Need Assistance Redirecting O365 Logs to Event Hub (using azure function), then visualize with data explorer

Riya Aggarwal 25 Reputation points
2023-11-16T19:02:35.7633333+00:00

Hello,

I've been working on a project involving eventhub, function apps and O365 logs, and I've hit a bit of a roadblock. I'm using the Azure-Sentinel GitHub repository (link: https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/O365%20Data) to collect Audit.General and DLP.ALL Activity Logs from O365, and currently, these logs are sent to Log Analytics/Sentinel.

However, I want to redirect these logs to Event Hub instead of Log Analytics. I've tried modifying the function app code within the ARM template provided on the GitHub page, but it doesn't seem to be working as expected. I've been stuck on this for a week now, and as someone who's new to working with function apps and coding, I'm finding it challenging. (Can share function app script if needed)

I've also attempted to create a function app on my own and wrote a PowerShell script, but unfortunately, it doesn't seem to be doing the trick.

My end goal is to have the logs reach Event Hub successfully, and then I want to analyze them using Data Explorer to confirm the data is reaching its destination.
Thanks for any help in advance!

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,570 questions
Azure Data Explorer
Azure Data Explorer
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
502 questions
Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
591 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sander van de Velde | MVP 30,786 Reputation points MVP
    2023-11-16T19:21:29.7333333+00:00

    Hello @Riya Aggarwal,

    welcome to this moderated Azure community forum.

    It seems reading O365 logs is already coffered by you?

    If you are capable of writing C#, this blog post is a good starting point for ingesting data into Azure Data Explorer the easy and richt way.

    Otherwise, consider it a blue print you can base your own code implementation on because the concepts are the same due to the underlying ADX REST API.

    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.