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented May 9, 2025
edited
Loading

🚀 Benchmarks report

Package azure 👍(8) 💚(2) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
identity_protection 4166.67 3508.77 -657.9 (-15.79%) 💔

To see the full report comment with /test benchmark fullreport
@zmoog zmoog added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label May 9, 2025
@zmoog zmoog marked this pull request as ready for review May 9, 2025 10:36
@zmoog zmoog requested review from a team as code owners May 9, 2025 10:36
@elasticmachine
Copy link

elasticmachine commented May 9, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@zmoog zmoog requested a review from alaudazzi May 9, 2025 18:13
Kavindu-Dodan
Kavindu-Dodan reviewed May 9, 2025
View reviewed changes
kaiyan-sheng
kaiyan-sheng reviewed May 9, 2025
View reviewed changes
zmoog and others added 2 commits May 9, 2025 20:54
@zmoog @kaiyan-sheng
Update packages/azure/_dev/build/docs/events.md
0e376fc 
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
@zmoog
Update generated docs
2091085
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented May 9, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube
@elasticmachine
Copy link

elasticmachine commented May 9, 2025

💚 Build Succeeded

History

cc @zmoog
efd6
efd6 reviewed May 11, 2025
View reviewed changes
packages/azure/_dev/build/docs/events.md
Comment on lines +72 to +76
Use the following table to identify the target data streams for each log category. For example, if the integration receives a log event with the `NonInteractiveUserSignInLogs` category, it will infer `azure.signinlogs` as dataset, indexing the log into `logs-azure.signinlogs-default` data stream.

| Data Stream | Log Category |
| --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `logs-azure.activitylogs-*` | Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth |
Copy link
Contributor

@efd6 efd6 May 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering about the typeface agreement between the text in the description and the text in the table; in the description we have NonInteractiveUserSignInLogs, but in the table we have NonInteractiveUserSignInLogs. 99.9999% of people won't notice this, but it did confuse me.
Copy link
Contributor Author

@zmoog zmoog May 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, after I looked at the last screenshot, I had a similar thought. Your comment confirms to me that it's not something I should overlook.
efd6
efd6 approved these changes May 11, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Query about typesetting, but you can ignore it if you do not think it is important.
@zmoog zmoog merged commit c0c77f7 into elastic:main May 12, 2025
7 checks passed
@zmoog
Copy link
Contributor Author

zmoog commented May 12, 2025
edited
Loading

I merged this PR earlier than planned. I'll open another PR to align the typefaces and update the changelog.
@zmoog zmoog deleted the zmoog/docs/log-categories-routing-rules branch May 12, 2025 15:50
@zmoog zmoog mentioned this pull request May 12, 2025
Merged
5 tasks
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented May 20, 2025

Package azure - 1.23.3 containing this change is available at https://epr.elastic.co/package/azure/1.23.3/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:azure Azure Logs Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

6 participants

@zmoog @elasticmachine @Kavindu-Dodan @kaiyan-sheng @efd6 @muthu-mps