• /
  • Log in
  • Free account

Forward logs and activity logs from Azure

If your log data is already being monitored by Microsoft Azure (ARM), you can use our template to forward and enrich your log data in New Relic.

Forwarding your Azure EventHub logs to New Relic will give you enhanced log management capabilities to collect, process, explore, query, and alert on your log data.

Azure Resources Manager logs

The Microsoft Azure Resources Manager (ARM) template provided by New Relic One helps you set up Azure to:

The setup process is almost the same for both use cases. As part of the setup process, you can select which Azure activity logs you want to forward to New Relic, including:

  • Administrative Azure Activity Logs
  • Alert Azure Activity Logs
  • Autoscale Azure Activity Logs
  • Policy Azure Activity Logs
  • Recommendation Azure Activity Logs
  • Resource Health Azure Activity Logs
  • Security Azure Activity Logs
  • Service Health Azure Activity Logs

Use the Azure Resource Manager (ARM) template

The template is idempotent. You can start forwarding logs from EventHub and then rerun the same template to configure Azure activity logs forwarding by completing step 10.

  1. Make sure you have a New Relic license key.
  2. Log in to New Relic Logs and click Add more data sources on the top right of the page.
  3. Under Log ingestion, click the Microsoft Azure data sources button tile.
  4. Select the account you want to send the logs, and click Continue.
  5. Click Generate API Key and copy the generated API Key.
  6. Click Deploy to Azure and a new tab will be open with the ARM template loaded in Azure.
  7. Select the Resource Group where you want to create the necessary resources, and a Region.
  8. In the New Relic License Key field, paste the previously copied API Key.
  9. Ensure the New Relic One endpoint set is the one corresponding to your account.
  10. Optional: Set to true the Azure activity logs you want to forward.
  11. Click Review + create, review the data you've inserted, and click Create.

View log data

If everything is configured correctly and your data is being collected, you should see data logs in both of these places:


If you want to only query for logs coming from Azure, run the following query:

SELECT * FROM Log where plugin.type='azure'

If no data appears after you enable our log management capabilities, follow our standard log troubleshooting procedures.

Send logs from Azure resources

By default, this template only configures the needed function and resources to forward logs to New Relic One. We can also configure the activity logs to be forwarded, but there isn't a default log forwarding from your Azure resources. If you want to forward logs from any resource that produces them, you need to configure it by creating a diagnostic setting for the given resource.

For example, if you have a function running on Azure and you want to forward the logs to New Relic One, you'll need to configure a diagnostic setting to forward the logs to EventHub. For more information, see the Microsoft documentation to create diagnostic settings for sendig platform logs and metrics to different destinations.

Azure activity logs

Activating the Azure activity logs forwarding is optional. It provides:

  • More visibility of your Azure resources
  • Activity of the Azure resources
  • Information about performed actions
  • Events and their timestamps
  • The user who performed an action, if applicable

These logs give your organization more control over the resources. However, be aware of wrong or unintentional changes on your resources and even unexpected actions. For more information about this kind of event, see the Microsoft Azure Activity Log event schema.

What's next?

Explore logging data across your platform with the New Relic One UI.

Create issueEdit page
Copyright © 2022 New Relic Inc.