Azure Monitor Logs Integration
Export Azure diagnostic logs via Event Hub to TigerOps. Monitor AKS, App Service, and Azure Functions logs with AI anomaly detection and full Azure resource metadata correlation.
How It Works
Create an Event Hub Namespace
Create an Azure Event Hub namespace in your subscription. TigerOps uses the Event Hub as the streaming destination for Azure Monitor diagnostic settings.
Configure Diagnostic Settings
Enable diagnostic settings on your Azure resources (AKS, App Service, SQL Database) to stream logs and metrics to the Event Hub. Apply Azure Policy to enforce diagnostic settings across new resources.
Deploy TigerOps Event Hub Consumer
Deploy the TigerOps Azure Function or ACI container that reads from the Event Hub consumer group and forwards log payloads to the TigerOps ingestion endpoint with automatic checkpointing.
Enrich with Azure Resource Graph
TigerOps enriches log entries with resource tags, subscription names, and resource group metadata from Azure Resource Graph, providing full organizational context for every log entry.
What You Get Out of the Box
Event Hub Streaming Integration
Real-time log delivery from Azure Monitor via Event Hub. TigerOps uses the Checkpoint Store pattern with Azure Blob Storage for fault-tolerant, exactly-once log processing at any scale.
Azure Resource Metadata Enrichment
All log entries are enriched with Azure resource metadata: subscription ID, resource group, resource type, location, and tags. Filter logs by cost center, team, or environment tags instantly.
AKS and Container Log Parsing
Parse AKS diagnostic logs including kube-apiserver, kube-controller-manager, kube-audit, and container logs. TigerOps correlates pod failures in logs with node CPU and memory metrics.
App Service and Function Monitoring
Ingest Azure App Service application logs, HTTP access logs, and Function execution logs. Track per-function invocation counts, duration p99, and failure rates from diagnostic streaming.
Azure Policy Compliance Log Ingestion
Ingest Azure Policy compliance change events and Activity Log entries into TigerOps. AI detects unusual policy violations or configuration drift across your Azure estate.
Multi-Subscription Log Aggregation
Aggregate diagnostic logs from multiple Azure subscriptions into a single TigerOps workspace using management group-level diagnostic settings and a shared Event Hub namespace.
Azure CLI: Diagnostic Settings to Event Hub
Configure Azure resource diagnostic settings to stream logs to Event Hub for TigerOps ingestion.
#!/bin/bash
# Configure Azure Monitor -> Event Hub -> TigerOps
RESOURCE_GROUP="myapp-prod"
EVENTHUB_NS="tigerops-eh-ns"
EVENTHUB_NAME="tigerops-logs"
AKS_CLUSTER_ID=$(az aks show -g $RESOURCE_GROUP -n mycluster --query id -o tsv)
# Create Event Hub namespace and hub
az eventhubs namespace create \
--name $EVENTHUB_NS \
--resource-group $RESOURCE_GROUP \
--sku Standard \
--capacity 2
az eventhubs eventhub create \
--name $EVENTHUB_NAME \
--namespace-name $EVENTHUB_NS \
--resource-group $RESOURCE_GROUP \
--message-retention 1 \
--partition-count 4
# Get Event Hub authorization rule ID
EH_RULE_ID=$(az eventhubs namespace authorization-rule show \
--name RootManageSharedAccessKey \
--namespace-name $EVENTHUB_NS \
--resource-group $RESOURCE_GROUP \
--query id -o tsv)
# Enable diagnostic settings on AKS cluster
az monitor diagnostic-settings create \
--resource $AKS_CLUSTER_ID \
--name tigerops-aks-diag \
--event-hub-rule $EH_RULE_ID \
--event-hub $EVENTHUB_NAME \
--logs '[{"category":"kube-apiserver","enabled":true},
{"category":"kube-audit","enabled":true},
{"category":"kube-controller-manager","enabled":true},
{"category":"cluster-autoscaler","enabled":true}]'
echo "Event Hub connection string:"
az eventhubs namespace authorization-rule keys list \
--name RootManageSharedAccessKey \
--namespace-name $EVENTHUB_NS \
--resource-group $RESOURCE_GROUP \
--query primaryConnectionString -o tsvCommon Questions
Which Azure diagnostic log categories does TigerOps support?
TigerOps supports all Azure Monitor diagnostic log categories including AuditLogs, SignInLogs, OperationalLogs, ApplicationGatewayAccessLog, AKSAudit, SQLSecurityAuditEvents, AppServiceHTTPLogs, and custom application logs.
How does TigerOps handle Event Hub consumer group partitioning?
TigerOps creates a dedicated consumer group in your Event Hub and uses the Checkpoint Store pattern backed by Azure Blob Storage. Multiple TigerOps consumer instances partition-balance automatically for high-throughput deployments.
Can I stream Azure Activity Logs to TigerOps?
Yes. Configure a diagnostic setting at the Subscription level to stream Activity Logs to Event Hub. TigerOps parses Azure Activity Log entries as audit events, allowing you to track all control-plane operations.
How do I apply diagnostic settings to all new Azure resources automatically?
Use Azure Policy with the "Deploy Diagnostic Settings to Event Hub" built-in policy initiative. Assign it at the management group level to automatically configure diagnostic settings on every new resource in your organization.
Does TigerOps support Entra ID (Azure AD) sign-in logs?
Yes. Configure Entra ID diagnostic settings to stream SignInLogs, AuditLogs, and NonInteractiveUserSignInLogs to Event Hub. TigerOps's AI detects anomalous login patterns, impossible travel, and MFA bypass attempts.
Unify Your Azure Logs with AI Observability
Stream all Azure diagnostic logs to TigerOps via Event Hub. Full resource metadata, AI anomaly detection, and 13-month retention.