How can we forward actual data from Event Hub to Azure sentinel

Question

How can we forward actual data from Event Hub to Azure sentinel

Nishit 60

How can we forward actual data from Event Hub to Azure sentinel. Event hub is collecting customised data and that we need to forward to Azure sentinel. Is it possible?

1 answer

Your answer

Answer 1

Deepanshu katara 17,420 MVP Moderator

Hello Nishit, Welcome to MS Q&A

To forward data from Azure Event Hub to Azure Sentinel, you can follow the steps outlined in the Microsoft documentation. Here is a useful link that provides detailed guidance on setting up this integration: Stream Defender for IoT cloud alerts to a partner SIEM.

This document explains how to create an Azure Event Hub and configure it to forward data to Azure Sentinel. It also covers setting up data export rules from Azure Log Analytics to your Event Hub, which is essential for this integration.

Pls check and let us know

Kindly accept if it helps

Thanks

Deepanshu

Nishit 60 Reputation points

2025-08-25T04:54:07.0633333+00:00

It looks like the documentation mostly covers sending data from Log Analytics (LA) to other solutions, but in my case I want the opposite, to ingest data from another solution into Azure Sentinel. I can forward the logs to an Event Hub, but I haven’t found clear documentation on how to configure the integration between Event Hub and Azure Sentinel
Deepanshu katara 17,420 Reputation points MVP Moderator

2025-08-25T05:01:12.1133333+00:00
I think you can try these steps for this ,

Create an Azure Event Hub: Set up an Event Hub to act as a bridge for your data. You will need to create an Event Hub namespace and then add an Event Hub within that namespace. Ensure you configure the partition count and message retention settings appropriately.

Set Up Data Connectors in Azure Sentinel: Azure Sentinel provides data connectors that allow you to ingest data from various sources, including Event Hubs. You can configure these connectors to receive data from your Event Hub.

Configure the Integration: You may need to set up a data export rule from your data source to the Event Hub. This involves defining the source and destination settings to ensure data flows correctly into Azure Sentinel.
Nishit 60 Reputation points

2025-08-25T13:04:44.9566667+00:00
Create an Azure Event Hub**:** done

Set Up Data Connectors in Azure Sentinel: no feature exist for adding/configuring event hub inside connector.

Configure the Integration: From aws to event hub is done. Not sure how to intigrate event hub and Azure sentinel.

I think data export feature will be helpful if I want to push data from LA to somewhere else.
Venkat Reddy Navari 5,810 Reputation points Microsoft External Staff Moderator

2025-08-26T11:52:20.84+00:00

Nishit You’re absolutely right, Azure Sentinel doesn’t provide a native Event Hub connector for ingestion. The “Data Export” feature you mentioned only works the other way around (from Log Analytics → Event Hub).

For your scenario (AWS → Event Hub → Sentinel), the supported way is to use an Azure Function or Logic App that listens to your Event Hub, then pushes the logs into your Sentinel workspace using the Log Analytics Data Collector API. Once the data lands in Log Analytics, Sentinel can process it normally for queries, analytics, and alerts.

This is currently the recommended pattern for custom log sources where no out-of-the-box connector exists.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

How can we forward actual data from Event Hub to Azure sentinel

1 answer

Your answer