Event Hubs support in NSG Flow logs
Currently NSG Flow Logs are do not have the ability to publish to Azure Event Hub as other logs do.
It would be invaluable for this facility to be made available to allow onward transformation of log data (via Azure Functions) prior to ingest into products such as Splunk.
Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.
Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector
Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html
Azure User commented
Did this ever get reviewed? It looks like it's been UNDER REVIEW for two years.
We also have this use case. Any updates?
Bibek Shrestha commented
Any plans to integrate this in foreseeable future?
This is a pretty critical use case for us. I'd be very keen on seeing NSG flow logs pushed to Event Hubs.