问题
Couldn't see the incoming messages coming through from Azure AD logs into Azure Event Hub. I have followed the below article.
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub
Can someone please let me know if there's anything I missed here.
Below are the images
AAD configuration to stream logs to Event Hub
No incoming messages in Azure Event hub
回答1:
I tried to read messages using Azure portal tools, but in the end I ended up doing it with DataBricks, or Python, depending on the situation.
https://docs.microsoft.com/en-us/azure/databricks/spark/latest/structured-streaming/streaming-event-hubs https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-python-get-started-send
It's very simple (DataBricks scala example):
import org.apache.spark.eventhubs.{ConnectionStringBuilder, EventHubsConf, EventPosition}
import org.apache.spark.sql.functions._
import java.time.{Clock, Instant}
import java.time.temporal.ChronoUnit;
import org.apache.spark.sql._
//number of hours you want to display
val hoursToDisplay = 24
val ehConf = EventHubsConf(yourConnectionString)
.setStartingPosition(EventPosition.fromEnqueuedTime(Instant.now.minus(hoursToDisplay,ChronoUnit.HOURS)))
.setConsumerGroup(yourConsumerName)
val input = spark.read.
format("eventhubs").
options(ehConf.toMap).
load().
select($"*" , $"body".cast("string").as("string_Casted_Body"))
display(input)
Hope it helps
回答2:
Seems there is some expected delay. Azure AD recommends to wait about 15 minutes before checking things on the Event Hubs side. Did you wait for enough time?
After about 15 minutes, verify that events are displayed in your event hub. To do so, go to the event hub from the portal and verify that the incoming messages count is greater than zero.
来源:https://stackoverflow.com/questions/60169552/no-incoming-messages-to-event-hub