Explore documentation
  1. Welcome to Telemetry 👋
  2. Quick start guide
  3. Wide events vs. time series
  4. Ingesting data
    1. Better Stack collector
    2. Vector
    3. OpenTelemetry
    4. Ingesting via HTTP API
    5. Ingesting metrics
    6. Ingesting logs
      1. Docker & Kubernetes
      2. Operating systems
      3. Log forwarders
      4. Programming languages
      5. Cloud platforms
        1. AWS
        2. Azure
          1. Azure logs
        3. Cloudflare
        4. Google
        5. Digital Ocean
        6. Heroku
        7. Vercel
        8. Render
        9. Fly.io
      6. Web servers & Load balancers
      7. Databases & queues
      8. Storage
    7. Migrating to Better Stack
  5. Using the product
    1. AI SRE ↗
    2. MCP server ↗
    3. Transforming ingested data
    4. Querying data
    5. Tracing
    6. Alerts
  6. Telemetry API
    1. Getting an API token
    2. Sources API
    3. Source groups API
    4. Metrics API
    5. Dashboards API
    6. Connections API
    7. Query API ↗
  7. Alternative to
    1. Lightstep

Better Stack Azure Event Hub logging

Start logging in 5 minutes

Send logs to Better Stack from Azure Event Hub using Vector in Azure Container Instance.

Prerequisites

Make sure you have a Resource group and Event Hub created in your Azure account. Sign in to Azure CLI using az login.

1. Get Vector deployment

Copy and save the following configuration as vector-deploy.yaml:

Save configuration as vector-deploy.yaml
apiVersion: 2021-10-01
name: vector-betterstack
properties:
  containers:
  - name: vector
    properties:
      image: ghcr.io/vectordotdev/vector:latest-debian
      resources:
        requests:
          cpu: 1
          memoryInGb: 1
      command:
        - /bin/bash
        - -c
        - |
          cat > /etc/vector/vector.toml << 'EOF'
          data_dir = "/var/lib/vector"

          # Azure Event Hub source using Kafka protocol
          [sources.azure_eventhub]
          type = "kafka"
          bootstrap_servers = "EVENTHUB_NAMESPACE.servicebus.windows.net:9093"
          group_id = "vector-consumer-group"
          topics = ["EVENTHUB_NAME"]
          session_timeout_ms = 10000
          auto_offset_reset = "latest"

          [sources.azure_eventhub.sasl]
          enabled = true
          mechanism = "PLAIN"
          username = "$$ConnectionString"
          password = "EVENTHUB_CONNECTION_STRING"  # Your full Event Hub connection string starting in "Endpoint=..."

          [sources.azure_eventhub.librdkafka_options]
          "security.protocol" = "SASL_SSL"
          "sasl.mechanism" = "PLAIN"
          "sasl.username" = "$$ConnectionString"
          "sasl.password" = "EVENTHUB_CONNECTION_STRING"

          [transforms.rename_timestamp]
          type = "remap"
          inputs = ["azure_eventhub"]
          source = '.dt = .timestamp; del(.timestamp)'

          [sinks.better_stack]
          type = "http"
          method = "post"
          uri = "https://$INGESTING_HOST"
          inputs = ["rename_timestamp"]
          encoding.codec = "json"
          compression = "gzip"

          [sinks.better_stack.auth]
          strategy = "bearer"
          token = "$SOURCE_TOKEN"

          [sinks.better_stack.batch]
          max_bytes = 1048576
          timeout_secs = 1

          [sinks.better_stack.request]
          timeout_secs = 30
          retry_attempts = 3

          # API for debugging (optional)
          [api]
          enabled = true
          address = "0.0.0.0:8686"
          EOF
          echo "Starting Vector with Event Hub configuration..."
          vector --config /etc/vector/vector.toml
      environmentVariables:
        - name: VECTOR_LOG
          value: info
        - name: RUST_BACKTRACE
          value: full
      ports:
        - port: 8686
          protocol: TCP
  osType: Linux
  restartPolicy: Always
  ipAddress:
    type: Public
    ports:
      - port: 8686
        protocol: TCP
tags: null
type: Microsoft.ContainerInstance/containerGroups


2. Fill in your Azure Event Hub values

Fetch the following values using Azure CLI and fill them in the vector-deploy.yaml file:

Get EVENTHUB_NAMESPACE
az eventhubs namespace list --resource-group <YOUR_RESOURCE_GROUP> --query "[].name" -o tsv
Get EVENTHUB_NAME
az eventhubs eventhub list --resource-group <YOUR_RESOURCE_GROUP> \
  --namespace-name <YOUR_NAMESPACE> --query "[].name" -o tsv
Get EVENTHUB_CONNECTION_STRING
az eventhubs namespace authorization-rule keys list \
  --resource-group <YOUR_RESOURCE_GROUP> \
  --namespace-name <YOUR_NAMESPACE> \
  --name RootManageSharedAccessKey \
  --query primaryConnectionString -o tsv

3. Deploy Vector

Deploy Vector as Azure Container Instance using the following command:

Deploy Vector via Azure CLI
az container create \
  --location eastus \
  --resource-group <YOUR_RESOURCE_GROUP> \
  --file vector-deploy.yaml

Fill in your values

Replace location and resource groups parameters in the command above.

You should see your logs in Better Stack → Live tail.

Troubleshooting

Check the deployment status using the following commands:

Check deployment status
az container show --resource-group <YOUR_RESOURCE_GROUP> --name vector-betterstack --query instanceView.state
az container logs --resource-group <YOUR_RESOURCE_GROUP> --name vector-betterstack

Additional information

Want to learn more about Vector configuration and Azure Event Hub?

Check out the Vector Kafka source docs and Azure Event Hub Kafka protocol docs.

Previous article

AWS Direct Connect

Next article

Cloudflare integration