From f863e19b9301b03072ec56e1f89d0f48e92e52d2 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 01:33:06 +0530
Subject: [PATCH 01/13] 
 Remove-Mention-of-Azure-Event-Hubs-from-Cloud-to-Cloud-Integrations

---
 cid-redirects.json                                            | 1 +
 docs/integrations/microsoft-azure/azure-event-hubs.md         | 2 +-
 .../cloud-to-cloud-integration-framework/index.md             | 4 ++--
 sidebars.ts                                                   | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/cid-redirects.json b/cid-redirects.json
index e916a441fe..6d6549d604 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -3009,6 +3009,7 @@
   "/cid/1150": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source/",
   "/cid/1151": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/",
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
+  "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",
diff --git a/docs/integrations/microsoft-azure/azure-event-hubs.md b/docs/integrations/microsoft-azure/azure-event-hubs.md
index 13fcb9e65f..4be44ac53f 100644
--- a/docs/integrations/microsoft-azure/azure-event-hubs.md
+++ b/docs/integrations/microsoft-azure/azure-event-hubs.md
@@ -28,7 +28,7 @@ For more information on supported metrics, refer to [Azure documentation](https:
 
 Azure service sends monitoring data to Azure Monitor, which can then [stream data to Eventhub](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs). Sumo Logic supports:
 
-* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
+* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
 * Metrics collection using our [Azure Metrics Source](/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source).
 
 You must explicitly enable diagnostic settings for each Event Hub Namespace you want to monitor. You can forward logs to the same event hub provided they satisfy the limitations and permissions as described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
index c7f9d048e5..52afc5fb77 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
@@ -134,12 +134,12 @@ In this section, we'll introduce the following concepts:
   <p>Learn to collect the IAM User Inventory logs from the AWS SDK and send them to Sumo Logic for analysis.</p>
   </div>
 </div>
-<div className="box smallbox card">
+<!-- <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source')}><img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="Azure Event Hub icon" width="40"/><h4>Azure Event Hubs</h4></a>
   <p>Provides a secure endpoint to receive data from Azure Event Hubs.</p>
   </div>
-</div>
+</div> -->
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden-source')}><img src={useBaseUrl('img/integrations/security-threat-detection/bitwarden.png')} alt="Bitwarden icon" width="80" /><h4>Bitwarden</h4></a>
diff --git a/sidebars.ts b/sidebars.ts
index c515f0e0f5..19e3881566 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -451,7 +451,7 @@ module.exports = {
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source',
-                'send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source',
+                //'send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source',

From 5d6f98b3764c0bc273b1e41ed48e320d0e6b8ae0 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 01:45:11 +0530
Subject: [PATCH 02/13] update

---
 .clabot (1)                                   | 209 ++++++++++++++++++
 cid-redirects.json                            |   1 -
 .../azure-event-hubs-source (1).md            | 150 +++++++++++++
 3 files changed, 359 insertions(+), 1 deletion(-)
 create mode 100644 .clabot (1)
 create mode 100644 docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md

