connector.conf.ini

[azure-metrics://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>
sourcetype = dataedataelicit/azure:azure-metrics
subscription_ids = Comma-sepearted list of Subscription IDs to use for fetching metrics
namespaces = Comma-separated list of metric namespaces to query. 
                Refer to section 'Supported metrics with Azure Monitor' in microsoft document for list of available metrics namespaces.
                Example: Microsoft.Compute/virtualMachines
metric_statistics = average,minimum,maximum,total,count 
                    Select statistics as per choice
time_aggregation = 1min | 5min | 15min | 30min | 1h | 6h | 12h | 1d
                    If the preferred time period is not available for a specific metric in the namespace, the next available preferred time will be used.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-kql-log-analytics://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>   Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>
sourcetype = dataelicit/azure:azure-kql
workspace_id = Azure Log Analytics Workspace ID
kql_query = "KQL Query to execute"
include_stats = 0/1         If 1 the input will index statistics about the KQL query
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-resource://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>   Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>
sourcetype = dataelicit/azure:azure-resources
subscription_id = Subscription ID to use for fetching resources
resource_type = VirtualMachine | NetworkInterfaceCard | PublicIPAddress | SecurityGroups
                VirtualNetwork | DiskData | SnapshotData | ImageData
resource_groups = Comma separated list of resource groups (optional)
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-audit://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>
sourcetype = dataelicit/azure:azure-audit
subscription_id = Subscription ID to use for fetching audit logs
startDate = Collects data later than this time. 
            The default start time is 30 days ago. Format: %Y-%m-%dT%H:%M:%S.%fZ
debug = true (optional) To include debug logs too.
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-storage-blob://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>, Default is storage blob name
sourcetype = dataelicit/azure:azure-storage-blob
container_name = <storage-container-name>
prefix = Collects the data from the blobs whose names begin with specified prefix. (optional)
blob_list = Comma seperated list of blob names to include (optional)
excluded_blobs = Comma seperated list of blobs to exclude (optional)
decoding = Specify the character set of the blobs. e.g UTF-8, UTF-32, etc. Default is utf-8
blob_mode = append  
            Select Append Mode to retrieve only the incremental changes 
            Default is Read Mode to retrieve the entire blob again on an update
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-storage-table://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>, Default is storage table name
sourcetype = dataelicit/azure:azure-storage-table
prefix = Collects the data from the tables whose names begin with specified prefix. (optional)
table_list = Comma seperated list of table names to fetch data
start_time = Collects data later than this time. 
                The default start time is 30 days ago. Format: %Y-%m-%dT%H:%M:%S.%fZ
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-eventhub://<specify_name>]
host = <host-name>, Default is current system hostname
repo =  <repository-name>
frequency = <seconds>  Interval to run the input
cron = <cron-expression>
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.
source = <source-name>, Default is storage table name
sourcetype = dataelicit/azure:azure-eventhub
consumer_group = Name of Consumer Group, By default: $Default if not specified
max_batch_size = <batch-size> By default: 300, if not specified
max_wait_time = <wait-time-in-seconds> By default: 10, if not specified
eventhub_name = Name of Eventhub
enable_blob_checkpoint = <true/false> By default false, specify this key with true to enable checkpointing. Need to specify blog storage parameters.
blob_container_name = Name of Blob Storage, specify if enable_blob_checkpoint = true
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[azure-metrics://metrics]
source = Azure
sourcetype = dataelicit/azure:azure-metrics
cron = 0 0 1 * *
subscription_ids = 2caaxxxx-52b7-43e1-afc2-ab2xxxxxx
namespaces = Microsoft.Compute/virtualMachines,Microsoft.Network/publicIPAddresses
metric_statistics = average,minimum,maximum,total,count
time_aggregation = 1h
secret = azurecreds
global = azure

[azure-kql-log-analytics://kql-data]
source = Azure
sourcetype = dataelicit/azure:azure-kql
frequency = 300
workspace_id = ecf142e3-xxxx-4050-9c3b-xxxxxxx
kql_query = "InsightsMetrics | top 10 by TimeGenerated"
include_stats = 1
secret = azurecreds
global = azure

[azure-resource://resources]
source = Azure
sourcetype = dataelicit/azure:azure-resource
cron = 0 0 1 * *
subscription_id = 2caaxxxx-52b7-43e1-afc2-ab2xxxxxx
resource_type = VirtualMachine
secret = azurecreds
global = azure

[azure-audit://auditlogs]
source = Azure
sourcetype = dataelicit/azure:azure-audit
frequency = 300
subscription_id = 2caaxxxx-52b7-43e1-afc2-ab2xxxxxx
secret = azurecreds
global = azure

[azure-storage-blob://blob-data]
sourcetype = dataelicit/azure:azure-storage-blob
frequency = 300
container_name = test
excluded_blobs = abcd.vhd
blob_mode = append
secret = storagecreds
global = azure

[azure-storage-table://table-data]
sourcetype = dataelicit/azure:azure-storage-table
cron = 0 0 1 * *
table_list = "test"
secret = storagecreds
global = azure

[azure-eventhub://eventhub]
frequency = 300
sourcetype = dataelicit/azure:azure-eventhub
global = azure
secret = eventhubcreds
eventhub_name = eventhub-ingest
enable_blob_checkpoint = true
blob_container_name = eventhubcheckpoint