elastic · giorgi-imerlishvili-elastic · Oct 30, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025
@@ -53,7 +53,17 @@ https://management.azure.com/ for azure PublicCloud
 https://management.usgovcloudapi.net/ for azure USGovernmentCloud
 Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints.
 
+## Setup
+To start collecting data with this integration, you need to:
+1. Set up an Event Hub namespace and an Event Hub within it. Follow the instructions in the [Azure Event Hubs documentation](https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-create).
+2. Configure diagnostic settings for your Azure App Service to send logs to the Event Hub. Follow the instructions in the [Azure App Service diagnostic settings documentation](https://learn.microsoft.com/en-us/azure/app-service/monitor-diagnostic-logs#send-diagnostic-logs-to-an-event-hub).
+3. Create a Blob Storage account to store the offsets/state of the Event Hub messages. Follow the instructions in the [Azure Blob Storage documentation](https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-portal).
+4. Configure the integration with the necessary credentials mentioned in the Requirements section.
+
 ## App Service Logs
+Collects different types of logs from Azure App Service via Event Hub.
+
+{{event "app_service_logs"}}
 
 **ECS Field Reference**
 

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.8.0"
+  changes:
+    - description: Update readme
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14769
 - version: "0.7.0"
   changes:
     - description: Add a flag `fips_compatible` to control whether the package is allowed in the ECH FedRAMP High environment.

@@ -0,0 +1,60 @@
+{
+  "input": {
+    "type": "azure-eventhub"
+  },
+  "agent": {
+    "name": "EPGETBIW05AD",
+    "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+    "ephemeral_id": "65e0aae6-d877-4830-b9f0-10b0ccd39bb9",
+    "type": "filebeat",
+    "version": "8.18.3"
+  },
+  "@timestamp": "2025-10-28T09:39:57.805Z",
+  "ecs": {
+    "version": "8.11.0"
+  },
+  "data_stream": {
+    "namespace": "default",
+    "type": "logs",
+    "dataset": "azure_app_service.app_service_logs"
+  },
+  "elastic_agent": {
+    "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+    "version": "8.18.3",
+    "snapshot": false
+  },
+  "event": {
+    "agent_id_status": "verified",
+    "ingested": "2025-10-28T09:40:37Z",
+    "dataset": "azure_app_service.app_service_logs"
+  },
+  "azure-eventhub": {
+    "sequence_number": 133,
+    "consumer_group": "$Default",
+    "offset": 107374190096,
+    "eventhub": "testeventhub",
+    "enqueued_time": "2025-10-28T09:40:36.610Z"
+  },
+  "tags": [
+    "azure-appservice",
+    "forwarded"
+  ],
+  "azure": {
+    "resource": {
+      "id": "/SUBSCRIPTIONS/12CABCB4-86E8-404F-A3D2-1DC9982F45CA/RESOURCEGROUPS/IMERLISHVILI-TEST/PROVIDERS/MICROSOFT.WEB/SITES/LEMON-FLOWER-AF075F43C47545E6B4248C46905E5188"
+    },
+    "app_service": {
+      "result_description": "169.254.129.1 - - [28/Oct/2025:09:39:57 +0000] \"GET /static/favicon.ico HTTP/1.1\" 200 0 \"https://lemon-flower-af075f43c47545e6b4248c46905e5188.azurewebsites.net/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36\"",
+      "level": "Informational",
+      "event_stamp_name": "waws-prod-fra-033",
+      "operation_name": "Microsoft.Web/sites/log",
+      "event_ip_address": "10.30.0.225",
+      "event_primary_stamp_name": "waws-prod-fra-033",
+      "event_stamp_type": "Stamp",
+      "host": "10-30-0-225",
+      "location": "Germany West Central",
+      "category": "AppServiceConsoleLogs",
+      "container_id": "a9ea19c60625_lemon-flower-af075f43c47545e6b4248c46905e5188"
+    }
+  }
+}
@@ -53,7 +53,80 @@ https://management.azure.com/ for azure PublicCloud
 https://management.usgovcloudapi.net/ for azure USGovernmentCloud
 Users can also use this in case of a Hybrid Cloud model, where one may define their own endpoints.
 