diff --git a/.clabot (1) b/.clabot (1)
new file mode 100644
index 0000000000..adf122336e
--- /dev/null
+++ b/.clabot (1)	
@@ -0,0 +1,209 @@
+{
+  "contributors": [
+    "kimsauce",
+    "stacykor",
+    "JV0812",
+    "jpipkin1",
+    "JainM6",
+    "@dependabot[bot]",
+    "dependabot[bot]",
+    "docsSeema",
+    "angadrandhawa1",
+    "kkujawa-sumo",
+    "mat-rumian",
+    "perk-sumo",
+    "jmartini-sumo",
+    "bigmac182",
+    "jschwegler-sumo",
+    "astencel-sumo",
+    "mccartney",
+    "moverbey-sumo",
+    "yamanarora7",
+    "Ayushi-12",
+    "pyeole28",
+    "wugology",
+    "PavanKumarrS-sumo",
+    "agaur",
+    "bhargavisumo",
+    "ravipadala-sumo",
+    "davidcarltonsumo",
+    "pkazmir-sumo",
+    "dkarabin-sumo",
+    "kevin-sumo",
+    "crm6718",
+    "mvirga-sumo",
+    "tarunk2",
+    "mvirga01",
+    "eft",
+    "majormoses",
+    "josh-williams",
+    "JKashyap96",
+    "droonee",
+    "oaklandersumo",
+    "cjones12",
+    "zjiawei3",
+    "vsinghal13",
+    "wjakelee",
+    "himanshu219",
+    "UlfAndreasson",
+    "hchoudharysumologic",
+    "itsthepo",
+    "rhiga2",
+    "mfiglus",
+    "sumoanema",
+    "a-kramarz",
+    "ThatOrJohn",
+    "andfum007",
+    "SethWilliamsWV",
+    "yleiferman",
+    "sumo-drosiek",
+    "carlos-castillo-jask",
+    "byitkc",
+    "pkarwacki",
+    "alex-reichle",
+    "bnartiff",
+    "duchatran",
+    "dwojtowiczSumo",
+    "t-murch",
+    "eddie-sumo",
+    "aszczepaniksumo",
+    "rikishi-c",
+    "Melvin-CnC",
+    "yuting-liu",
+    "jc-sumo",
+    "vfalconisumo",
+    "yuting-liu",
+    "arpitjain305",
+    "kparekh010",
+    "ajaiswals",
+    "sakshi-sumo",
+    "jakedgy",
+    "abstractOwl",
+    "milan-sumo",
+    "parthiv-sumo",
+    "hganapathy",
+    "keyur-sumo",
+    "hitarth-sumo",
+    "aboguszewski-sumo",
+    "priyansh-sumo",
+    "fullah-sumo",
+    "kburtt",
+    "reden2",
+    "Kumnanda",
+    "pdelewski",
+    "jamespeppe",
+    "bethg1",
+    "npande",
+    "himsharma01",
+    "shivani-sumo",
+    "paulina-kruczek-sumo",
+    "soagarwal07",
+    "Hacker-Pschorr",
+    "arunpatyal",
+    "gbertolinii",
+    "msinghsumologic",
+    "yzgyyang",
+    "sumo-ppatel",
+    "cpawar29",
+    "ankitjaininfo",
+    "codejtech",
+    "jtrakitan",
+    "datfinesoul",
+    "manashar4",
+    "banant",
+    "michaljmatusiak92",
+    "pgupta-sumo",
+    "apoorv-garg",
+    "gchairuangsang",
+    "damiangarbacz",
+    "psheck-specops",
+    "sukhhanda1",
+    "ffelici-sumo",
+    "rons4",
+    "jeff-d",
+    "janek-sumo",
+    "pbaroni",
+    "rmamilla-sumo",
+    "rnishtala-sumo",
+    "fzampori",
+    "alesscorona",
+    "salvatoremosca",
+    "desmaraisp",
+    "c-kruse",
+    "psyanite",
+    "arkhitektor",
+    "mandrearczyk",
+    "sumo-drew",
+    "rndennis",
+    "dustinswad",
+    "aneeshep",
+    "dmolenda-sumo",
+    "Gourav2906",
+    "parth-sumo",
+    "rishav-sumo-dev",
+    "cameroneckles",
+    "akhil-sumologic",
+    "paultobiasumo",
+    "atishya-22",
+    "kaliserichmond",
+    "ccressent",
+    "draval-sumo",
+    "jbaldo",
+    "prateek-sumologic",
+    "mafsumo",
+    "smosca-sumologic",
+    "NateLedet",
+    "dedayosam",
+    "klevitskiy-cyberint",
+    "redrover02",
+    "ankurch627",
+    "yasar-sumologic",
+    "ruturajsumo",
+    "bchrobot-mh",
+    "sachin-sumologic",
+    "Andrew-L-Johnson",
+    "Ayah-Saleh",
+    "ishaanahuja29",
+    "raunakmandaokar",
+    "bradtho",
+    "Misterjohnson87",
+    "lol3909",
+    "Hellfire4959",
+    "antonymartinsumo",
+    "amee-sumo",
+    "chetanchoudhary-sumo",
+    "JamoCA",
+    "darshan-sumo",
+    "mahendrak-sumo",
+    "chvik",
+    "Apoorvkudesia-sumologic",
+    "akesle",
+    "ankitgoelcmu",
+    "Deklin",
+    "justrelax19",
+    "dlindelof-sumologic",
+    "snyk-bot",
+    "stephenthedev",
+    "Apoorvkudesia-sumologic",
+    "ntanwar-sumo",
+    "aj-sumo",
+    "samiura",
+    "naveenrama",
+    "fguimond",
+    "rmeyer-legato",
+    "jagan2221",
+    "pankaj101A",
+    "prajalb",
+    "dk-logic",
+    "keshavm021",
+    "prafull-patel",
+    "Astitva-sumo",
+    "vishalpandey-sumo",
+    "dhruv-shah-sumo",
+    "nykh",
+    "rishabhjain-eng"
+  ],
+  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
+  "label": "cla-signed",
+  "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
+}
diff --git a/cid-redirects.json b/cid-redirects.json
index 6d6549d604..e916a441fe 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -3009,7 +3009,6 @@
   "/cid/1150": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source/",
   "/cid/1151": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/",
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
-  "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md
new file mode 100644
index 0000000000..8fbde98cbd
--- /dev/null
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md	
@@ -0,0 +1,150 @@
+---
+id: azure-event-hubs-source
+title: Azure Event Hubs Source
+tags:
+  - cloud-to-cloud
+  - azure-event-hubs
+sidebar_label: Azure Event Hubs
+---
+
+import ForwardToSiem from '/docs/reuse/forward-to-siem.md';
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+:::important
+From April 30, 2025, Sumo Logic will no longer support adding a source using this Azure Event Hubs source. Existing Azure Event Hubs source configurations will still work for some time, but we recommend you [migrate](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration/) to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
+:::
+
+:::note
+Collecting data from Azure Event Hubs using this Cloud-to-Cloud collection method supports a throughput limit of 1MB/s (86GB/day) per named Event Hub egress rate. If you require higher throughput, we recommend using [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source).
+:::
+
+<img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="icon" width="40"/>
+
+This cloud-to-cloud Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required authentication, scheduling, and state tracking information.
+
+:::tip Migrating to C2C
+See [Migrating from ARM based Azure Monitor Logs Collection](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration).
+:::
+
+## Data collected
+
+| Polling Interval | Data |
+| :--- | :--- |
+| 5 min | [Resource Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-schema) |
+| 5 min | [Activity Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema) |
+
+Third party apps or services can be configured to send event data to Event Hubs as well, including [Auth0](https://auth0.com/docs/logs/streams/azure-event-grid).
+
+## Setup
+
+### Vendor configuration
+
+The Event Hub doesn't have to be in the same subscription as the resource sending logs if the user who configures the setting has appropriate Azure role-based access control access to both subscriptions. By using Azure Lighthouse, it's also possible to have diagnostic settings sent to a event hub in another Azure Active Directory tenant. The event hub namespace needs to be in the same region as the resource being monitored if the resource is regional so you may have to configure multiple Azure Event Hubs Sources. More details about destination limitations and permissions are described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
+
+1. [Create an Event Hub using the Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) by navigating to Event Hubs in the Azure Portal.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep1.png')} alt="Select Azure Event Hubs" style={{border: '1px solid gray'}} width="800" />
+1. Create an Event Hubs namespace. In this example, Namespace is set to **cnctest**:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep2.png')} alt="Select Add" style={{border: '1px solid gray'}} width="300" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep3.png')} alt="Select Review and Create" style={{border: '1px solid gray'}} width="600" />
+1. Create an Event Hub Instance.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep4.png')} alt="Create Event Hubs instance" style={{border: '1px solid gray'}} width="800" />
+    * Shared Access Policies can be set up for the entire namespace. These policies can be used to access/manage all hubs in the namespace. A policy for the namespace is created by default: **RootManageSharedAccessKey** <br/><img src={useBaseUrl('img/send-data/AzureEventHubstep5.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" />
+    <br/>In this example, Event Hub Instance is set to <strong>my-hub</strong>.
