azureazure-eventhubazure-information-protection
Is there a way to stream Azure Information Protection Activity Logs to an Event Hub?
I have configured Azure Information Protection analytics through the Azure portal for my subscription and I am able to see log data under the Activity logs (preview) tab.
I want to forward that log data to a configured Event Hub but I have not found a way to do it. This data appears to be written to a table called InformationProtection_CL. How do I get that query output to stream to an Event Hub? Is what I'm trying to do possible?
Solution
You can use the REST API Query - Get to get the log data in the table.
GET https://api.loganalytics.io/v1/workspaces/{workspaceId}/query?query={query}
Then follow this doc to send events to the event hub programmatically, the specific situation and language depend on you.