Event Hubs support in NSG Flow logs
Currently NSG Flow Logs are do not have the ability to publish to Azure Event Hub as other logs do.
It would be invaluable for this facility to be made available to allow onward transformation of log data (via Azure Functions) prior to ingest into products such as Splunk.
Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.
Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector
Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html
Mathieu R. commented
This is being evaluated since more than 2 years... may we have a feedback ?
Considering People want to ingest tis data in SIEM systems like Qradar, Splunk its important for Microsoft to develop this capability to allow users to fully utilize this data in SIEM systems.
Azure User commented
Did this ever get reviewed? It looks like it's been UNDER REVIEW for two years.
We also have this use case. Any updates?
Bibek Shrestha commented
Any plans to integrate this in foreseeable future?
This is a pretty critical use case for us. I'd be very keen on seeing NSG flow logs pushed to Event Hubs.