+1. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) with the **Listen** claim to the newly created Event Hub Instance:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep6.png')} alt="Listen claim" style={{border: '1px solid gray'}} width="800" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep7.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep8.png')} alt="SumoCollectionPolicy" style={{border: '1px solid gray'}} width="800" /><br/>In this example, Event Hub Instance is set to **SumoCollectionPolicy**.
+1. Copy the Shared Access Policy Key.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep9.png')} alt="Copy access key" style={{border: '1px solid gray'}} width="800" />
+    Copy the Primary/Secondary key associated with this policy.
+1. When [configuring the Azure Event Hubs Source](#vendor-configuration) in Sumo Logic, our input fields might be:
+
+   | Field | Value  |
+   |:----------------------------|:----------------------|
+   | Azure Event Hubs Namespace | cnctest |
+   | Event Hubs Instance Name   | my-hub               |
+   | Shared Access Policy Name  | SumoCollectionPolicy |
+   | Shared Access Policy Key<br/>(use primary key)  | mOsLf3RE…            |
+
+### Source configuration
+
+When you create an Azure Event Hubs Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
+
+To configure an Azure Event Hubs Source:
+
+1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.<br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. 
+1. On the Collectors page, click **Add Source** next to a **HostedCollector**.
+:::
+    Make sure the hosted collector is tagged with tenant_name field for the out of the box Azure apps to work. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name).
+:::
+1. Search for and select **Azure Event Hubs**.
+1. Enter a **Name** for the Source. The description is optional.
+1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
+1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). <br/><ForwardToSiem/>
+1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
+   * <img src={useBaseUrl('img/reuse/green-check-circle.png')} alt="green check circle.png" width="20"/> A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+   * <img src={useBaseUrl('img/reuse/orange-exclamation-point.png')} alt="orange exclamation point.png" width="20"/> An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  
+1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name. 
+1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name.
+1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim.
+1. **Consumer Group Name**. If needed, specify a custom consumer group name. When using a custom **Consumer Group** make sure that it exists for the Event Hub instance.
+1. **Receive data with latest offset or from timestamp**. Choose one of the following options:
+    * **Latest offset** (default) - this will start the receiver with the latest offset and collect any new logs received to the Event Hub moving forward.
+    * **Timestamp** - use this option to start receiving logs from a specific point in time in the event stream. **Timestamp** can be used to ingest historical data. Once all historical data has been ingested it is recommended to switch to **Latest offset.** This will ensure the Collector continues from the latest recorded checkpoint when restarted and not use the **Timestamp** specified as a starting point, which could result in logs being received and processed more than once.        
+1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in Create a Processing Rule.
+1. **Advanced Options for Logs**.
+   * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
+   * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
+   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a Source. See [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference) for more information.        
+1. When you are finished configuring the Source, click **Submit**.
+
+## Metadata fields
+
+| Field | Value | Description |
+| :--- | :--- | :--- |
+| `_siemDataType` | `Inventory` | Set when **Forward To SIEM** is checked. |
+| `_siemProduct` | `Azure` | Set when **Forward To SIEM** is checked. |
+| `_siemVendor` | `Microsoft` | Set when **Forward To SIEM** is checked. |
+| `_siemFormat` | `JSON` | Set when **Forward To SIEM** is checked. |
+| `_siemEventID` | `<metadata.eventType>` | Where `metadata.eventType` is populated from the field in the event JSON, such as Administrative or Resource Health. See more information about the available event types for the Azure platform in Activity Log Categories and Resource Log Categories. Logs that do not contain a category field are assigned category UNKNOWN. |
+
+## JSON schema
+
+Sources can be configured using UTF-8 encoded JSON files with the Collector Management API. See [how to use JSON to configure Sources](/docs/send-data/use-json-configure-sources) for details. 
+
+| Parameter | Type | Value | Required | Description |
+|:--|:--|:--|:--|:--|
+| schemaRef | JSON Object  | `{"type":"Azure Event Hubs"}` | Yes | Define the specific schema type. |
+| sourceType | String | `"Universal"` | Yes | Type of source. |
+| config | JSON Object | [Configuration object](#configuration-object) | Yes | Source type specific values. |
+
+### Configuration Object
+
+| Parameter | Type | Required | Default | Description | Example |
+|:--|:--|:--|:--|:--|:--|
+| name | String | Yes | `null` | Type a desired name of the source. The name must be unique per Collector. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_source`. | `"mySource"` |
+| description | String | No | `null` | Type a description of the source. | `"Testing source"`
+| category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"`
+| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. Use the boolean field `_siemForward` to enable forwarding to SIEM.|`{"_siemForward": false, "fieldA": "valueA"}` |
+| namespace | String | Yes | `null` | Your Azure Event Hubs Namespace name. |  |
+| hub_name | String | Yes	 | `null` | The Azure Event Hubs Instance Name. |  |
+| access_policy_name | String | Yes | `null` | Your Shared Access Policy Name. The Shared Access Policy requires the Listen claim. |  |
+| access_policy_key | String | Yes |`null`  | Your Shared Access Policy Key. The Shared Access Policy requires the Listen claim. |  |
+| consumer_group | String | Yes | $Default | If needed, specify a custom consumer group name. When using a custom Consumer Group make sure that it exists for the Event Hub instance. |  |
+| receive_with_latest_offset | Boolean | Yes | True | Receive data with the latest offset or from the timestamp. |  |
+| receive_from_timestamp | Boolean | No  | `null` | Set to true when receive_with_latest_offset is false. |  |
+| timeZone | String | No | null | Type the time zone you'd like the source to use in TZ database format. | `"America/Los_Angeles"`. See [time zone format](/docs/send-data/use-json-configure-sources) for details. |
+| forceTimeZone | Boolean | No | false | Type `true` to force the Source to use a specific time zone, otherwise type `false` to use the time zone found in the logs. The default setting is false. |  |
+| automaticDateParsing | Boolean | No | true | Determines if timestamp information is parsed or not. Type `true` to enable automatic parsing of dates (the default setting); type `false` to disable. If disabled, no timestamp information is parsed at all. |  |
+| autoParseTimeFormat | Boolean | No | true | Sets if the timestamp format is automatically detected by Sumo Logic. If `autoParseTimeFormat` is set to false, then `defaultDateFormats` must be specified. |  |
+| defaultDateFormats | array | No | `null` | Define formats for the dates present in your log messages. You can specify a locator regex to identify where timestamps appear in log lines.<br/>The `defaultDateFormats` object has two elements:<br/>`format` (required)—Specify the date format.<br/>`locator` (optional)—A regular expression that specifies the location of the timestamp in your log lines. | For example, `INFO(.*)`<br/> For an example, see [Timestamp example](/docs/send-data/use-json-configure-sources/#timestamp-example).<br/>For more information about timestamp options, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). |
+
+### JSON example
+
+```json reference
+https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.json
+```
+
+### Terraform example
+
+```sh reference
+https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.tf
+```
+
+## FAQ
+
+:::info
+Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
+:::

