Merge pull request #9319 from amsliu/v-liuamson-CI6472-new-articles

Amson Liu · web-flow · commit 7b09f310f939 · 2025-07-18T16:37:42.000-04:00
New articles under parent CI 6472: https://dev.azure.com/KMOps/ContentExperience/_workitems/edit/6475/ https://dev.azure.com/KMOps/ContentExperience/_workitems/edit/6476/ https://dev.azure.com/KMOps/ContentExperience/_workitems/edit/6477/
diff --git a/support/azure/azure-monitor/activity-logs/config-export/diagnostic-settings-transition-from-legacy-solutions.md b/support/azure/azure-monitor/activity-logs/config-export/diagnostic-settings-transition-from-legacy-solutions.md
@@ -1,11 +1,12 @@
 ---
 title: Diagnostic Settings Transition from Legacy Solutions
 description: Provides step-by-step guidance on diagnostic settings transition from legacy solutions.
-ms.date: 07/09/2025
-ms.reviewer: v-liuamson
+ms.date: 07/16/2025
+ms.reviewer: v-liuamson; v-gsitser
 ms.service: azure-monitor
 ms.custom: I can’t configure export of Activity Logs
 ---
+
 # Diagnostic Settings Transition from Legacy Solutions
 
 ## Resolve Transition Issues from Legacy Azure Activity Log Solutions
diff --git a/support/azure/azure-monitor/activity-logs/config-export/exporting-directory-level-activity-logs-to-event-hub.md b/support/azure/azure-monitor/activity-logs/config-export/exporting-directory-level-activity-logs-to-event-hub.md
@@ -0,0 +1,44 @@
+---
+title: Exporting Directory-Level Activity Logs to Event Hubs
+description: Provides guidance for exporting directory-level activity logs to Event Hubs by using Azure management group-level diagnostic settings.
+ms.date: 07/16/2025
+ms.reviewer: v-liuamson; v-gsitser; v-sisidhu
+ms.service: azure-monitor
+ms.custom: I can’t configure export of Activity Logs
+---
+
+# Export directory-level activity logs to Event Hubs
+
+This article provides guidance to export directory-level activity logs to Event Hubs by using Microsoft Azure management group-level diagnostic settings. This process is essential for users who have to monitor and analyze activity logs efficiently.
+
+## Introduction
+
+You can export directory-level activity logs to an event hub through an API call that creates management group-level diagnostic settings. This solution is useful for organizations that want to centralize their log data for better analysis and monitoring.
+
+### Instructions to export logs
+
+1. **Access the Azure portal**: Navigate to the Azure portal, and sign in by using your credentials.
+
+2. **Locate diagnostic settings**: Go to the **Azure Monitor** section, and select **Diagnostic settings** on the menu.
+
+3. **Create or update diagnostic settings**: Select **Add diagnostic setting**, and select the resource that you want to export logs for.
+
+4. **Configure export to event hub**: Under **Destination details**, select **Event Hub**. Provide the necessary **Event Hub namespace** and **Event Hub name** values. Make sure that the **Event Hub key ID** value is entered correctly.
+
+5. **Save and verify**: Select **Save** to apply the settings. Check the event hub for incoming data to verify that the logs are exported.
+
+### Common issues and solutions
+
+- **Issue:** Logs don't appear in Event Hubs.
+  - **Solution:** Double-check the event hub configuration to make sure that the correct namespace and key ID are used.
+
+- **Issue:** Permission errors occur when making diagnostic settings.
+  - **Solution:** Make sure that you have the necessary permissions to create or update diagnostic settings in Azure.
+
+## References
+
+- [Azure Monitor Documentation](https://learn.microsoft.com/azure/monitoring/)
+- [Event Hubs Documentation](https://learn.microsoft.com/azure/event-hubs/)
+- [Diagnostic settings in Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings#time-before-telemetry-gets-to-destination)
+
+If the issue persists after following the solution steps, please open a support case for further assistance.
diff --git a/support/azure/azure-monitor/activity-logs/config-export/pushing-subscription-activity-logs-to-sentinel.md b/support/azure/azure-monitor/activity-logs/config-export/pushing-subscription-activity-logs-to-sentinel.md
@@ -0,0 +1,55 @@
+---
+title: Detailed Guidance for Pushing Subscription Activity Logs to Sentinel
+description: Provides detailed instructions for pushing subscription activity logs to Sentinel.
+ms.date: 07/16/2025
+ms.reviewer: v-liuamson; v-gsitser; v-sisidhu
+ms.service: azure-monitor
+ms.custom: I can’t configure export of Activity Logs
+---
+
+# Push subscription activity logs to Sentinel
+
+This article provides guidance for pushing subscription activity logs to Microsoft Sentinel by using Azure's Diagnostic Settings. This process is essential for monitoring and analyzing activity logs effectively.
+
+Users might encounter challenges when they try to push subscription activity logs to Sentinel. This guide outlines the steps to configure Azure Diagnostic Settings to achieve seamless data transfer to Sentinel.
+
+## Instructions to configure Azure Diagnostic Settings
+
+1. **Access Azure Portal**: Log in to your Azure account, and navigate to the Azure portal.
+
+2. **Navigate to Diagnostic Settings**:
+   - Go to the **Azure Monitor** section.
+   - On the menu, select **Diagnostic Settings**.
+
+3. **Configure Diagnostic Settings**:
+   - Select the resource that you want to configure the logs for.
+   - Select **Add Diagnostic Setting**.
+   - Name your setting, and select the logs that you want to send to Sentinel.
+
