Menu
Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Monitor infrastructurebreadcrumb arrow Cloud Provider Observabilitybreadcrumb arrow Azurebreadcrumb arrow Collect Azure Logs with Azure Functions
Grafana Cloud

Collect Azure Logs with Azure Functions

Complete the following steps to configure the azure_eventhub_to_loki Azure Function to send your resource and activity log messages to Grafana Cloud. Enabling to generate alerts and visualize issues in your workloads on Azure.

Before you begin

To complete the configuration successfully, you need:

  • Target endpoint URL: The correct endpoint for your Grafana Cloud instance
  • Loki User: The numeric value of the User

To obtain these items, perform the following steps.

  1. Navigate to your Grafana Cloud portal.
  2. Select your Grafana Cloud stack.
  3. Locate the Loki tile, and click Details.
  4. Copy and save the values in the URL field (which is the target endpoint) and in the User field for use in future steps.

Configure Grafana Cloud Authentication

Successfully sending logs from the Azure Function requires an access policy with an associated token. This allows Grafana Cloud to:

  • Authenticate the request
  • Ensure the request is authorized to write logs to the account

Complete the following to create an access policy and generate a token:

  1. At your Grafana Cloud stack, from the main menu under SECURITY, click Access Policies.
  2. Click Create access policy.
  3. In the Display name box, create a display name to appear in the access policies list.
  4. In the Realms box, select the first option your_org_name (all stacks).
  5. In the Scopes section, for logs select Write to allow logs to write to your account.
  6. Click Create to create the access policy.
  7. In the access policy you just created, click Add token to create a token for the Azure Function.
  8. Enter a name for the token, and click Create.
  9. Click Copy to clipboard, and save the new token. In a future step, you replace ‘<logs_write_token>’ with this token.

Configure Azure

You can deploy the [azure_eventhub_to_loki] Function to an existing Azure resource group by using the Azure ARM template available in the repository.

The ARM template provisions,

  1. An Azure Event Hub to receive resource and activity log messages

  2. An Azure Storage Account for the Function app

  3. An Azure Function App to read the messages from the Event Hub, and deliver them to Grafana Cloud

Create deployment with Azure CLI

  1. Log in to your Azure account.

    shell 
    az login

  2. Set the Azure CLI to the subscription for the deployment.

shell 
az account set --subscription <subscription_id>
  1. Optionally, create a resource group for the deployment.
shell 
az group create --name <resource_group_name> --location <azure_location>
  1. Apply the ARM Template.
shell 
az deployment group create --resource-group <resource_group_name> --name <deployment_name> \
--template-uri https://raw.githubusercontent.com/grafana/azure_eventhub_to_loki/refs/tags/0.0.5/azdeploy.json \
--parameters packageUri=https://github.com/grafana/azure_eventhub_to_loki/releases/download/0.0.5/logexport.0.0.5.zip \
--parameters lokiEndpoint='<Target_endpoint_URL>' \
--parameters lokiUsername='<Loki_User>' \
--parameters lokiPassword='<logs_write_token>'

Create deployment with Terraform

Terraform can also consume the ARM template by using this snippet.

hcl 
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.0.0"
    }
  }
}

provider "azurerm" {
  features {
  }
}

data "http" "template" {
  url = "https://raw.githubusercontent.com/grafana/azure_eventhub_to_loki/refs/tags/0.0.5/azdeploy.json"

  lifecycle {
    postcondition {
      condition     = self.status_code == 200
      error_message = "Unsuccessful status code attempting to download template"
    }
  }
}

resource "azurerm_resource_group" "logexport" {
  name     = "<resource_group_name>"
  location = "<azure_location>"
}

resource "azurerm_resource_group_template_deployment" "logexport" {
  name                = "${azurerm_resource_group.logexport.name}-deploy"
  resource_group_name = azurerm_resource_group.logexport.name
  deployment_mode     = "Complete"
  template_content    = data.http.template.response_body

  parameters_content = jsonencode({
    "lokiEndpoint" = {
      value = "<Target_endpoint_URL>"
    }
    "lokiUsername" = {
      value = "<Loki_User>"
    }
    "lokiPassword" = {
      value = "<logs_write_token>"
    }
    "packageUri" = {
      value = "https://github.com/grafana/azure_eventhub_to_loki/releases/download/0.0.5/logexport.0.0.5.zip"
    }
  })
}

Configure your resources to route logs to Event Hub

To set up a diagnostic settings configuration for one or more resources that route logs to the newly created Event Hub, complete the following steps in the Azure portal.

  1. Navigate to Azure Monitor.
  2. Under Settings, click Diagnostic settings.
  3. Click the resource you would like to obtain logs from.
  4. Click + Add diagnostic setting to add a new diagnostic setting.
  5. Under Logs / Categories, select any options for logs you would like.
  6. Under Destination details, select Stream to an event hub as the destination, choose the event hub namespace,and the event hub name you created in the previous section.
  7. Click Save to save your diagnostic setting. Your resource begins sending logs to the specified event hub.

View your logs

Navigate to the Azure Logs view in Cloud Provider Observability to see your logs.

  1. Open your Grafana Instance.
  2. Click Cloud Provider in the main navigation.
  3. Click Azure.
  4. Click the Logs tab.

Any logs sent to the Event Hub appear here with minimal delay.