From e68c368f143bfc39f48755188d18b866bf92ea58 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 01:45:45 +0530
Subject: [PATCH 03/13] Delete azure-event-hubs-source (1).md

---
 .../azure-event-hubs-source (1).md            | 150 ------------------
 1 file changed, 150 deletions(-)
 delete mode 100644 docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md

diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md
deleted file mode 100644
index 8fbde98cbd..0000000000
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source (1).md	
+++ /dev/null
@@ -1,150 +0,0 @@
----
-id: azure-event-hubs-source
-title: Azure Event Hubs Source
-tags:
-  - cloud-to-cloud
-  - azure-event-hubs
-sidebar_label: Azure Event Hubs
----
-
-import ForwardToSiem from '/docs/reuse/forward-to-siem.md';
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-:::important
-From April 30, 2025, Sumo Logic will no longer support adding a source using this Azure Event Hubs source. Existing Azure Event Hubs source configurations will still work for some time, but we recommend you [migrate](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration/) to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
-:::
-
-:::note
-Collecting data from Azure Event Hubs using this Cloud-to-Cloud collection method supports a throughput limit of 1MB/s (86GB/day) per named Event Hub egress rate. If you require higher throughput, we recommend using [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source).
-:::
-
-<img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="icon" width="40"/>
-
-This cloud-to-cloud Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required authentication, scheduling, and state tracking information.
-
-:::tip Migrating to C2C
-See [Migrating from ARM based Azure Monitor Logs Collection](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration).
-:::
-
-## Data collected
-
-| Polling Interval | Data |
-| :--- | :--- |
-| 5 min | [Resource Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-schema) |
-| 5 min | [Activity Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema) |
-
-Third party apps or services can be configured to send event data to Event Hubs as well, including [Auth0](https://auth0.com/docs/logs/streams/azure-event-grid).
-
-## Setup
-
-### Vendor configuration
-
-The Event Hub doesn't have to be in the same subscription as the resource sending logs if the user who configures the setting has appropriate Azure role-based access control access to both subscriptions. By using Azure Lighthouse, it's also possible to have diagnostic settings sent to a event hub in another Azure Active Directory tenant. The event hub namespace needs to be in the same region as the resource being monitored if the resource is regional so you may have to configure multiple Azure Event Hubs Sources. More details about destination limitations and permissions are described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
-
-1. [Create an Event Hub using the Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) by navigating to Event Hubs in the Azure Portal.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep1.png')} alt="Select Azure Event Hubs" style={{border: '1px solid gray'}} width="800" />
-1. Create an Event Hubs namespace. In this example, Namespace is set to **cnctest**:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep2.png')} alt="Select Add" style={{border: '1px solid gray'}} width="300" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep3.png')} alt="Select Review and Create" style={{border: '1px solid gray'}} width="600" />
-1. Create an Event Hub Instance.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep4.png')} alt="Create Event Hubs instance" style={{border: '1px solid gray'}} width="800" />
-    * Shared Access Policies can be set up for the entire namespace. These policies can be used to access/manage all hubs in the namespace. A policy for the namespace is created by default: **RootManageSharedAccessKey** <br/><img src={useBaseUrl('img/send-data/AzureEventHubstep5.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" />
-    <br/>In this example, Event Hub Instance is set to <strong>my-hub</strong>.
-1. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) with the **Listen** claim to the newly created Event Hub Instance:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep6.png')} alt="Listen claim" style={{border: '1px solid gray'}} width="800" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep7.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep8.png')} alt="SumoCollectionPolicy" style={{border: '1px solid gray'}} width="800" /><br/>In this example, Event Hub Instance is set to **SumoCollectionPolicy**.
-1. Copy the Shared Access Policy Key.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep9.png')} alt="Copy access key" style={{border: '1px solid gray'}} width="800" />
-    Copy the Primary/Secondary key associated with this policy.
-1. When [configuring the Azure Event Hubs Source](#vendor-configuration) in Sumo Logic, our input fields might be:
-
-   | Field | Value  |
-   |:----------------------------|:----------------------|
-   | Azure Event Hubs Namespace | cnctest |
-   | Event Hubs Instance Name   | my-hub               |
-   | Shared Access Policy Name  | SumoCollectionPolicy |
-   | Shared Access Policy Key<br/>(use primary key)  | mOsLf3RE…            |
-
-### Source configuration
-
-When you create an Azure Event Hubs Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
-
-To configure an Azure Event Hubs Source:
-
-1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.<br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. 
-1. On the Collectors page, click **Add Source** next to a **HostedCollector**.
-:::
-    Make sure the hosted collector is tagged with tenant_name field for the out of the box Azure apps to work. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name).
-:::
-1. Search for and select **Azure Event Hubs**.
-1. Enter a **Name** for the Source. The description is optional.
-1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
-1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). <br/><ForwardToSiem/>
-1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
-   * <img src={useBaseUrl('img/reuse/green-check-circle.png')} alt="green check circle.png" width="20"/> A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
-   * <img src={useBaseUrl('img/reuse/orange-exclamation-point.png')} alt="orange exclamation point.png" width="20"/> An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  
-1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name. 
-1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name.
-1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim.
-1. **Consumer Group Name**. If needed, specify a custom consumer group name. When using a custom **Consumer Group** make sure that it exists for the Event Hub instance.
-1. **Receive data with latest offset or from timestamp**. Choose one of the following options:
-    * **Latest offset** (default) - this will start the receiver with the latest offset and collect any new logs received to the Event Hub moving forward.
-    * **Timestamp** - use this option to start receiving logs from a specific point in time in the event stream. **Timestamp** can be used to ingest historical data. Once all historical data has been ingested it is recommended to switch to **Latest offset.** This will ensure the Collector continues from the latest recorded checkpoint when restarted and not use the **Timestamp** specified as a starting point, which could result in logs being received and processed more than once.        
-1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in Create a Processing Rule.
-1. **Advanced Options for Logs**.
-   * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
-   * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
-   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a Source. See [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference) for more information.        
-1. When you are finished configuring the Source, click **Submit**.
-
-## Metadata fields
-
-| Field | Value | Description |
-| :--- | :--- | :--- |
-| `_siemDataType` | `Inventory` | Set when **Forward To SIEM** is checked. |
-| `_siemProduct` | `Azure` | Set when **Forward To SIEM** is checked. |
-| `_siemVendor` | `Microsoft` | Set when **Forward To SIEM** is checked. |
-| `_siemFormat` | `JSON` | Set when **Forward To SIEM** is checked. |
-| `_siemEventID` | `<metadata.eventType>` | Where `metadata.eventType` is populated from the field in the event JSON, such as Administrative or Resource Health. See more information about the available event types for the Azure platform in Activity Log Categories and Resource Log Categories. Logs that do not contain a category field are assigned category UNKNOWN. |
-
-## JSON schema
-
-Sources can be configured using UTF-8 encoded JSON files with the Collector Management API. See [how to use JSON to configure Sources](/docs/send-data/use-json-configure-sources) for details. 
-
-| Parameter | Type | Value | Required | Description |
-|:--|:--|:--|:--|:--|
-| schemaRef | JSON Object  | `{"type":"Azure Event Hubs"}` | Yes | Define the specific schema type. |
-| sourceType | String | `"Universal"` | Yes | Type of source. |
-| config | JSON Object | [Configuration object](#configuration-object) | Yes | Source type specific values. |
-
-### Configuration Object
-
-| Parameter | Type | Required | Default | Description | Example |
-|:--|:--|:--|:--|:--|:--|
-| name | String | Yes | `null` | Type a desired name of the source. The name must be unique per Collector. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_source`. | `"mySource"` |
-| description | String | No | `null` | Type a description of the source. | `"Testing source"`
-| category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"`
-| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. Use the boolean field `_siemForward` to enable forwarding to SIEM.|`{"_siemForward": false, "fieldA": "valueA"}` |
-| namespace | String | Yes | `null` | Your Azure Event Hubs Namespace name. |  |
-| hub_name | String | Yes	 | `null` | The Azure Event Hubs Instance Name. |  |
-| access_policy_name | String | Yes | `null` | Your Shared Access Policy Name. The Shared Access Policy requires the Listen claim. |  |
-| access_policy_key | String | Yes |`null`  | Your Shared Access Policy Key. The Shared Access Policy requires the Listen claim. |  |
-| consumer_group | String | Yes | $Default | If needed, specify a custom consumer group name. When using a custom Consumer Group make sure that it exists for the Event Hub instance. |  |
-| receive_with_latest_offset | Boolean | Yes | True | Receive data with the latest offset or from the timestamp. |  |
-| receive_from_timestamp | Boolean | No  | `null` | Set to true when receive_with_latest_offset is false. |  |
-| timeZone | String | No | null | Type the time zone you'd like the source to use in TZ database format. | `"America/Los_Angeles"`. See [time zone format](/docs/send-data/use-json-configure-sources) for details. |
-| forceTimeZone | Boolean | No | false | Type `true` to force the Source to use a specific time zone, otherwise type `false` to use the time zone found in the logs. The default setting is false. |  |
-| automaticDateParsing | Boolean | No | true | Determines if timestamp information is parsed or not. Type `true` to enable automatic parsing of dates (the default setting); type `false` to disable. If disabled, no timestamp information is parsed at all. |  |
-| autoParseTimeFormat | Boolean | No | true | Sets if the timestamp format is automatically detected by Sumo Logic. If `autoParseTimeFormat` is set to false, then `defaultDateFormats` must be specified. |  |
-| defaultDateFormats | array | No | `null` | Define formats for the dates present in your log messages. You can specify a locator regex to identify where timestamps appear in log lines.<br/>The `defaultDateFormats` object has two elements:<br/>`format` (required)—Specify the date format.<br/>`locator` (optional)—A regular expression that specifies the location of the timestamp in your log lines. | For example, `INFO(.*)`<br/> For an example, see [Timestamp example](/docs/send-data/use-json-configure-sources/#timestamp-example).<br/>For more information about timestamp options, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). |
-
-### JSON example
-
-```json reference
-https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.json
-```
-
-### Terraform example
-
-```sh reference
-https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.tf
-```
-
-## FAQ
-
-:::info
-Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
-:::