+4. **Select Log Analytics workspace**:
+   - Under **Destination details**, select **Send to Log Analytics**.
+   - Select the appropriate Log Analytics workspace that you want to send the logs to.
+
+5. **Save configuration**:
+   - Review your settings, and select **Save** to apply the changes.
+
+6. **Verify data transfer**:
+   - Use the following query in your Log Analytics workspace to verify the data transfer:
+
+        ```plaintext
+         AzureActivity | where SubscriptionId contains "<YourSubscriptionId>"
+        ```
+
+### Common issues and solutions
+
+- **Issue**: Logs aren't appearing in Sentinel.
+    - **Solution**: Make sure that the correct Log Analytics workspace is selected and that the diagnostic settings are correctly configured.
+
+## References
+
+- [Azure Sentinel Data Connectors Reference](https://learn.microsoft.com/azure/sentinel/data-connectors-reference)
+- [Azure Monitor Diagnostic Settings](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings?tabs=CMD)
+- [Connect Services via Diagnostic Setting-Based Connector](https://learn.microsoft.com/azure/sentinel/connect-services-diagnostic-setting-based#connect-via-a-diagnostic-setting-based-connector-managed-by-azure-policy)
+- [Diagnostic settings in Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings#time-before-telemetry-gets-to-destination)
+
+If the issue persists after following the solution steps, please open a support case for further assistance.
diff --git a/support/azure/azure-monitor/activity-logs/config-export/resolving-log-limit-issues-in-azure-function-apps.md b/support/azure/azure-monitor/activity-logs/config-export/resolving-log-limit-issues-in-azure-function-apps.md
@@ -0,0 +1,43 @@
+---
+title: Resolving Log Limit Issues in Azure Function Apps
+description: Provides step-by-step instructions to resolve log limit issues in Azure Function Apps.
+ms.date: 07/16/2025
+ms.reviewer: v-liuamson; v-gsitser; v-sisidhu
+ms.service: azure-monitor
+ms.custom: I can’t configure export of Activity Logs
+---
+
+# Resolve log limit issues in Azure Function Apps
+
+This article discusses the issue of Azure Function Apps reaching their daily log limit. This condition prevents additional logs from being sent and affects the application's performance and monitoring capabilities. The issue might occur if the log volume exceeds the configured quota. 
+
+## Instructions to resolve log limit issues
+
+To resolve log limit issues in Azure Function Apps, follow these steps:
+
+1. **Identify the Function App**: Navigate to the Azure portal, and locate the specific Function App that is experiencing log issues.
+
+2. **Check current log quota**: Access the **Application Insights** that's associated with the Function App. Review the current log quota settings to determine whether they're being exceeded.
+
+3. **Evaluate log volume**: Analyze the logs to assess whether the increase in log volume is justified. Use Azure Monitor charts to visualize log trends and identify any anomalies.
+
+4. **Increase log quota**: If the log volume increase is reasonable, adjust the log quota in Application Insights. Go to the **Settings** section, select **Usage and estimated costs**, and modify the quota as appropriate.
+
+5. **Contact function app owner**: If the log increase is unexpected, reach out to the Function App owner for further troubleshooting. Make sure that they're aware of the log limits and potential effects.
+
+6. **Check Log Analytics workspace**: Verify that the Log Analytics workspace that's associated with the Application Insights doesn't have its own quota limitations that could affect logging.
+
+7. **Monitor for bottlenecks**: After you adjust the quotas, monitor the workspace for any potential bottlenecks that might occur because of increased log volumes.
+
+## Common issues and solutions
+
+- **Unexpected log volume**: If log volumes are unexpectedly high, investigate recent changes in the application or external factors that might contribute to the increase.
+- **Quota adjustment**: Make sure that any quota adjustments are aligned with the application's monitoring needs and budget constraints.
+
+## References
+
+- [Azure Monitor Documentation](https://learn.microsoft.com/azure/azure-monitor/)
+- [Application Insights Quota Management](https://learn.microsoft.com/azure/azure-monitor/app/pricing)
+- [Log Analytics Workspace Management](https://learn.microsoft.com/azure/azure-monitor/logs/manage-cost-storage)
+
+If the issue persists after following the solution steps, please open a support case for further assistance.
diff --git a/support/azure/azure-monitor/activity-logs/config-export/understanding-and-transitioning-from-legacy-to-diagnostic-settings.md b/support/azure/azure-monitor/activity-logs/config-export/understanding-and-transitioning-from-legacy-to-diagnostic-settings.md
@@ -1,12 +1,13 @@
 ---
-title: Understanding and Transitioning from Legacy to Diagnostic Settings for Azure Activity Logs
+title: Understanding and Transitioning from Legacy to Diagnostic Settings for Activity Logs
 description: Provides step-by-step instructions to transition from legacy to diagnostic settings.
-ms.date: 07/09/2025
-ms.reviewer: v-liuamson
+ms.date: 07/16/2025
+ms.reviewer: v-liuamson; v-gsitser
 ms.service: azure-monitor
 ms.custom: I can’t configure export of Activity Logs
 ---
-# Understanding and Transitioning from Legacy to Diagnostic Settings for Azure Activity Logs
+
+# Understanding and Transitioning from Legacy to Diagnostic Settings for Activity Logs
 
 When Azure announced the transition from legacy solutions to diagnostic settings for forwarding activity logs, users received notifications about necessary updates. This article provides guidance on how to manage this transition effectively.
 
diff --git a/support/azure/azure-monitor/toc.yml b/support/azure/azure-monitor/toc.yml
@@ -7,10 +7,16 @@ items:
     items: 
     - name: Configuring Export in Azure Portal
       items: 
+      - name: Understanding and Transitioning from Legacy to Diagnostic Settings for Activity Logs
+        href: activity-logs/config-export/understanding-and-transitioning-from-legacy-to-diagnostic-settings.md
       - name: Diagnostic Settings Transition from Legacy Solutions
         href: activity-logs/config-export/diagnostic-settings-transition-from-legacy-solutions.md
-      - name: Understanding and Transitioning from Legacy to Diagnostic Settings for Azure Activity Logs
-        href: activity-logs/config-export/understanding-and-transitioning-from-legacy-to-diagnostic-settings.md
+      - name: Detailed Guide on Pushing Subscription Activity Logs to Sentinel
+        href: activity-logs/config-export/pushing-subscription-activity-logs-to-sentinel.md
+      - name: Exporting Directory Level Activity Logs to Event Hub
+        href: activity-logs/config-export/exporting-directory-level-activity-logs-to-event-hub.md
+      - name: Resolving Log Limit Issues in Azure Function Apps
+        href: activity-logs/config-export/resolving-log-limit-issues-in-azure-function-apps.md
 - name: Application Insights
   items:
   - name: OpenTelemetry troubleshooting
diff --git a/support/azure/azure-monitor/welcome-azure-monitor.yml b/support/azure/azure-monitor/welcome-azure-monitor.yml
@@ -20,10 +20,10 @@ landingContent:
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Diagnostic Settings Transition from Legacy Solutions
-            url: ./activity-logs/config-export/diagnostic-settings-transition-from-legacy-solutions.md
           - text: Understanding and Transitioning from Legacy to Diagnostic Settings for Azure Activity Logs
             url: ./activity-logs/config-export/understanding-and-transitioning-from-legacy-to-diagnostic-settings.md
+          - text: Diagnostic Settings Transition from Legacy Solutions
+            url: ./activity-logs/config-export/diagnostic-settings-transition-from-legacy-solutions.md
   
   - title: Troubleshoot Azure Application Insights issues
     linkLists:
