• Log inStart now

Forward logs and activity logs from Azure

If your logs are already being collected in Azure, you can use our Microsoft Azure Resource Manager (ARM) templates to forward and enrich them in New Relic.

Forwarding your Azure logs to New Relic will give you enhanced log management capabilities to collect, process, explore, query, and alert on your log data.

We currently offer two ARM templates to achieve this: the EventHub-based (recommended) and the Blob Storage-based templates.

Send logs from an Azure Event Hub (recommended)

The New Relic Event Hub ARM template allows you to attach a consumer to an existing or new Event Hub to forward the incoming stream of logs to New Relic. By using this setup, you can configure multiple Azure resources to send their logs to an Event Hub and have these logs automatically forwarded to New Relic. The template also allows you to easily configure your subscription Activity Logs to be sent to New Relic.

To send the logs from your Event Hub:

  1. Deploy the New Relic Event Hub ARM template.
  2. Optional: configure your subscription Activity Logs to be sent to New Relic.
  3. Optional: configure a given Azure resource to send its individual Activity Logs.
  4. Explore your log data.

Deploy the New Relic Event Hub ARM template

Follow these steps:

  1. Make sure you have a New Relic license key.
  2. Log in to one.newrelic.com > Logs and click Add more data sources on the top right of the page.
  3. Under Log ingestion, click the Microsoft Azure Event Hub tile:
  1. Select the account you want to send the logs, and click Continue.
  2. Click Generate API Key and copy the generated API key.
  3. Click Deploy to Azure and a new tab will be open with the ARM template loaded in Azure.
  4. Select the Resource Group where you want to create the necessary resources, and a Region. Despite not being mandatory, we recommend installing the template in a new resource group, to avoid deleting any of the components it creates accidentally.
  5. In the New Relic License Key field, paste the previously copied API key.
  6. Ensure the New Relic endpoint is set to the one corresponding to your account.
  7. Optional: Set to true the Azure subscription activity logs you want to forward. See the subscription information in this document for more details.
  8. Click Review + create, review the data you've inserted, and click Create.

Note that the template is idempotent. You can start forwarding logs from Event Hub and then rerun the same template to configure Azure Subscription Activity Logs forwarding by completing step 10.

While you wait for your data to come in...

Did this doc help you install?

Optional: Send Azure Activity Logs from your subscription

Azure Activity Logs provide:

  • More visibility of your Azure resources
  • Activity of the Azure resources
  • Information about performed actions
  • Events and their timestamps
  • The user who performed an action, if applicable

These are all subscription-level events. If you wish to forward Activity Logs from a specific resource instead, please refer to the Resource Activity Logs information in this document.

For more information about the shape of the Activity Logs, see the Microsoft Azure Activity Log event schema.

The New Relic Event Hub ARM template deployment optionally allows you to select which Azure Activity Logs you want to forward to New Relic, including:

  • Administrative Azure Activity Logs
  • Alert Azure Activity Logs
  • Autoscale Azure Activity Logs
  • Policy Azure Activity Logs
  • Recommendation Azure Activity Logs
  • Resource Health Azure Activity Logs
  • Security Azure Activity Logs
  • Service Health Azure Activity Logs

Optional: configure an Azure resource to send its Activity Logs

By default, this template only configures the function and resources needed to forward logs from an Event Hub to New Relic. We can also configure the subscription Activity Logs to be forwarded, but there isn't a default log forwarding from your Azure resources. If you want to forward logs from any resource that produces them, you need to configure it by creating a diagnostic setting for the given resource.

For example, if you have a function running on Azure and you want to forward the logs to New Relic, you'll need to configure a diagnostic setting to forward the logs to Event Hub. For more information, see the Microsoft documentation to create diagnostic settings for sending platform logs and metrics to different destinations.

In the following example, we will demonstrate how to forward the Activity Logs from a Kubernetes Service resource running on Azure.

  1. Deploy the New Relic Event Hub ARM template.
  2. Navigate to your Kubernetes service:
  1. In the left-hand menu, select Monitoring>Diagnostic Settings:
  1. Click Add diagnostic setting:
  1. Give your new setting a meaningful name:
  1. Select the Kubernetes (control pane) logs you want to collect:
  1. On the Destination details, select Stream to an event hub, and configure the Event hub namespace, Event hub name, and Event hub policy name. If you opted to create a new Event Hub and a namespace during the ARM template deployment, select the following automatically created settings (the namespace name will have a different suffix):
  1. Click Save to start forwarding your Kubernetes logs to New Relic:

Send logs from Azure Blob storage

Azure Blob Storage allows you to store massive amounts of unstructured data, including log files. Using the New Relic Blob Storage ARM template, you will be able to create a function that forwards the contents of a container placed in a Storage Account.

Important

New Relic Blob Storage ARM template deploys a function that forwards all the blob files within the specified container at their current state. If any of these blobs is modified thereafter, the complete contents of the file will be resent.

This solution aims to forward static blob files to New Relic, and it does not support file tailing. If you need to forward a stream of logs, we recommend to send your application logs to an Event Hub and use the Event Hub based template instead.

To send the blobs from a container in your Storage Account, follow these steps:

  1. Deploy the New Relic Blob Storage ARM template.
  2. Explore your log data.

Deploy the New Relic Blob Storage ARM template

Follow these steps:

  1. Make sure you have a New Relic license key.
  2. Log in to New Relic's Logs UI and click Add more data sources on the top right of the page.
  3. Under Log ingestion, click the Microsoft Azure Blob Storage tile.
  1. Select the account you want to send the logs, and click Continue.
  2. Click Generate API Key and copy the generated API Key.
  3. Click Deploy to Azure and a new tab will be open with the ARM template loaded in Azure.
  4. Select the Resource Group where you want to create the necessary resources, and a Region. Despite not being mandatory, we recommend installing the template in a new resource group, to avoid deleting any of the components it creates accidentally.
  5. In the New Relic License Key field, paste the previously copied API Key.
  6. Introduce the names for the storage account and the container that you wish to forward.
  7. Ensure the New Relic endpoint is set to the one corresponding to your account.
  8. Click Review + create, review the data you've inserted, and click Create.

View log data

If everything is configured correctly and your data is being collected, you should see data logs in both of these places:

SELECT * FROM Log

If you want to only query for logs coming from Azure, run the following query:

SELECT * FROM Log where plugin.type='azure'

If no data appears after you enable our log management capabilities, follow our standard log troubleshooting procedures.

What's next?

Explore logging data across your platform with our Logs UI.

Disable log forwarding

To disable log forwarding capabilities, follow standard procedures in Microsoft Azure activity logs documentation. You do not need to do anything else in New Relic.

Copyright © 2022 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.