From 20cdb36b4a7f78091a5e7c35eaada5d137ed1161 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 01:46:56 +0530
Subject: [PATCH 04/13] Delete .clabot (1)

---
 .clabot (1) | 209 ----------------------------------------------------
 1 file changed, 209 deletions(-)
 delete mode 100644 .clabot (1)

diff --git a/.clabot (1) b/.clabot (1)
deleted file mode 100644
index adf122336e..0000000000
--- a/.clabot (1)	
+++ /dev/null
@@ -1,209 +0,0 @@
-{
-  "contributors": [
-    "kimsauce",
-    "stacykor",
-    "JV0812",
-    "jpipkin1",
-    "JainM6",
-    "@dependabot[bot]",
-    "dependabot[bot]",
-    "docsSeema",
-    "angadrandhawa1",
-    "kkujawa-sumo",
-    "mat-rumian",
-    "perk-sumo",
-    "jmartini-sumo",
-    "bigmac182",
-    "jschwegler-sumo",
-    "astencel-sumo",
-    "mccartney",
-    "moverbey-sumo",
-    "yamanarora7",
-    "Ayushi-12",
-    "pyeole28",
-    "wugology",
-    "PavanKumarrS-sumo",
-    "agaur",
-    "bhargavisumo",
-    "ravipadala-sumo",
-    "davidcarltonsumo",
-    "pkazmir-sumo",
-    "dkarabin-sumo",
-    "kevin-sumo",
-    "crm6718",
-    "mvirga-sumo",
-    "tarunk2",
-    "mvirga01",
-    "eft",
-    "majormoses",
-    "josh-williams",
-    "JKashyap96",
-    "droonee",
-    "oaklandersumo",
-    "cjones12",
-    "zjiawei3",
-    "vsinghal13",
-    "wjakelee",
-    "himanshu219",
-    "UlfAndreasson",
-    "hchoudharysumologic",
-    "itsthepo",
-    "rhiga2",
-    "mfiglus",
-    "sumoanema",
-    "a-kramarz",
-    "ThatOrJohn",
-    "andfum007",
-    "SethWilliamsWV",
-    "yleiferman",
-    "sumo-drosiek",
-    "carlos-castillo-jask",
-    "byitkc",
-    "pkarwacki",
-    "alex-reichle",
-    "bnartiff",
-    "duchatran",
-    "dwojtowiczSumo",
-    "t-murch",
-    "eddie-sumo",
-    "aszczepaniksumo",
-    "rikishi-c",
-    "Melvin-CnC",
-    "yuting-liu",
-    "jc-sumo",
-    "vfalconisumo",
-    "yuting-liu",
-    "arpitjain305",
-    "kparekh010",
-    "ajaiswals",
-    "sakshi-sumo",
-    "jakedgy",
-    "abstractOwl",
-    "milan-sumo",
-    "parthiv-sumo",
-    "hganapathy",
-    "keyur-sumo",
-    "hitarth-sumo",
-    "aboguszewski-sumo",
-    "priyansh-sumo",
-    "fullah-sumo",
-    "kburtt",
-    "reden2",
-    "Kumnanda",
-    "pdelewski",
-    "jamespeppe",
-    "bethg1",
-    "npande",
-    "himsharma01",
-    "shivani-sumo",
-    "paulina-kruczek-sumo",
-    "soagarwal07",
-    "Hacker-Pschorr",
-    "arunpatyal",
-    "gbertolinii",
-    "msinghsumologic",
-    "yzgyyang",
-    "sumo-ppatel",
-    "cpawar29",
-    "ankitjaininfo",
-    "codejtech",
-    "jtrakitan",
-    "datfinesoul",
-    "manashar4",
-    "banant",
-    "michaljmatusiak92",
-    "pgupta-sumo",
-    "apoorv-garg",
-    "gchairuangsang",
-    "damiangarbacz",
-    "psheck-specops",
-    "sukhhanda1",
-    "ffelici-sumo",
-    "rons4",
-    "jeff-d",
-    "janek-sumo",
-    "pbaroni",
-    "rmamilla-sumo",
-    "rnishtala-sumo",
-    "fzampori",
-    "alesscorona",
-    "salvatoremosca",
-    "desmaraisp",
-    "c-kruse",
-    "psyanite",
-    "arkhitektor",
-    "mandrearczyk",
-    "sumo-drew",
-    "rndennis",
-    "dustinswad",
-    "aneeshep",
-    "dmolenda-sumo",
-    "Gourav2906",
-    "parth-sumo",
-    "rishav-sumo-dev",
-    "cameroneckles",
-    "akhil-sumologic",
-    "paultobiasumo",
-    "atishya-22",
-    "kaliserichmond",
-    "ccressent",
-    "draval-sumo",
-    "jbaldo",
-    "prateek-sumologic",
-    "mafsumo",
-    "smosca-sumologic",
-    "NateLedet",
-    "dedayosam",
-    "klevitskiy-cyberint",
-    "redrover02",
-    "ankurch627",
-    "yasar-sumologic",
-    "ruturajsumo",
-    "bchrobot-mh",
-    "sachin-sumologic",
-    "Andrew-L-Johnson",
-    "Ayah-Saleh",
-    "ishaanahuja29",
-    "raunakmandaokar",
-    "bradtho",
-    "Misterjohnson87",
-    "lol3909",
-    "Hellfire4959",
-    "antonymartinsumo",
-    "amee-sumo",
-    "chetanchoudhary-sumo",
-    "JamoCA",
-    "darshan-sumo",
-    "mahendrak-sumo",
-    "chvik",
-    "Apoorvkudesia-sumologic",
-    "akesle",
-    "ankitgoelcmu",
-    "Deklin",
-    "justrelax19",
-    "dlindelof-sumologic",
-    "snyk-bot",
-    "stephenthedev",
-    "Apoorvkudesia-sumologic",
-    "ntanwar-sumo",
-    "aj-sumo",
-    "samiura",
-    "naveenrama",
-    "fguimond",
-    "rmeyer-legato",
-    "jagan2221",
-    "pankaj101A",
-    "prajalb",
-    "dk-logic",
-    "keshavm021",
-    "prafull-patel",
-    "Astitva-sumo",
-    "vishalpandey-sumo",
-    "dhruv-shah-sumo",
-    "nykh",
-    "rishabhjain-eng"
-  ],
-  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
-  "label": "cla-signed",
-  "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
-}

