Deploy EDOT Cloud Forwarder for Azure

Follow these steps to deploy EDOT Cloud Forwarder for Azure in a resource group to send telemetry data to the Elastic Cloud Managed OTLP Endpoint endpoint.

Deploy using Azure CLI

Retrieve the OTLP endpoint and API key

To find out the URL of the managed OTLP endpoint and the API key for authentication, follow these steps:
Steps to retrieve the OTLP endpoint and API key
To retrieve your Elastic Cloud Managed OTLP Endpoint endpoint address and API key, follow these steps:
In Elastic Cloud, create an Observability project or open an existing one.

Go to Add data, select Applications and then select OpenTelemetry.

Copy the endpoint and authentication headers values.

Alternatively, you can retrieve the endpoint from the Manage project page and create an API key manually from the API keys page.
You need an Elastic Cloud Hosted deployment version 9.2 or later.

In Elastic Cloud, create an Elastic Cloud Hosted deployment or open an existing one.

Go to Add data, select Applications and then select OpenTelemetry.

Copy the endpoint and authentication headers values.
In the Bicep templates, the OTLP endpoint is set as elasticsearchOtlpEndpoint, and the API key is set as elasticsearchApiKey.

Important

Trim the API key from Authorization=ApiKey MYKEYVALUE... to just MYKEYVALUE... before using it as the argument to the elasticsearchApiKey parameter.

Set the environment variables

Define the following environment variables:

		export AZURE_LOCATION="<your_region>"
export RESOURCE_GROUP="<group_name>"
export ELASTICSEARCH_OTLP_ENDPOINT="<your_otlp_endpoint>"
export ELASTICSEARCH_API_KEY="<your_api_key>"
		
	

Create the resource group

Create the resource group that hosts all the resources for EDOT Cloud Forwarder for Azure.

az group create --name $RESOURCE_GROUP --location $AZURE_LOCATION

Example output:

		{
  "id": "/subscriptions/<subscription_id>/resourceGroups/<group_name>",
  "location": "<your_region>",
  "managedBy": null,
  "name": "<group_name>",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}
		
	

Download the Bicep template

Download the Bicep template to deploy EDOT Cloud Forwarder for Azure at the following URL: https://ela.st/edot-cf-azure-template

Deploy the Bicep template

Deploy the Bicep template using the following command:

		az deployment group create \
    --resource-group ${RESOURCE_GROUP} \
    --template-file ecf.bicep \
    --parameters \
        elasticsearchOtlpEndpoint=$ELASTICSEARCH_OTLP_ENDPOINT \
        elasticsearchApiKey=$ELASTICSEARCH_API_KEY \
        logsDecoder=ds \
        metricsDecoder=dcr \
        eventHubPartitionCount=8 \
        eventHubMessageRetentionInDays=1
		
	

To collect Activity logs from a diagnostic setting, set logsDecoder to ds (diagnostic settings).
To collect Storage Account metrics from a Data Collection Rule, set metricsDecoder to dcr (data collection rules).

For a complete list of parameters, refer to Configure the template.

Collect telemetry data

Follow these instructions to collect telemetry data depending on your use case.

Activity logs

Create a diagnostic setting to collect Activity logs from an Azure subscription.

In the Azure portal, open Subscriptions from the search bar.
Select the Azure subscription from which you want to collect Activity logs.
Go to Activity log → Export Activity Logs → Add diagnostic setting.
- In Diagnostic setting name, enter a name for the diagnostic setting.
- Select all categories in Logs > Administrative.
- In Destination details, select Stream to an event hub.
- In Event hub namespace, select the namespace created by the EDOT Cloud Forwarder (ECF) for Azure.
- In Event hub name (optional), select the logs event hub created by the EDOT Cloud Forwarder (ECF) for Azure.
Select Save to create the diagnostic setting.
After a few minutes, the diagnostic setting starts streaming the Activity logs to the logs event hub.
Go to Discover in your Elastic Cloud deployment or Serverless project, and select the logs-* data view.
Filter the docs by data_stream.dataset, to browse the Activity logs streamed to Elasticsearch.

Remove the resource group

If you no longer need the resources and want to remove them, use the following command:

az group delete --name $RESOURCE_GROUP

This removes all the resources in the resource group.

Warning

If you remove the resource group, data that's still unprocessed will be lost.

Next steps

Configuration settings: Learn about all Bicep template parameters and what resources are created.
Troubleshooting: Diagnose and resolve issues with telemetry forwarding.