Skip to content

EventHubForwarder

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

EventHubForwarder

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 

README.md

An Azure Resource Manager template to export Azure Platform logs to New Relic.

How Does It Work?

This integration creates and configures the Azure resources necessary to efficiently forwards logs from an Azure Event Hub to New Relic. It relies on events managed by Azure Event Hub, Event Hub subsequently batches and triggers an Azure Function to handle the transport to New Relic.

Currently, this integration allows you to create resources to targets Azure Activity logs. If you have other log events that you would like to see shipped using Event hub trigger, tell us about your use case.

Installation

This integration requires both a New Relic and Azure account.

You can install this integration using one of two methods:

  • Automatic Installation (recommended): Uses Azure ARM templates to automatically create and configure all resources
  • Manual Installation: Step-by-step manual setup for users who want more control or have specific requirements

Automatic Installation (Recommended)

The automatic installation uses Azure Resource Manager (ARM) templates to create and configure all necessary resources automatically.

Option 1: Guided Install through New Relic Marketplace

  1. Visit the New Relic Marketplace [US|EU|JP]
  2. Search for "Microsoft Azure Event Hub"
  3. Click on the "Microsoft Azure Event Hub" tile
  4. Select your New Relic account and follow the guided installation wizard

Option 2: Install Using Azure Portal

  1. Retrieve your New Relic License Key
  2. Click the button below to start the installation process via the Azure Portal

Deploy to Azure using the Azure ARM template.

  1. Fill in the required parameters in the Azure Portal deployment form (see parameters table below)
  2. Important: For most deployments, leave Disable Public Access To Storage Account set to false (default). Only set to true if you require private network deployment. See the Architecture section below for details on the differences.

ARM Template Parameters

Parameters that can be configured in your Azure Resource Manager Template

Parameter Required Default Value Description
New Relic License Key yes none Your New Relic License key.
Location no Resource group location Region where the Function App and associated resources will be deployed. Defaults to the resource group's location.
New Relic Endpoint no https://log-api.newrelic.com/log/v1 New Relic Logs ingestion endpoint. Use https://log-api.newrelic.com/log/v1 for US, https://log-api.eu.newrelic.com/log/v1 for EU, or https://log-api.jp.nr-data.net/log/v1 for JP region
Log Custom Attributes no none Attributes to be added to all logs forwarded to New Relic. Semicolon delimited (e.g. env:prod;team:myTeam)
Max Retries To Resend Logs no 3 Number of times the function will attempt to resend data if there's a failure.
Retry Interval no 2000 Interval between retry attempts in milliseconds.
Max Event Batch Size no 500 Maximum number of events delivered in a batch to the function.
Min Event Batch Size no 20 Minimum number of events delivered in a batch to the function.
Max Wait Time no 00:00:30 Maximum time to wait to build up a batch before delivering to the function (format HH:MM:SS).
Event Hub Namespace Name no none Namespace in which Event Hubs are allocated. Leave blank for a new namespace to be created automatically.
Event Hub Name no none Name of the Event Hub where logs are allocated. Leave blank for a new Event Hub to be created automatically.
Scaling Mode no Basic The scaling mode option configured for the New Relic Azure Log Forwarder. Setting this to Enterprise will configure autoscaling. Note: If you upgrade from Basic to Enterprise you will need to reprovision the EventHub due to Azure limits on partition count changes for Standard SKU.
Disable Public Access To Storage Account no false When set to true, disables public network access to the internal storage account used by the Function App. This creates a private network deployment with VNet integration, private endpoints, private DNS zones, and requires a Basic hosting plan or higher. When false, uses App Service plan with public access.
Authentication Mode no Local Authentication Authentication method for connecting to the Event Hub. Use Local Authentication (default) to connect via a shared access key connection string, or Managed Identity for keyless authentication using a system-assigned Azure AD identity. When set to Managed Identity, the Function App is assigned a system-assigned managed identity and granted the Azure Event Hubs Data Receiver role on the Event Hub namespace — no connection string is stored.
Enable Administrative Azure Activity Logs no false Contains the record of all create, update, delete, and action operations performed through Resource Manager. More information about Administrative category in azure official documentation.
Enable Alert Azure Activity Logs no false Contains the record of all activations of classic Azure alerts. More information about Alert category in azure official documentation.
Enable Policy Azure Activity Logs no false Contains records of all effect action operations performed by Azure Policy. More information about Policy category in azure official documentation.
Enable Autoscale Azure Activity Logs no false Contains the record of any events related to the operation of the autoscale engine based on any autoscale settings you have defined in your subscription. More information about Autoscale category in azure official documentation.
Enable Recommendation Azure Activity Logs no false Contains recommendation events from Azure Advisor. More information about Recommendation category in azure official documentation.
Enable Resource Health Azure Activity Logs no false Contains the record of any resource health events that have occurred to your Azure resources. More information about Resource Health category in azure official documentation.
Enable Security Azure Activity Logs no false Contains the record of any alerts generated by Azure Security Center. More information about Security category in azure official documentation.
Enable Service Health Azure Activity Logs no false Contains the record of any service health incidents that have occurred in Azure. More information about Service Health category in azure official documentation.

