readme updates, host.json fix. (#5)

This commit is contained in:
Greg Oliver 2019-02-09 09:08:48 +00:00 коммит произвёл GitHub
Родитель 376f200272
Коммит 2fa985d87a
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
2 изменённых файлов: 10 добавлений и 3 удалений

Просмотреть файл

@ -1,3 +1,2 @@
{
"functions": [ "Stage1BlobTrigger" ]
}

Просмотреть файл

@ -1,9 +1,17 @@
This project installs into an Azure Function in your Azure subscription. Its job is to read NSG Flow Logs from your configured storage account, break the data into chunks that are the right size for your log analytics system to ingest, then transmit the chunks to that system. At present, you may choose from four output bindings: ArcSight, LogStash, Splunk, Event Hub.
This project installs into an Azure Function in your Azure subscription. Its job is to read NSG Flow Logs from your configured storage account, break the data into chunks that are the right size for your log analytics system to ingest, then transmit the chunks to that system. At present, you may choose from four output bindings: ArcSight, LogStash, Splunk HEC, Event Hub.
NOTE: Native support for event hubs is not yet available, but would be the preferred method.
[![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fsebastus%2FAzureFunctionDeployment%2FNwNSGFlowLogs%2FazureDeploy.json)
NOTE regarding the Event Hub output binding:
Native support for event hubs is not yet available, but would be the preferred method. If you use Splunk and prefer to send NSG flow logs to Splunk using event hub rather than HEC, the event hub output binding will do the job. In [Azure Monitor Addon For Splunk](https://github.com/Microsoft/AzureMonitorAddonForSplunk), configure the Azure Monitor Diagnostic Logs data input and add a line to ```TA-folder/bin/app/hubs.json``` similar to this:
Example: ```'insights-logs-nsgflowlogs': 'resourceId'```
When you create the hub (e.g. ```insights-logs-nsgflowlogs```) set the number of partitions to 4. This is mandatory.
# Settings
In the Application Settings of your Azure Function: