![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 93%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Azure Event Hubs
An Azure real-time data ingestion service.
694 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Thank you for posting your query!
As I understand that you are seeing a spike in requests in Event Hub but not in messages when sending logs from Log Analytics Workspace via a Data Export Rule. Here are a few possible reasons and troubleshooting steps:
Confirm Data Export Rule Configuration - Ensure that the Log Analytics Data Export Rule is correctly configured with the right Event Hub Namespace and Event Hub Name. Verify that the table being exported is actively receiving logs by running a Kusto query in Log Analytics:
{YourTableName}
| where TimeGenerated > ago(1h)
Check Event Hub Metrics - Go to Event Hub Namespace > Metrics and review the following:
- Incoming Messages – Should increase as logs arrive.
- Incoming Requests – High requests but low messages could indicate an issue.
- Throttled Requests – If high, Event Hub might be rejecting messages due to quota limits.
Validate Permissions - The Log Analytics Workspace's managed identity must have the Azure Event Hubs Data Sender role. Navigate to Event Hub Namespace > Access Control (IAM) > Role Assignments and ensure the correct identity has the necessary permissions.
Check for Message Size or Batching Issues - Event Hub enforces a 1 MB per event and 256 KB per batch limit. Logs exceeding these limits might fail to be ingested. Check Incoming Messages vs. Incoming Requests in metrics—if requests are increasing but messages aren't, size limitations might be the issue. Try adjusting batch size or reducing log volume.
Look for Latency or Failures - Logs might be delayed in reaching Event Hub. Wait 5-10 minutes and check again. Go to Log Analytics > Data Export to check for failures in export delivery. Enable Diagnostic Logs for both Log Analytics and Event Hub to capture potential errors.
Verify Event Hub Consumer Configuration - If an active Event Hub consumer is immediately processing and deleting messages, they may not be visible in metrics. Run the following PowerShell command to check message backlog:
Get-AzEventHubConsumerGroup -ResourceGroupName "<ResourceGroup>" -NamespaceName "<EventHubNamespace>" -EventHubName "<EventHubName>"
For additional information, please refer the following documents:
- Azure Event Hubs quotas and limits
- Standard columns in Azure Monitor Logs
- Get-AzEventHubConsumerGroup
I hope this information helps. Please do let us know if you have any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.