From 5c9008b36ac52308ecb876742f3a4638340d387e Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 02:07:23 +0530
Subject: [PATCH 05/13] Update cid-redirects.json

---
 cid-redirects.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cid-redirects.json b/cid-redirects.json
index e916a441fe..6d6549d604 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -3009,6 +3009,7 @@
   "/cid/1150": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source/",
   "/cid/1151": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/",
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
+  "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",

From 3aca198353fbe4ebff90199e46a4f59c424c2bed Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 02:14:54 +0530
Subject: [PATCH 06/13] delete files

---
 docs/integrations/product-list/product-list-a-l.md          | 2 +-
 .../cloud-to-cloud-integration-framework/index.md           | 6 ------
 sidebars.ts                                                 | 1 -
 3 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/docs/integrations/product-list/product-list-a-l.md b/docs/integrations/product-list/product-list-a-l.md
index afbca0310c..b0f033a8c4 100644
--- a/docs/integrations/product-list/product-list-a-l.md
+++ b/docs/integrations/product-list/product-list-a-l.md
@@ -121,7 +121,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | <img src={useBaseUrl('img/integrations/misc/aws-simple-notification-service-logo.png')} alt="AWS Simple Notification Service icon" width="50"/>  | [AWS Simple Notification Service](https://aws.amazon.com/sns/) | Automation integration: [AWS Simple Notification Service](/docs/platform-services/automation-service/app-central/integrations/aws-simple-notification-service/) |
 |  <img src={useBaseUrl('img/integrations/amazon-aws/waf.png')} alt="WAF icon" width="50"/>   | [AWS WAF](https://aws.amazon.com/waf/)  | Apps: <br/>- [AWS WAF](/docs/integrations/amazon-aws/waf/)<br/>- [AWS WAF Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-waf/)	<br/>Automation integration: [AWS WAF](/docs/platform-services/automation-service/app-central/integrations/aws-waf/) <br/>Cloud SIEM integration: [Amazon AWS - Web Application Firewall (WAF)](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/products/072b85a2-1765-45c2-911d-b0509880326e.md) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/axonius.png')} alt="Axonius icon" width="100"/> | [Axonius](https://www.axonius.com/) | Automation integration: [Axonius](/docs/platform-services/automation-service/app-central/integrations/axonius/) |
-| <img src={useBaseUrl('img/integrations/misc/azure-logo.png')} alt="Azure icon" width="50"/> | [Azure](https://azure.microsoft.com/en-us) | Apps: <br/>- [Azure Analysis Services](/docs/integrations/microsoft-azure/azure-analysis-services/) <br/>- [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/) <br/>- [Azure App Configuration](/docs/integrations/microsoft-azure/azure-app-configuration/) <br/>-  [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/) <br/>- [Azure App Service Environment](/docs/integrations/microsoft-azure/azure-app-service-environment/) <br/>- [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/) <br/>- [Azure Audit](/docs/integrations/microsoft-azure/audit/) <br/>-  [Azure Automation](/docs/integrations/microsoft-azure/azure-automation/) <br/>- [Azure Backup](/docs/integrations/microsoft-azure/azure-backup/) <br/>- [Azure Batch](/docs/integrations/microsoft-azure/azure-batch/) <br/>- [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/) <br/>- [Azure Cognitive Search](/docs/integrations/microsoft-azure/azure-cognitive-search/) <br/>- [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/) <br/>- [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/)	<br/>- [Azure Cosmos DB for PostgreSQL](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/) <br/>- [Azure Data Explorer](/docs/integrations/microsoft-azure/azure-data-explorer/) <br/>- [Azure Data Factory](/docs/integrations/microsoft-azure/azure-data-factory/) <br/>- [Azure Database for MariaDB](/docs/integrations/microsoft-azure/azure-database-for-mariadb/) <br/>- [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/) <br/>- [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/) <br/>- [Azure Event Grid](/docs/integrations/microsoft-azure/azure-event-grid/) <br/>- [Azure Event Hubs](/docs/integrations/microsoft-azure/azure-event-hubs/) <br/>- [Azure Firewall](/docs/integrations/microsoft-azure/azure-firewall/) <br/>- [Azure Front Door](/docs/integrations/microsoft-azure/azure-front-door/) <br/>- [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/) <br/>- [Azure HDInsight](/docs/integrations/microsoft-azure/azure-hdinsight/) <br/>- [Azure IoT Hub](/docs/integrations/microsoft-azure/azure-iot-hub/) <br/>- [Azure Key Vault](/docs/integrations/microsoft-azure/azure-key-vault/) <br/>- [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/) <br/>- [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/) <br/>- [Azure Logic App](/docs/integrations/microsoft-azure/azure-logic-app/) <br/>- [Azure Machine Learning](/docs/integrations/microsoft-azure/azure-machine-learning/) <br/>- [Azure Monitor Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source)	<br/>- [Azure Monitor Metrics](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/)	<br/>- [Azure Monitoring](/docs/send-data/collect-from-other-data-sources/azure-monitoring/) <br/>- [Azure Network Interface](/docs/integrations/microsoft-azure/azure-network-interface/) <br/>- [Azure Network Watcher](/docs/integrations/microsoft-azure/network-watcher/) <br/>- [Azure Notification Hubs](/docs/integrations/microsoft-azure/azure-notification-hubs/) <br/>- [Azure OpenAI](/docs/integrations/microsoft-azure/azure-open-ai/) <br/>- [Azure Public IP Addresses](/docs/integrations/microsoft-azure/azure-public-ipAddress/) <br/>- [Azure Relay](/docs/integrations/microsoft-azure/azure-relay/) <br/>- [Azure Security -Advisor](/docs/integrations/microsoft-azure/azure-security-advisor/) <br/>- [Azure Security - Defender for Cloud](/docs/integrations/microsoft-azure/azure-security-defender-for-cloud/) <br/>- [Azure Security - Microsoft Defender for Cloud Apps](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps/) <br/>- [Azure Security - Microsoft Defender for Endpoint](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/) <br/>- [Azure Security - Microsoft Defender for Identity](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-identity) <br/>- [Azure Security - Microsoft Defender for Office 365](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365) <br/>- [Azure Security - Microsoft Entra ID Protection](/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection/) <br/>- [Azure Service Bus](/docs/integrations/microsoft-azure/azure-service-bus/) <br/>- [Azure