From 95305730858ade3596858e346df03b558a9afe57 Mon Sep 17 00:00:00 2001 From: "Insuk (Chris) Cho" Date: Wed, 18 Aug 2021 18:34:47 +0900 Subject: [PATCH 1/3] Add default evenhub settings for each log type When we only put one default eventhub settings in this reference, the user might be confused they can use a single eventhub for all event types even the field mappings and parsing logic are different. Let's add all default settings with the notes that the user needs to understand each log type has different fields, expicitly. --- filebeat/docs/modules/azure.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/docs/modules/azure.asciidoc b/filebeat/docs/modules/azure.asciidoc index e76362061159..2c56f9cb60d7 100644 --- a/filebeat/docs/modules/azure.asciidoc +++ b/filebeat/docs/modules/azure.asciidoc @@ -83,7 +83,7 @@ Will retrieve azure Active Directory audit logs. The audit logs provide traceabi `eventhub` :: _string_ Is the fully managed, real-time data ingestion service. -Default value `insights-operational-logs`. +Default value `insights-operational-logs` for activitylogs, `insights-logs-auditlogs` for auditlogs and `insights-logs-signinlogs` for signinlogs. It is recommended to use separate eventhub for each log type as the field mappings of each log type are different. `consumer_group` :: _string_ From 965a1933307da1d806c5f32e1a6438fdc586dc17 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Thu, 19 Aug 2021 08:27:51 -0700 Subject: [PATCH 2/3] small fix --- filebeat/docs/modules/azure.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/docs/modules/azure.asciidoc b/filebeat/docs/modules/azure.asciidoc index 2c56f9cb60d7..7f4a9d7e9e7a 100644 --- a/filebeat/docs/modules/azure.asciidoc +++ b/filebeat/docs/modules/azure.asciidoc @@ -83,7 +83,7 @@ Will retrieve azure Active Directory audit logs. The audit logs provide traceabi `eventhub` :: _string_ Is the fully managed, real-time data ingestion service. -Default value `insights-operational-logs` for activitylogs, `insights-logs-auditlogs` for auditlogs and `insights-logs-signinlogs` for signinlogs. It is recommended to use separate eventhub for each log type as the field mappings of each log type are different. +Default value of `insights-operational-logs` for activitylogs, `insights-logs-auditlogs` for auditlogs, and `insights-logs-signinlogs` for signinlogs. It is recommended to use a separate eventhub for each log type as the field mappings of each log type are different. `consumer_group` :: _string_ From f9e64644f1a31da2dbf391c71d33aca4cd41fa42 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Thu, 19 Aug 2021 11:35:40 -0700 Subject: [PATCH 3/3] docs: fix lint --- filebeat/docs/modules/azure.asciidoc | 6 ------ x-pack/filebeat/module/azure/_meta/docs.asciidoc | 8 +------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/filebeat/docs/modules/azure.asciidoc b/filebeat/docs/modules/azure.asciidoc index 7f4a9d7e9e7a..78685b96475e 100644 --- a/filebeat/docs/modules/azure.asciidoc +++ b/filebeat/docs/modules/azure.asciidoc @@ -127,12 +127,6 @@ The azure module comes with several predefined dashboards for general cloud over image::./images/filebeat-azure-overview.png[] - - - - - - [float] === Fields diff --git a/x-pack/filebeat/module/azure/_meta/docs.asciidoc b/x-pack/filebeat/module/azure/_meta/docs.asciidoc index 727349ac9c74..e295c981e57b 100644 --- a/x-pack/filebeat/module/azure/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/azure/_meta/docs.asciidoc @@ -78,7 +78,7 @@ Will retrieve azure Active Directory audit logs. The audit logs provide traceabi `eventhub` :: _string_ Is the fully managed, real-time data ingestion service. -Default value `insights-operational-logs`. +Default value of `insights-operational-logs` for activitylogs, `insights-logs-auditlogs` for auditlogs, and `insights-logs-signinlogs` for signinlogs. It is recommended to use a separate eventhub for each log type as the field mappings of each log type are different. `consumer_group` :: _string_ @@ -120,9 +120,3 @@ include::../include/gs-link.asciidoc[] The azure module comes with several predefined dashboards for general cloud overview, user activity and alerts. For example: image::./images/filebeat-azure-overview.png[] - - - - - -