+## Setup
+To start collecting data with this integration, you need to:
+1. Set up an Event Hub namespace and an Event Hub within it. Follow the instructions in the [Azure Event Hubs documentation](https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-create).
+2. Configure diagnostic settings for your Azure App Service to send logs to the Event Hub. Follow the instructions in the [Azure App Service diagnostic settings documentation](https://learn.microsoft.com/en-us/azure/app-service/monitor-diagnostic-logs#send-diagnostic-logs-to-an-event-hub).
+3. Create a Blob Storage account to store the offsets/state of the Event Hub messages. Follow the instructions in the [Azure Blob Storage documentation](https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-portal).
+4. Configure the integration with the necessary credentials mentioned in the Requirements section.
+
 ## App Service Logs
+Collects different types of logs from Azure App Service via Event Hub.
+
+An example event for `app_service` looks as following:
+
+```json
+{
+    "input": {
+        "type": "azure-eventhub"
+    },
+    "agent": {
+        "name": "EPGETBIW05AD",
+        "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+        "ephemeral_id": "65e0aae6-d877-4830-b9f0-10b0ccd39bb9",
+        "type": "filebeat",
+        "version": "8.18.3"
+    },
+    "@timestamp": "2025-10-28T09:39:57.805Z",
+    "ecs": {
+        "version": "8.11.0"
+    },
+    "data_stream": {
+        "namespace": "default",
+        "type": "logs",
+        "dataset": "azure_app_service.app_service_logs"
+    },
+    "elastic_agent": {
+        "id": "e42ad9e7-fc37-4342-80cc-ee5bcb314f5d",
+        "version": "8.18.3",
+        "snapshot": false
+    },
+    "event": {
+        "agent_id_status": "verified",
+        "ingested": "2025-10-28T09:40:37Z",
+        "dataset": "azure_app_service.app_service_logs"
+    },
+    "azure-eventhub": {
+        "sequence_number": 133,
+        "consumer_group": "$Default",
+        "offset": 107374190096,
+        "eventhub": "testeventhub",
+        "enqueued_time": "2025-10-28T09:40:36.610Z"
+    },
+    "tags": [
+        "azure-appservice",
+        "forwarded"
+    ],
+    "azure": {
+        "resource": {
+            "id": "/SUBSCRIPTIONS/12CABCB4-86E8-404F-A3D2-1DC9982F45CA/RESOURCEGROUPS/IMERLISHVILI-TEST/PROVIDERS/MICROSOFT.WEB/SITES/LEMON-FLOWER-AF075F43C47545E6B4248C46905E5188"
+        },
+        "app_service": {
+            "result_description": "169.254.129.1 - - [28/Oct/2025:09:39:57 +0000] \"GET /static/favicon.ico HTTP/1.1\" 200 0 \"https://lemon-flower-af075f43c47545e6b4248c46905e5188.azurewebsites.net/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36\"",
+            "level": "Informational",
+            "event_stamp_name": "waws-prod-fra-033",
+            "operation_name": "Microsoft.Web/sites/log",
+            "event_ip_address": "10.30.0.225",
+            "event_primary_stamp_name": "waws-prod-fra-033",
+            "event_stamp_type": "Stamp",
+            "host": "10-30-0-225",
+            "location": "Germany West Central",
+            "category": "AppServiceConsoleLogs",
+            "container_id": "a9ea19c60625_lemon-flower-af075f43c47545e6b4248c46905e5188"
+        }
+    }
+}
+```
 
 **ECS Field Reference**
 

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: azure_app_service
 title: "Azure App Service"
-version: "0.7.0"
+version: "0.8.0"
 source:
   license: "Elastic-2.0"
 description: "Collect logs from Azure App Service with Elastic Agent."