azureazure-eventhubazure-diagnosticsazure-log-analytics-workspace

How to handle diagnostic logs from different resources of azure having different table log structure?


I'm trying to send diagnostics logs of different azure resources of a specific subscription to Log Analytics Workspace(LAW)via EventHub.

But since we have different azure resource logs, each resource might have a different diagnostic log schema.

Then how can we handle this type of logs in Log Analytic Workspace(LAW) as all the logs stores in the form of tables in LAW ?


Solution

  • When a diagnostic setting is created for any resource within azure, tables are created based on the collection the resource is using: