[Azure App Service] Update Readme (#15784)

Update readme

Author: giorgi-imerlishvili-elastic

packages/azure_app_service/_dev/build/docs/README.md

@@ -16,44 +16,13 @@ This integration currently collects one data stream:
 
 - App Service Logs
 
-## Requirements
-
-### Credentials
-
-`eventhub` :
-_string_
-Is the fully managed, real-time data ingestion service.
-
-`consumer_group` :
-_string_
-The publish/subscribe mechanism of Event Hubs is enabled through consumer groups. A consumer group is a view (state, position, or offset) of an entire event hub. Consumer groups enable multiple consuming applications to each have a separate view of the event stream, and to read the stream independently at their own pace and with their own offsets.
-Default value: `$Default`
-
-`connection_string` :
-_string_
-The connection string required to communicate with Event Hubs, steps here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string.
-
-A Blob Storage account is required in order to store/retrieve/update the offset or state of the eventhub messages. This means that after stopping the filebeat azure module it can start back up at the spot that it stopped processing messages.
-
-`storage_account` :
-_string_
-The name of the storage account the state/offsets will be stored and updated.
-
-`storage_account_key` :
-_string_
-The storage account key, this key will be used to authorize access to data in your storage account.
-
-`resource_manager_endpoint` :
-_string_
-Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment.
-Ex:
-https://management.chinacloudapi.cn/ for azure ChinaCloud
-https://management.microsoftazure.de/ for azure GermanCloud
-https://management.azure.com/ for azure PublicCloud
-https://management.usgovcloudapi.net/ for azure USGovernmentCloud
-Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints.
+## Requirements and setup
+Refer to the [Azure Logs](https://docs.elastic.co/integrations/azure) page for more information on how to set up and use this integration.
 
 ## App Service Logs
+Collects different types of logs from Azure App Service via Event Hub.
+
+{{event "app_service_logs"}}
 
 **ECS Field Reference**
 

packages/azure_app_service/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.9.0"
+  changes:
+    - description: Update readme
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15784
 - version: "0.8.0"
   changes:
     - description: Add dashboard for log categories Application Logs, Audit Logs, Console Logs, HTTP Logs, IPsec Audit Logs and Platform Logs.

packages/azure_app_service/data_stream/app_service_logs/sample_event.json

@@ -0,0 +1,49 @@
+{
+    "agent": {
+        "name": "EPGETBIW05AD",
+        "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+        "ephemeral_id": "65e0aae6-d877-4830-b9f0-10b0ccd39bb9",
+        "type": "filebeat",
+        "version": "8.18.3"
+    },
+    "@timestamp": "2025-10-28T09:39:57.805Z",
+    "ecs": {
+        "version": "8.11.0"
+    },
+    "data_stream": {
+        "namespace": "default",
+        "type": "logs",
+        "dataset": "azure_app_service.app_service_logs"
+    },
+    "elastic_agent": {
+        "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+        "version": "8.18.3",
+        "snapshot": false
+    },
+    "event": {
+        "agent_id_status": "verified",
+        "ingested": "2025-10-28T09:40:37Z",
+        "dataset": "azure_app_service.app_service_logs"
+    },
+    "tags": [
+        "azure-appservice",
+        "forwarded"
+    ],
+    "azure": {
+        "resource": {
+            "id": "/SUBSCRIPTIONS/12CABCB4-86E8-404F-A3D2-1DC9982F45CA/RESOURCEGROUPS/IMERLISHVILI-TEST/PROVIDERS/MICROSOFT.WEB/SITES/LEMON-FLOWER-AF075F43C47545E6B4248C46905E5188"
+        },
+        "app_service": {
+            "result_description": "169.254.129.1 - - [28/Oct/2025:09:39:57 +0000] \"GET /static/favicon.ico HTTP/1.1\" 200 0 \"https://lemon-flower-af075f43c47545e6b4248c46905e5188.azurewebsites.net/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36\"",
+            "level": "Informational",
+            "event_stamp_name": "waws-prod-fra-033",
+            "operation_name": "Microsoft.Web/sites/log",
+            "event_ip_address": "10.30.0.225",
+            "event_primary_stamp_name": "waws-prod-fra-033",
+            "event_stamp_type": "Stamp",
+            "host": "10-30-0-225",
+            "category": "AppServiceConsoleLogs",
+            "container_id": "a9ea19c60625_lemon-flower-af075f43c47545e6b4248c46905e5188"
+        }
+    }
+}

packages/azure_app_service/docs/README.md

@@ -16,44 +16,65 @@ This integration currently collects one data stream:
 