SQL](/docs/integrations/microsoft-azure/sql/) <br/>- [Azure SQL Elastic Pool](/docs/integrations/microsoft-azure/azure-sql-elastic-pool/) <br/>- [Azure SQL Managed Instance](/docs/integrations/microsoft-azure/azure-sql-managed-instance/) <br/>- [Azure Storage](/docs/integrations/microsoft-azure/azure-storage/) <br/>- [Azure Stream Analytics](/docs/integrations/microsoft-azure/azure-stream-analytics/) <br/>- [Azure Subscription](/docs/integrations/microsoft-azure/azure-subscription/) <br/>- [Azure Synapse Analytics](/docs/integrations/microsoft-azure/azure-synapse-analytics/) <br/>- [Azure Virtual Network](/docs/integrations/microsoft-azure/azure-virtual-network/) <br/>- [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/)  <br/>- [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/) <br/>Automation integration: [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad/) <br/>Collectors:  <br/>- [Azure Blob Storage](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs) <br/>- [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/) <br/>- [Migrating to Azure Event Hubs Cloud-to-Cloud Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration) <br/>Webhook: [Webhook Connection for Microsoft Azure Functions](/docs/alerts/webhook-connections/microsoft-azure-functions/) |
+| <img src={useBaseUrl('img/integrations/misc/azure-logo.png')} alt="Azure icon" width="50"/> | [Azure](https://azure.microsoft.com/en-us) | Apps: <br/>- [Azure Analysis Services](/docs/integrations/microsoft-azure/azure-analysis-services/) <br/>- [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/) <br/>- [Azure App Configuration](/docs/integrations/microsoft-azure/azure-app-configuration/) <br/>-  [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/) <br/>- [Azure App Service Environment](/docs/integrations/microsoft-azure/azure-app-service-environment/) <br/>- [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/) <br/>- [Azure Audit](/docs/integrations/microsoft-azure/audit/) <br/>-  [Azure Automation](/docs/integrations/microsoft-azure/azure-automation/) <br/>- [Azure Backup](/docs/integrations/microsoft-azure/azure-backup/) <br/>- [Azure Batch](/docs/integrations/microsoft-azure/azure-batch/) <br/>- [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/) <br/>- [Azure Cognitive Search](/docs/integrations/microsoft-azure/azure-cognitive-search/) <br/>- [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/) <br/>- [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/)	<br/>- [Azure Cosmos DB for PostgreSQL](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/) <br/>- [Azure Data Explorer](/docs/integrations/microsoft-azure/azure-data-explorer/) <br/>- [Azure Data Factory](/docs/integrations/microsoft-azure/azure-data-factory/) <br/>- [Azure Database for MariaDB](/docs/integrations/microsoft-azure/azure-database-for-mariadb/) <br/>- [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/) <br/>- [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/) <br/>- [Azure Event Grid](/docs/integrations/microsoft-azure/azure-event-grid/) <br/>- [Azure Event Hubs](/docs/integrations/microsoft-azure/azure-event-hubs/) <br/>- [Azure Firewall](/docs/integrations/microsoft-azure/azure-firewall/) <br/>- [Azure Front Door](/docs/integrations/microsoft-azure/azure-front-door/) <br/>- [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/) <br/>- [Azure HDInsight](/docs/integrations/microsoft-azure/azure-hdinsight/) <br/>- [Azure IoT Hub](/docs/integrations/microsoft-azure/azure-iot-hub/) <br/>- [Azure Key Vault](/docs/integrations/microsoft-azure/azure-key-vault/) <br/>- [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/) <br/>- [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/) <br/>- [Azure Logic App](/docs/integrations/microsoft-azure/azure-logic-app/) <br/>- [Azure Machine Learning](/docs/integrations/microsoft-azure/azure-machine-learning/) <br/>- [Azure Monitor Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source)	<br/>- [Azure Monitor Metrics](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/)	<br/>- [Azure Monitoring](/docs/send-data/collect-from-other-data-sources/azure-monitoring/) <br/>- [Azure Network Interface](/docs/integrations/microsoft-azure/azure-network-interface/) <br/>- [Azure Network Watcher](/docs/integrations/microsoft-azure/network-watcher/) <br/>- [Azure Notification Hubs](/docs/integrations/microsoft-azure/azure-notification-hubs/) <br/>- [Azure OpenAI](/docs/integrations/microsoft-azure/azure-open-ai/) <br/>- [Azure Public IP Addresses](/docs/integrations/microsoft-azure/azure-public-ipAddress/) <br/>- [Azure Relay](/docs/integrations/microsoft-azure/azure-relay/) <br/>- [Azure Security -Advisor](/docs/integrations/microsoft-azure/azure-security-advisor/) <br/>- [Azure Security - Defender for Cloud](/docs/integrations/microsoft-azure/azure-security-defender-for-cloud/) <br/>- [Azure Security - Microsoft Defender for Cloud Apps](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps/) <br/>- [Azure Security - Microsoft Defender for Endpoint](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/) <br/>- [Azure Security - Microsoft Defender for Identity](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-identity) <br/>- [Azure Security - Microsoft Defender for Office 365](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365) <br/>- [Azure Security - Microsoft Entra ID Protection](/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection/) <br/>- [Azure Service Bus](/docs/integrations/microsoft-azure/azure-service-bus/) <br/>- [Azure SQL](/docs/integrations/microsoft-azure/sql/) <br/>- [Azure SQL Elastic Pool](/docs/integrations/microsoft-azure/azure-sql-elastic-pool/) <br/>- [Azure SQL Managed Instance](/docs/integrations/microsoft-azure/azure-sql-managed-instance/) <br/>- [Azure Storage](/docs/integrations/microsoft-azure/azure-storage/) <br/>- [Azure Stream Analytics](/docs/integrations/microsoft-azure/azure-stream-analytics/) <br/>- [Azure Subscription](/docs/integrations/microsoft-azure/azure-subscription/) <br/>- [Azure Synapse Analytics](/docs/integrations/microsoft-azure/azure-synapse-analytics/) <br/>- [Azure Virtual Network](/docs/integrations/microsoft-azure/azure-virtual-network/) <br/>- [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/)  <br/>- [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/) <br/>Automation integration: [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad/) <br/>Collectors:  <br/>- [Azure Blob Storage](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs) <br/>- [Migrating to Azure Event Hubs Cloud-to-Cloud Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration) <br/>Webhook: [Webhook Connection for Microsoft Azure Functions](/docs/alerts/webhook-connections/microsoft-azure-functions/) |
 
