Hi Experts,
I want in way to integrate Azure Event Hub with Qradar. In this way i came across below questions:-
- How to stream Monitor data (% processor time, Available MBytes, % free logical Disk etc.)
I have gone through THIS blog to configure the same. Its looks pretty decent however i need some clarification on it:-
There i have seen this paragraph:-
Connect Azure Diagnostics to Event Hubs sink
By default, Azure Diagnostics always sends logs and metrics to an Azure Storage account. An application may also send data to Event Hubs by adding a new Sinks section under the PublicConfig / WadCfg element of the .wadcfgx file. In Visual Studio, the .wadcfgx file is stored in the following path: Cloud Service Project > Roles > (RoleName) > diagnostics.wadcfgx file.
Question is :- How i can find this "PublicConfig / WadCfg" to edit. I have visual studio downloaded but i cannot see this location anywhere.
Note:- My main goal is to send Monitor Data of Azure VMs to Event Hub which are already deployed. And these are 1000+ in count.
How i can achieve this since i cannot see any option on azure console to configure Monitor data into Event Hub.
Apart from this i will happy if any one can suggest me , How to starem syslogs into Event HUB.
Please let me know if you need any further help from my side.
FYi.... VMs are in 5 Different subscription and Event Hub in another subscription.
Cheers, Gourav Please remember to mark the replies as answers if it helped.