diff --git a/packages/azure_app_service/_dev/build/docs/README.md b/packages/azure_app_service/_dev/build/docs/README.md index 5f4faf73f05..b93c4e0be19 100644 --- a/packages/azure_app_service/_dev/build/docs/README.md +++ b/packages/azure_app_service/_dev/build/docs/README.md @@ -16,44 +16,13 @@ This integration currently collects one data stream: - App Service Logs -## Requirements - -### Credentials - -`eventhub` : -_string_ -Is the fully managed, real-time data ingestion service. - -`consumer_group` : -_string_ -The publish/subscribe mechanism of Event Hubs is enabled through consumer groups. A consumer group is a view (state, position, or offset) of an entire event hub. Consumer groups enable multiple consuming applications to each have a separate view of the event stream, and to read the stream independently at their own pace and with their own offsets. -Default value: `$Default` - -`connection_string` : -_string_ -The connection string required to communicate with Event Hubs, steps here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string. - -A Blob Storage account is required in order to store/retrieve/update the offset or state of the eventhub messages. This means that after stopping the filebeat azure module it can start back up at the spot that it stopped processing messages. - -`storage_account` : -_string_ -The name of the storage account the state/offsets will be stored and updated. - -`storage_account_key` : -_string_ -The storage account key, this key will be used to authorize access to data in your storage account. - -`resource_manager_endpoint` : -_string_ -Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment. -Ex: -https://management.chinacloudapi.cn/ for azure ChinaCloud -https://management.microsoftazure.de/ for azure GermanCloud -https://management.azure.com/ for azure PublicCloud -https://management.usgovcloudapi.net/ for azure USGovernmentCloud -Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints. +## Requirements and setup +Refer to the [Azure Logs](https://docs.elastic.co/integrations/azure) page for more information on how to set up and use this integration. ## App Service Logs +Collects different types of logs from Azure App Service via Event Hub. + +{{event "app_service_logs"}} **ECS Field Reference** diff --git a/packages/azure_app_service/changelog.yml b/packages/azure_app_service/changelog.yml index c86bd765be6..780e188dbdd 100644 --- a/packages/azure_app_service/changelog.yml +++ b/packages/azure_app_service/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update readme + type: enhancement + link: https://github.com/elastic/integrations/pull/15784 - version: "0.8.0" changes: - description: Add dashboard for log categories Application Logs, Audit Logs, Console Logs, HTTP Logs, IPsec Audit Logs and Platform Logs. diff --git a/packages/azure_app_service/data_stream/app_service_logs/sample_event.json b/packages/azure_app_service/data_stream/app_service_logs/sample_event.json new file mode 100644 index 00000000000..694d1c79c54 --- /dev/null +++ b/packages/azure_app_service/data_stream/app_service_logs/sample_event.json @@ -0,0 +1,49 @@ +{ + "agent": { + "name": "EPGETBIW05AD", + "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d", + "ephemeral_id": "65e0aae6-d877-4830-b9f0-10b0ccd39bb9", + "type": "filebeat", + "version": "8.18.3" + }, + "@timestamp": "2025-10-28T09:39:57.805Z", + "ecs": { + "version": "8.11.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "azure_app_service.app_service_logs" + }, + "elastic_agent": { + "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d", + "version": "8.18.3", + "snapshot": false + }, + "event": { + "agent_id_status": "verified", + "ingested": "2025-10-28T09:40:37Z", + "dataset": "azure_app_service.app_service_logs" + }, + "tags": [ + "azure-appservice", + "forwarded" + ], + "azure": { + "resource": { + "id": "/SUBSCRIPTIONS/12CABCB4-86E8-404F-A3D2-1DC9982F45CA/RESOURCEGROUPS/IMERLISHVILI-TEST/PROVIDERS/MICROSOFT.WEB/SITES/LEMON-FLOWER-AF075F43C47545E6B4248C46905E5188" + }, + "app_service": { + "result_description": "169.254.129.1 - - [28/Oct/2025:09:39:57 +0000] \"GET /static/favicon.ico HTTP/1.1\" 200 0 \"https://lemon-flower-af075f43c47545e6b4248c46905e5188.azurewebsites.net/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36\"", + "level": "Informational", + "event_stamp_name": "waws-prod-fra-033", + "operation_name": "Microsoft.Web/sites/log", + "event_ip_address": "10.30.0.225", + "event_primary_stamp_name": "waws-prod-fra-033", + "event_stamp_type": "Stamp", + "host": "10-30-0-225", + "category": "AppServiceConsoleLogs", + "container_id": "a9ea19c60625_lemon-flower-af075f43c47545e6b4248c46905e5188" + } + } +} \ No newline at end of file diff --git a/packages/azure_app_service/docs/README.md b/packages/azure_app_service/docs/README.md index 6b4dbf2790e..0f7f286a935 100644 --- a/packages/azure_app_service/docs/README.md +++ b/packages/azure_app_service/docs/README.md @@ -16,44 +16,65 @@ This integration currently collects one data stream: - App Service Logs -## Requirements - -### Credentials - -`eventhub` : -_string_ -Is the fully managed, real-time data ingestion service. - -`consumer_group` : -_string_ -The publish/subscribe mechanism of Event Hubs is enabled through consumer groups. A consumer group is a view (state, position, or offset) of an entire event hub. Consumer groups enable multiple consuming applications to each have a separate view of the event stream, and to read the stream independently at their own pace and with their own offsets. -Default value: `$Default` - -`connection_string` : -_string_ -The connection string required to communicate with Event Hubs, steps here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string. - -A Blob Storage account is required in order to store/retrieve/update the offset or state of the eventhub messages. This means that after stopping the filebeat azure module it can start back up at the spot that it stopped processing messages. - -`storage_account` : -_string_ -The name of the storage account the state/offsets will be stored and updated. - -`storage_account_key` : -_string_ -The storage account key, this key will be used to authorize access to data in your storage account. - -`resource_manager_endpoint` : -_string_ -Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment. -Ex: -https://management.chinacloudapi.cn/ for azure ChinaCloud -https://management.microsoftazure.de/ for azure GermanCloud -https://management.azure.com/ for azure PublicCloud -https://management.usgovcloudapi.net/ for azure USGovernmentCloud -Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints. +## Requirements and setup +Refer to the [Azure Logs](https://docs.elastic.co/integrations/azure) page for more information on how to set up and use this integration. ## App Service Logs +Collects different types of logs from Azure App Service via Event Hub. + +An example event for `app_service` looks as following: + +```json +{ + "agent": { + "name": "EPGETBIW05AD", + "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d", + "ephemeral_id": "65e0aae6-d877-4830-b9f0-10b0ccd39bb9", + "type": "filebeat", + "version": "8.18.3" + }, + "@timestamp": "2025-10-28T09:39:57.805Z", + "ecs": { + "version": "8.11.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "azure_app_service.app_service_logs" + }, + "elastic_agent": { + "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d", + "version": "8.18.3", + "snapshot": false + }, + "event": { + "agent_id_status": "verified", + "ingested": "2025-10-28T09:40:37Z", + "dataset": "azure_app_service.app_service_logs" + }, + "tags": [ + "azure-appservice", + "forwarded" + ], + "azure": { + "resource": { + "id": "/SUBSCRIPTIONS/12CABCB4-86E8-404F-A3D2-1DC9982F45CA/RESOURCEGROUPS/IMERLISHVILI-TEST/PROVIDERS/MICROSOFT.WEB/SITES/LEMON-FLOWER-AF075F43C47545E6B4248C46905E5188" + }, + "app_service": { + "result_description": "169.254.129.1 - - [28/Oct/2025:09:39:57 +0000] \"GET /static/favicon.ico HTTP/1.1\" 200 0 \"https://lemon-flower-af075f43c47545e6b4248c46905e5188.azurewebsites.net/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36\"", + "level": "Informational", + "event_stamp_name": "waws-prod-fra-033", + "operation_name": "Microsoft.Web/sites/log", + "event_ip_address": "10.30.0.225", + "event_primary_stamp_name": "waws-prod-fra-033", + "event_stamp_type": "Stamp", + "host": "10-30-0-225", + "category": "AppServiceConsoleLogs", + "container_id": "a9ea19c60625_lemon-flower-af075f43c47545e6b4248c46905e5188" + } + } +} +``` **ECS Field Reference** diff --git a/packages/azure_app_service/manifest.yml b/packages/azure_app_service/manifest.yml index 677e907b085..1772483ffe6 100644 --- a/packages/azure_app_service/manifest.yml +++ b/packages/azure_app_service/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: azure_app_service title: "Azure App Service" -version: "0.8.0" +version: "0.9.0" source: license: "Elastic-2.0" description: "Collect logs from Azure App Service with Elastic Agent."