Azure logs and events
- Latest Dynatrace
- How-to guide
- Published Jan 29, 2026
The new Azure log and event ingest solution is a SaaS-based approach for collecting Azure platform logs and events. It eliminates much of the operational overhead that was required for self-hosting the Dynatrace Azure Log Forwarder.
While onboarding your Azure environment for Dynatrace monitoring, we will deploy the required Azure Event Hubs used by Microsoft for log and event forwarding. Dynatrace automatically discovers and connects to these Azure Event Hubs and starts to pull logs and events, removing the need to host, scale, or maintain any custom function code.
To support your log and event ingestion, follow the steps below and onboard Azure regions.
Onboard Azure regions
Dynatrace discovers and connects to Event Hubs namespaces based on two requirements:
- Azure tags: The Event Hubs namespace must be tagged with
managed-by: dynatraceanddt-log-ingest-activated: <monitoring-config-id>. Dynatrace will not connect to namespaces that are missing these tags. - Event Hub naming: Within the namespace, Dynatrace expects specific Event Hub names:
dt-logs-evhfor log forwarding, anddt-events-evhfor event forwarding. Event Hubs with names which do not follow this convention are ignored.
These requirements are satisfied automatically when you deploy using the ARM template below. If you bring your own Event Hubs infrastructure, check if both conditions are met.
It's possible to add additional Azure regions once a connection is already created. You'll need the following details:
| Value | Description |
|---|---|
Dynatrace environment ID | Your Dynatrace environment identifier. |
Monitoring configuration ID | The ID of the monitoring configuration associated with your Azure connection. Shown in connection Overview. |
Principal (object) ID | The Object ID of the Azure service principal. Note: This is the Object ID, not the Application (client) ID. Shown in connection Overview. |
If the Principal (object) ID is not shown in the connection Overview, retrieve it using the Azure CLI with the Application (client) ID:
az ad sp show --id <application-client-id> --query id -o tsv
Select the button below to deploy the Azure logs and events infrastructure to your Azure environment. You will be prompted to enter the values described in the table above.
The ARM template source is available on GitHub.
Once deployed, the new region should appear within five minutes in the Logs tab with Deployed status.
Deployed Azure resources per region
The ARM template deploys the following resources into each selected Azure region:
| Resource type | Name | Description |
|---|---|---|
|
| A dedicated resource group created in the selected region to contain all Dynatrace log ingestion resources. |
|
| An Event Hub namespace used as the ingestion endpoint. Auto-inflate is enabled for Standard SKU to handle throughput spikes automatically. Tagged with |
|
| Event Hub for Azure Resource Log forwarding via Diagnostic Settings. Default: 4 partitions, 1-day retention. |
|
| Event Hub for Azure Event Grid System Topic subscriptions. Default: 1 partition, 1-day retention. |
|
| RBAC role assigned to the Dynatrace service principal at the resource group scope, granting read access to the Event Hub namespaces. |
The following Azure tags are added to deployed Azure Event Hubs namespaces, these are required for automatic discovery of Azure logs and events infrastructure:
| Key | Value |
|---|---|
|
|
| The ID of the monitoring configuration associated with your Azure connection. Shown in connection Overview. |
Next steps
With Azure regions onboarded, learn more about forwarding logs and events.
