Sending WindowsEventLogs directly to Eventhub or Storage does not work (Preview)

[gittyNico]

Hi,

in the linked docs Windows Event Logs are listed as supported Data types to be send to eventhub and storage.

Using exactly the provided sample, the ARM deployment errors out with the following message:

{"code":"InvalidPayload","message":"Data collection rule is invalid","details":[{"code":"InvalidDataFlow","target":"Properties.DataFlows[0]","message":"'Data Flows' destination with name 'myEh1' does not support specified streams: Microsoft-WindowsEvent."}]}

{"code":"InvalidPayload","message":"Data collection rule is invalid","details":[{"code":"InvalidDataFlow","target":"Properties.DataFlows[0]","message":"'Data Flows' destination with name 'blobNamedWin' does not support specified streams: Microsoft-WindowsEvent."}]}

I also tested Linux Syslog, they work perfectly.

If a docs updated is needed or this is going to be a issues can be decided by the agent (as it is still in preview)

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: b36eb334-b00d-31c5-3696-278fd5795ef4
• Version Independent ID: 66672618-b054-183b-2417-51ab445b4ae2
• Content: Send data to Event Hubs and Storage (Preview) - Azure Monitor
• Content Source: articles/azure-monitor/agents/azure-monitor-agent-send-data-to-event-hubs-and-storage.md
• Service: azure-monitor
• Sub-service: agents
• GitHub Login: @guywi-ms
• Microsoft Alias: guywild

[ManoharLakkoju-MSFT]

@gittyNico Thanks for your feedback! We will investigate and update as appropriate.

[RyanHill-MSFT]

@gittyNico, I've assigned your issue to the content author to investigate further and update the document as appropriate.

[guywi-ms]

@Lukeout please advise.

[AbbyMSFT]

Opening internal work item to address this issue: https://dev.azure.com/msft-skilling/Content/_workitems/edit/261692

please-close

[gittyNico]

Hi, checking this commit https://github.com/MicrosoftDocs/azure-docs/commit/3f4e251f56caeb8da385d027bdab70726b3d0520, it could maybe already be solved. Haven't checked it since as we postponed our work.