Architecture

The ARM template supports two deployment architectures based on the disablePublicAccessToStorageAccount parameter:

Standard Deployment (Default: disablePublicAccessToStorageAccount=false)

Network Configuration:

  • Public internet access enabled for both Function App and internal storage account
  • No VNet integration
  • App Service hosting plan

Resources Created (6-10 resources):

Always Created (5):

  • Function App
  • Internal Storage Account (public access)
  • App Service Plan
  • Consumer Group
  • Authorization Rule (consumer policy)

Standard Deployment Only (1):

  • ZipDeploy extension

Conditionally Created:

  • Event Hub Namespace (if eventHubNamespace parameter is empty)
  • Event Hub (if eventHubName parameter is empty)
  • Authorization Rule (producer policy - if Activity Logs diagnostic setting enabled)
  • Diagnostic Setting (if Activity Logs diagnostic setting enabled)

Deployment Method: ZipDeploy extension deploys the function code

Use Case: Standard deployments, no network isolation requirements

EventHub Standard Architecture

Private Network Deployment (disablePublicAccessToStorageAccount=true)

Network Configuration:

  • Public access disabled for both Function App and internal storage account
  • VNet integration with private networking
  • Communication flows through private endpoints within the VNet
  • DNS resolution handled via Private DNS Zones
  • Requires Basic plan or higher for VNet integration support

Resources Created (23-27 resources):

Always Created (5):

  • Function App
  • Internal Storage Account (private access only)
  • App Service Plan (Basic plan or higher)
  • Consumer Group
  • Authorization Rule (consumer policy)

Private VNet Infrastructure (18):

  • 1 Virtual Network with 2 subnets:
    • Function subnet (for Function App VNet integration)
    • Private endpoints subnet
  • 4 Private Endpoints (file, blob, queue, table storage services)
  • 4 Private DNS Zones (privatelink.blob/file/queue/table.core.windows.net)
  • 4 Virtual Network Links (connecting DNS zones to VNet)
  • 4 Private DNS Zone Groups (connecting private endpoints to DNS zones)
  • 1 Network Configuration (VNet integration for Function App)

Conditionally Created:

  • Event Hub Namespace (if eventHubNamespace parameter is empty)
  • Event Hub (if eventHubName parameter is empty)
  • Authorization Rule (producer policy - if Activity Logs diagnostic setting enabled)
  • Diagnostic Setting (if Activity Logs diagnostic setting enabled)

Deployment Method: WEBSITE_RUN_FROM_PACKAGE with GitHub URL (public ZipDeploy endpoint not accessible)

Use Case: Compliance requirements, corporate security policies requiring network isolation, no public internet access

EventHub Private VNet Architecture

Key Differences:

Aspect Standard Private Network
Network Access Public internet Private VNet only
VNet Integration None Full VNet integration with private endpoints
Storage Access Public endpoints Private endpoints only
Deployment Method ZipDeploy extension Run-from-package URL
Resources Created 6-10 resources 23-27 resources

Note: The manual installation instructions below create a deployment with App Service plan and public access.

Manual Installation

Use this method if you want to manually create and configure the Function App yourself, or if you need more control over the setup process.

