diff --git a/docs/integrations/microsoft-azure/audit.md b/docs/integrations/microsoft-azure/audit.md index e0dc930f2e..9cc3d759a6 100644 --- a/docs/integrations/microsoft-azure/audit.md +++ b/docs/integrations/microsoft-azure/audit.md @@ -30,10 +30,11 @@ In this step, you configure a pipeline for shipping logs from [Azure Monitor](ht 1. In the **Activity Log** window, click **Export Activity Logs**.
activity-log 1. Select the log type in **Category details** that you want to ingest. 1. Select the **Stream to an event hub** checkbox and then select the following: - * **Subscription.** Pull-down, select a subscription. - * **Event hub namespace.** If you have chosen Method 1 (Azure Event Hubs Source) for collecting logs, select the **EventHubNamespace** created manually, or else if you have chosen Method 2 (Collect logs from Azure monitor using Azure functions), then select `SumoAzureLogsNamespace` namespace created by the ARM template. - * **Event hub name (optional).** If you have chosen Method 1 (Azure Event Hub Source) for collecting logs, select the event hub name, which you created manually, or if you have chosen Method 2 (Collect logs from Azure monitor using Azure functions), then select **insights-operational-logs**. - * **Event hub policy name.** Leave the default policy, **RootManageSharedAccessKey**, or select another as desired.
diagnostic-setting-audit.png + * **Subscription**. Select a subscription. + * **Event hub namespace**. Select the namespace. + * **Event hub name (optional)**. Select the hub name. + * **Event hub policy name**. Leave the default policy, **RootManageSharedAccessKey**, or select another as desired. +
diagnostic-setting-audit.png 1. Click **Save.** ## Installing the Azure Audit app