Exporting Log Analytics logs to Event Hubs

It looks like you can now export Log Analytics logs to Event Hubs via the portal. So far you could only do it via the CLI (not even PowerShell apparently; steps here). You can’t export custom tables, and only specific tables are supported (a list is here).

Today I noticed this “Data Export” option. Maybe it’s always been there and I just didn’t see it until now… dunno! Anyways, using it I can now do the same exports but via the Portal.

There’s also some info on the pricing of such exports (as of this writing Microsoft isn’t charging for exports though).

Here’s what I did after clicking “Create export rule” above. I want to export all Security Events to an Event Hub; so the SecurityEvents table basically.

Next, specify the Storage Account or Event Hub you want to export to… and that’s it.

On the topic of Security Events, typically you’d collect Windows Event Logs from your VMs via the Log Analytics agent. But this doesn’t collect Security Event logs. For this you need to use the Azure Security Center and follow the steps detailed in this page.