 - App Service Logs
 
-## Requirements
-
-### Credentials
-
-`eventhub` :
-_string_
-Is the fully managed, real-time data ingestion service.
-
-`consumer_group` :
-_string_
-The publish/subscribe mechanism of Event Hubs is enabled through consumer groups. A consumer group is a view (state, position, or offset) of an entire event hub. Consumer groups enable multiple consuming applications to each have a separate view of the event stream, and to read the stream independently at their own pace and with their own offsets.
-Default value: `$Default`
-
-`connection_string` :
-_string_
-The connection string required to communicate with Event Hubs, steps here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string.
-
-A Blob Storage account is required in order to store/retrieve/update the offset or state of the eventhub messages. This means that after stopping the filebeat azure module it can start back up at the spot that it stopped processing messages.
-
-`storage_account` :
-_string_
-The name of the storage account the state/offsets will be stored and updated.
-
-`storage_account_key` :
-_string_
-The storage account key, this key will be used to authorize access to data in your storage account.
-
-`resource_manager_endpoint` :
-_string_
-Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment.
-Ex:
-https://management.chinacloudapi.cn/ for azure ChinaCloud
-https://management.microsoftazure.de/ for azure GermanCloud
-https://management.azure.com/ for azure PublicCloud
-https://management.usgovcloudapi.net/ for azure USGovernmentCloud
-Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints.
+## Requirements and setup
+Refer to the [Azure Logs](https://docs.elastic.co/integrations/azure) page for more information on how to set up and use this integration.
 
 ## App Service Logs
+Collects different types of logs from Azure App Service via Event Hub.
+
+An example event for `app_service` looks as following:
+
+```json
+{
+    "agent": {
+        "name": "EPGETBIW05AD",
+        "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+        "ephemeral_id": "65e0aae6-d877-4830-b9f0-10b0ccd39bb9",
+        "type": "filebeat",
+        "version": "8.18.3"
+    },
+    "@timestamp": "2025-10-28T09:39:57.805Z",
+    "ecs": {
+        "version": "8.11.0"
+    },
+    "data_stream": {
+        "namespace": "default",
+        "type": "logs",
+        "dataset": "azure_app_service.app_service_logs"
+    },
+    "elastic_agent": {
+        "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+        "version": "8.18.3",
+        "snapshot": false
+    },
+    "event": {
+        "agent_id_status": "verified",
+        "ingested": "2025-10-28T09:40:37Z",
+        "dataset": "azure_app_service.app_service_logs"
+    },
+    "tags": [
+        "azure-appservice",
+        "forwarded"
+    ],
+    "azure": {
+        "resource": {
+            "id": "/SUBSCRIPTIONS/12CABCB4-86E8-404F-A3D2-1DC9982F45CA/RESOURCEGROUPS/IMERLISHVILI-TEST/PROVIDERS/MICROSOFT.WEB/SITES/LEMON-FLOWER-AF075F43C47545E6B4248C46905E5188"
+        },
+        "app_service": {
+            "result_description": "169.254.129.1 - - [28/Oct/2025:09:39:57 +0000] \"GET /static/favicon.ico HTTP/1.1\" 200 0 \"https://lemon-flower-af075f43c47545e6b4248c46905e5188.azurewebsites.net/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36\"",
+            "level": "Informational",
+            "event_stamp_name": "waws-prod-fra-033",
+            "operation_name": "Microsoft.Web/sites/log",
+            "event_ip_address": "10.30.0.225",
+            "event_primary_stamp_name": "waws-prod-fra-033",
+            "event_stamp_type": "Stamp",
+            "host": "10-30-0-225",
+            "category": "AppServiceConsoleLogs",
+            "container_id": "a9ea19c60625_lemon-flower-af075f43c47545e6b4248c46905e5188"
+        }
+    }
+}
+```
 
 **ECS Field Reference**
 

packages/azure_app_service/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: azure_app_service
 title: "Azure App Service"
-version: "0.8.0"
+version: "0.9.0"
 source:
   license: "Elastic-2.0"
 description: "Collect logs from Azure App Service with Elastic Agent."