Filebeat Azure module

Hi, i would like to know if the activitylogs - auditlogs can only be used for Azure AD audit events or that it is also possible to use it for keyvault audit logging also. Because we built an eventhub and pass the keyvault audit logs to the activity - auditlogs in filebeat and the messages are picked up from the eventhub but we do not receive any data in Elastic.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

hi @Marco0101, those messages are most likely filtered out as we expect only activity and AD logs.
A workaround for now is just using the azure-eventhub input and creating similar pipelines as the ones used for the azure module and applying them to your events.