Azure Logs Ingestion Overview
Last updated - 21 November, 2025
You can ingest Azure logs with LogicMonitor to unify logs on a single platform, improve troubleshooting efficiency, and ingest subscription-level logs.
Ingesting Azure logs into LogicMonitor involves the following:
- Creating the Event Hub
Set up an Event Hub to identify the source of the logs to ingest. Start by creating an Event Hub namespace that the Event Hub maps to.
For more information, see Quickstart: Create an Event Hub using Azure portal from Microsoft. - Deploying the Azure Function
Acts as the processing bridge between Azure logging services and LogicMonitor, ensuring that subscription-level events are forwarded to LM Logs. - Creating a managed identity
Set up a managed identity in Azure (or using CLI/ARM templates) to authenticate LM Logs and grant access to Azure without storing credentials. This enables LM Logs to collect and forward subscription-level logs in a controlled and compliant way.
For more information, see Manage user-assigned managed identities using the Azure portal from Microsoft. - Updating diagnostic settings
Modify your Azure diagnostic settings to map Azure Activity and resource logs to the Event Hub connected to LM Logs.
For more information, see Diagnostic settings in Azure Monitor from Microsoft.
For more information, see Azure Resource Log Configuration for Log Ingestion.
General Requirements for Ingesting Azure Logs
To ingest Azure logs with LogicMonitor, you must have the following:
- A LogicMonitor account
- A Microsoft Azure account with a User Administrator role
