Microsoft Azure: Send Diagnostic Monitoring Data from a Windows IaaS VM to an Event Hub

Use this article as a backgrounder on this topic. It deals primarily with monitoring Cloud Services VMs, but there is much in common between them and IaaS VMs where monitoring is concerned.

These are the things that must be put into place in order to see telemetry from your Windows VM going into an Event Hub:

  1. Create and configure an event hub
  2. Write the public and private configuration files
  3. Install the diagnostics agent along with this configuration into the VM

For #1, please refer to this article: Create an Event Hubs namespace and an event hub using the Azure portal

For #2, let's start with a trivial configuration file. It doesn't do anything but install correctly and demonstrate the structure of the file. Copy the text and save to a local file. Edit a few of the values to match your configuration: myEHNamespace, myEHHubName, mystorageaccountname, the storage account key, the EH shared access policy name and value.

    "PublicConfig": {
        "WadCfg": {
            "DiagnosticMonitorConfiguration": {
                "overallQuotaInMB": 4096,
                "sinks": "HotPath"
            "SinksConfig": {
                "Sink": [
                        "name": "HotPath",
                        "EventHub": {
                            "Url": "",
                            "SharedAccessKeyName": "RootManageSharedAccessKey"
        "storageAccount": "mystorageaccountname"
    "PrivateConfig": {
        "storageAccountName": "mystorageaccountname",
        "storageAccountKey": "NotReallyMyStorageAccountKey==",
        "storageAccountEndPoint": "",
        "EventHub": {
            "Url": "",
            "SharedAccessKeyName": "RootManageSharedAccessKey",
            "SharedAccessKey": "Jf9JhNotReallyMyKeyCC/ZCSl6h5pq4lnBDtsUoXYZ="

For #3, let's start with PowerShell as the installation tool. The file format shown above is suitable for use with Set-AzureRmVmDiagnosticsExtension, one of the Azure PowerShell cmdlets. To get Azure PowerShell, go here. Find PowerShell near the bottom of the page in the Command-line Tools section.

Use this command line to run the cmdlet:

Set-AzureRmVMDiagnosticsExtension -ResourceGroupName YOURRESOURCEGROUP -VMName YOURVM -DiagnosticsConfigurationPath C:\temp\trivialConfigurationAsShownAbove.json

When this runs you should see feedback similar to this:

RequestId IsSuccessStatusCode StatusCode ReasonPhrase
--------- ------------------- ---------- ------------
                         True         OK OK          

Last thing, let's add some configuration that will cause some output to the event hub. Insert these lines after line 6 and re-run the command line above:

"DiagnosticInfrastructureLogs": {
    "scheduledTransferLogLevelFilter": "Verbose",
    "scheduledTransferPeriod": "PT1M"
"Metrics": {
    "MetricAggregation": [],
    "resourceId": "/subscriptions/YOURSUBSCRIPTIONID/resourceGroups/YOURRESOURCEGROUP/providers/Microsoft.Compute/virtualMachines/YOURVM"

If you now go to your event hub blade you should see the graph start to register incoming messages. I'll add to this blog shortly with information on how to do the same thing with the Azure CLI.


Comments (0)

Skip to main content