i have small environment using couple of Azure technologies compatible with LAW (Log Analytics Workspace [Sentinel]). Is there a way to send Azure linux VM (auth) logs from LAW to Elastic cloud using Event Hubs? There is Filebeat plugin and Azure integration by Agents but all i gather is Azure metadata metrics, no logs from dedicated systems except windows.
For example, i want to see logs in Elastic from ssh authentication failure generated on my Azure Ubuntu VM. I have them in LAW (connected by agent), cant see them in Elastic despite the connection between Event Hub and Elastic is estabilished and for example i am getting Windows sensor logs (windows 4625).