DDU consumption for Log Monitoring
DDU pricing applies to cloud Log Monitoring. See DDUs for Log Monitoring for details
Azure log forwarding allows you to stream Azure logs from Azure Event Hubs into DESK logs via an Azure Function App instance. It supports Azure resource logs, activity logs, and Entra ID sign-in logs.
Azure log forwarding is performed directly through Cluster API. If you don't want to use direct ingest through the Cluster API, you have to use an existing ActiveGate for log ingestion.
Deployment of Azure log forwarder results in creating the following resources:
Azure log forwarder uses Linux based Azure function by default. Windows based function is not supported.
For details about the resources created, see the Azure Resource Manager file on GitHub
Logs older than 24 hours are rejected (considered too old by the DESK log ingest endpoint), so we recommend that you don't set a retention time of more than 24 hours for Azure Event Hubs.
The Azure log forwarder supports a maximum 70 MB per minute (~4 GB per hour) in the default configuration. The throughput is measured with Event Hubs metric Outgoing Bytes of the Event Hubs instance attached to the function. See Scaling guide for scaling instructions.
See below the list of requirements for setting up Azure log forwarding. Some are needed before you start deployment, others during the deployment process.
If you're using an earlier version of DESK, see Alternative deployments for instructions.