Deploy EDOT Cloud Forwarder for Azure

Follow these steps to deploy EDOT Cloud Forwarder for Azure in a resource group to send telemetry data to the Elastic Cloud Managed OTLP Endpoint endpoint.

Deployment considerations

Before you deploy EDOT Cloud Forwarder for Azure, consider these points:

The logs event hub supports Azure resource logs.
Support for additional encoding extensions for logs and metrics will be added in future releases.

Deploy automatically

You can deploy EDOT Cloud Forwarder for Azure automatically by clicking the Deploy to Azure button:

This opens the Azure portal with the Bicep template pre-filled. You can then configure the parameters and deploy the template. The template is also available at the following URL: https://ela.st/edot-cf-azure-template

Deploy using Azure CLI

Create the resource group

Create the resource group that hosts all the resources for EDOT Cloud Forwarder for Azure.
```
az group create --name <resource_group_name> --location <azure_region>
		
```
Download the Bicep template

Download the Bicep template to deploy EDOT Cloud Forwarder for Azure at the following URL: https://ela.st/edot-cf-azure-template
Deploy the Bicep template

Deploy the Bicep template using the following command:
```
az deployment group create \
    --resource-group <resource_group_name> \
    --template-file ecf.bicep \
    --parameters \
        otlpEndpoint=<otlp_endpoint> \
        elasticApiKey=<elastic_api_key> \
		
```
1. The OTLP endpoint is the URL of the Elasticsearch OTLP endpoint. Refer to Prerequisites.
2. The Elastic API key is the API key for authentication. Refer to Prerequisites.
For a complete list of parameters, refer to Configure EDOT Cloud Forwarder for Azure.

Collect telemetry data

Follow these instructions to collect telemetry data depending on your use case.

Activity logs

Create a diagnostic setting to collect Activity logs from an Azure subscription.

In the Azure portal, open Subscriptions from the search bar.
Select the Azure subscription from which you want to collect Activity logs.
Go to Activity log → Export Activity Logs → Add diagnostic setting.
- In Diagnostic setting name, enter a name for the diagnostic setting.
- Select all categories in Logs > Administrative.
- In Destination details, select Stream to an event hub.
- In Event hub namespace, select the namespace created by the EDOT Cloud Forwarder (ECF) for Azure.
- In Event hub name (optional), select the logs event hub created by the EDOT Cloud Forwarder (ECF) for Azure.
Select Save to create the diagnostic setting.
After a few minutes, the diagnostic setting starts streaming the Activity logs to the logs event hub.
Go to Discover in your Elastic Cloud deployment or Serverless project, and select the logs-* data view.
Filter the docs by data_stream.dataset, to browse the Activity logs streamed to Elasticsearch.

Upgrade an existing deployment

To upgrade an existing EDOT Cloud Forwarder for Azure deployment to a newer version, refer to Upgrade EDOT Cloud Forwarder for Azure.

Remove the resource group

If you no longer need the resources and want to remove them, use the following command:

az group delete --name <resource_group_name>

This removes all the resources in the resource group.

Warning

If you remove the resource group, data that's still unprocessed will be lost.