Prerequisites

Before starting the manual installation, ensure you have:

  • An existing Azure Event Hub Namespace with an Event Hub
  • The Event Hub connection string (found in Event Hub Namespace → SettingsShared access policiesRootManageSharedAccessKey)
  • Note the Event Hub name and consumer group name as you'll need them for configuration

Event Hub Connection String

Step 1: Create an Azure Function App

  1. Log in to the Azure Portal and create a new Function App.

  2. On the Hosting tab (if shown first), select App Service as the hosting plan

Hosting Plan Selection

  1. In the Basics tab, configure the following:
Field Value
Subscription Your Azure subscription
Resource Group Create new or select existing
Function App name Globally unique name
Deploy code or container image Code
Operating System Windows
Runtime stack Node.js
Version 22 LTS
Region Select your preferred region

Create Function App - Basics

  1. Complete the Storage and Networking tabs as needed for your environment.

  2. Click Review + Create, then Create to provision your Function App.

  3. Wait 2-3 minutes for deployment to complete.

Step 2: Deploy the Azure Function

Azure Functions v4 uses a package deployment model. Code cannot be edited directly in the Azure Portal. Instead, you must deploy a pre-built package and configure application settings.

Configure Application Settings

  1. Navigate to your Function App → SettingsConfiguration
  2. Click the Application settings tab
  3. Add the following settings by clicking + New application setting for each:

Function App Application Settings

Required Settings

Name Value Description
NR_LICENSE_KEY Your New Relic License Key Found at one.newrelic.com → API Keys → License Key
EVENTHUB_FORWARDER_ENABLED true Enables the Event Hub trigger. Must be lowercase true.
EVENTHUB_NAME your-eventhub-name Name of the Event Hub to read logs from. Example: insights-logs-activitylogs
EVENTHUB_CONSUMER_CONNECTION Event Hub connection string Connection string from your Event Hub namespace (not the hub itself). Found in Event Hub Namespace → Settings → Shared access policies → RootManageSharedAccessKey → Connection string-primary key.
EVENTHUB_CONSUMER_GROUP $Default Consumer group name. Use $Default or create a dedicated consumer group in your Event Hub.
WEBSITE_RUN_FROM_PACKAGE https://github.com/newrelic/newrelic-azure-functions/releases/latest/download/LogForwarder.zip URL to the deployment package. This tells Azure to download and run the latest function code from GitHub.

Optional Settings

Name Default Value Description
NR_ENDPOINT https://log-api.newrelic.com/log/v1 New Relic Logs API endpoint. Use https://log-api.newrelic.com/log/v1 for US, https://log-api.eu.newrelic.com/log/v1 for EU, or https://log-api.jp.nr-data.net/log/v1 for JP region
NR_TAGS (empty) Custom attributes to add to all forwarded logs. Semicolon-delimited format: env:prod;team:platform;app:myapp
NR_MAX_RETRIES 3 Number of retry attempts if sending logs to New Relic fails.
NR_RETRY_INTERVAL 2000 Milliseconds to wait between retry attempts.

Auto-Configured Settings (Verify Exist)

These settings are automatically created when you provision the Function App. Verify they exist and have the correct values:

Name Expected Value Notes
FUNCTIONS_EXTENSION_VERSION ~4 Azure Functions v4 runtime.
FUNCTIONS_WORKER_RUNTIME node Node.js worker runtime. May be auto-managed on some hosting plans.
WEBSITE_NODE_DEFAULT_VERSION ~22 Node.js version 22. May be auto-managed on some hosting plans.
AzureWebJobsStorage (connection string) Internal storage account used by the Function App for state management. Auto-created.

Application Settings Configured

  1. Click Save at the top of the page
  2. Click Continue to confirm the Function App restart

Deploy the Function Package

  1. Go to Function App → Overview
  2. Click Restart to ensure all settings are applied and the package is downloaded
  3. Wait 30-60 seconds for the deployment to complete

Verify Function Deployment

  1. Navigate to Functions in the left menu
  2. You should see EventHubForwarder listed with Status: Enabled

EventHubForwarder Function Deployed

  1. Trigger an event that sends logs to your Event Hub (e.g., create an Azure Activity Log event)
  2. Verify logs are forwarded successfully by viewing them in New Relic. See Find and use your data for instructions on querying your Azure logs