 ## B
 
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
index 52afc5fb77..2b22bfd573 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
@@ -134,12 +134,6 @@ In this section, we'll introduce the following concepts:
   <p>Learn to collect the IAM User Inventory logs from the AWS SDK and send them to Sumo Logic for analysis.</p>
   </div>
 </div>
-<!-- <div className="box smallbox card">
-  <div className="container">
-  <a href={useBaseUrl('docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source')}><img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="Azure Event Hub icon" width="40"/><h4>Azure Event Hubs</h4></a>
-  <p>Provides a secure endpoint to receive data from Azure Event Hubs.</p>
-  </div>
-</div> -->
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden-source')}><img src={useBaseUrl('img/integrations/security-threat-detection/bitwarden.png')} alt="Bitwarden icon" width="80" /><h4>Bitwarden</h4></a>
diff --git a/sidebars.ts b/sidebars.ts
index 19e3881566..2bad0b8155 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -451,7 +451,6 @@ module.exports = {
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source',
-                //'send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/bitwarden-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source',
                 'send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source',

From 864b3790811f064685e2fe25de359dd8af9abdf1 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 02:21:21 +0530
Subject: [PATCH 07/13] added parse5

---
 package.json | 1 +
 yarn.lock    | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/package.json b/package.json
index cb062f48e9..3998926b92 100644
--- a/package.json
+++ b/package.json
@@ -114,6 +114,7 @@
     "nth-check": "^2.0.1",
     "p-queue": "6.6.2",
     "p-timeout": "3.2.0",
+    "parse5": "^8.0.0",
     "path-to-regexp": "3.3.0",
     "postcss": "^8.4.38",
     "postcss-calc": "9.0.1",
diff --git a/yarn.lock b/yarn.lock
index e9842f88e6..549d903a7d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -11189,6 +11189,13 @@ parse5@^7.0.0:
   dependencies:
     entities "^6.0.0"
 
+parse5@^8.0.0:
+  version "8.0.0"
+  resolved "https://registry.yarnpkg.com/parse5/-/parse5-8.0.0.tgz#aceb267f6b15f9b6e6ba9e35bfdd481fc2167b12"
+  integrity sha512-9m4m5GSgXjL4AjumKzq1Fgfp3Z8rsvjRNbnkVwfu2ImRqE5D0LnY2QfDen18FSY9C573YU5XxSapdHZTZ2WolA==
+  dependencies:
+    entities "^6.0.0"
+
 parseurl@~1.3.2, parseurl@~1.3.3:
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"

From eb1a9dcf322ca0ec2e9760b9f951c9b6e97e1814 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 02:28:25 +0530
Subject: [PATCH 08/13] deleted the doc file

---
 cid-redirects.json                            |   1 -
 .../azure-event-hubs-source.md                | 150 ------------------
 2 files changed, 151 deletions(-)
 delete mode 100644 docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md

diff --git a/cid-redirects.json b/cid-redirects.json
index 6d6549d604..e916a441fe 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -3009,7 +3009,6 @@
   "/cid/1150": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source/",
   "/cid/1151": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/",
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
-  "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md
deleted file mode 100644
index 706cd8c5b4..0000000000
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md
+++ /dev/null
@@ -1,150 +0,0 @@
----
-id: azure-event-hubs-source
-title: Azure Event Hubs Source
-tags:
-  - cloud-to-cloud
-  - azure-event-hubs
-sidebar_label: Azure Event Hubs
----
-
-import ForwardToSiem from '/docs/reuse/forward-to-siem.md';
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-:::important
-From April 30, 2025, Sumo Logic will no longer support adding a source using this Azure Event Hubs source. Existing Azure Event Hubs source configurations will still work for some time, but we recommend you [migrate](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration/) to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
-:::
-
-:::note
-Collecting data from Azure Event Hubs using this Cloud-to-Cloud collection method supports a throughput limit of 1MB/s (86GB/day) per named Event Hub egress rate. If you require higher throughput, we recommend using [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source).
-:::
-
-<img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="Azure Event Hub icon" width="40"/>
-
-This cloud-to-cloud Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required authentication, scheduling, and state tracking information.
-
-:::tip Migrating to C2C
-See [Migrating from ARM based Azure Monitor Logs Collection](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration).
-:::
-
-## Data collected
-
-| Polling Interval | Data |
-| :--- | :--- |
-| 5 min | [Resource Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-schema) |
-| 5 min | [Activity Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema) |
-
-Third party apps or services can be configured to send event data to Event Hubs as well, including [Auth0](https://auth0.com/docs/logs/streams/azure-event-grid).
-
-## Setup
-
-### Vendor configuration
-
-The Event Hub doesn't have to be in the same subscription as the resource sending logs if the user who configures the setting has appropriate Azure role-based access control access to both subscriptions. By using Azure Lighthouse, it's also possible to have diagnostic settings sent to a event hub in another Azure Active Directory tenant. The event hub namespace needs to be in the same region as the resource being monitored if the resource is regional so you may have to configure multiple Azure Event Hubs Sources. More details about destination limitations and permissions are described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
-
-1. [Create an Event Hub using the Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) by navigating to Event Hubs in the Azure Portal.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep1.png')} alt="Select Azure Event Hubs" style={{border: '1px solid gray'}} width="800" />
-1. Create an Event Hubs namespace. In this example, Namespace is set to **cnctest**:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep2.png')} alt="Select Add" style={{border: '1px solid gray'}} width="300" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep3.png')} alt="Select Review and Create" style={{border: '1px solid gray'}} width="600" />
-1. Create an Event Hub Instance.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep4.png')} alt="Create Event Hubs instance" style={{border: '1px solid gray'}} width="800" />
-    * Shared Access Policies can be set up for the entire namespace. These policies can be used to access/manage all hubs in the namespace. A policy for the namespace is created by default: **RootManageSharedAccessKey** <br/><img src={useBaseUrl('img/send-data/AzureEventHubstep5.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" />
-    <br/>In this example, Event Hub Instance is set to <strong>my-hub</strong>.
-1. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) with the **Listen** claim to the newly created Event Hub Instance:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep6.png')} alt="Listen claim" style={{border: '1px solid gray'}} width="800" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep7.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep8.png')} alt="SumoCollectionPolicy" style={{border: '1px solid gray'}} width="800" /><br/>In this example, Event Hub Instance is set to **SumoCollectionPolicy**.
-1. Copy the Shared Access Policy Key.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep9.png')} alt="Copy access key" style={{border: '1px solid gray'}} width="800" />
-    Copy the Primary/Secondary key associated with this policy.
-1. When [configuring the Azure Event Hubs Source](#vendor-configuration) in Sumo Logic, our input fields might be:
-
-   | Field | Value  |
-   |:----------------------------|:----------------------|
-   | Azure Event Hubs Namespace | cnctest |
-   | Event Hubs Instance Name   | my-hub               |
-   | Shared Access Policy Name  | SumoCollectionPolicy |
-   | Shared Access Policy Key<br/>(use primary key)  | mOsLf3RE…            |
-
-### Source configuration
-
-When you create an Azure Event Hubs Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
-
-To configure an Azure Event Hubs Source:
-
-1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.<br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. 
-1. On the Collectors page, click **Add Source** next to a **HostedCollector**.
-:::
-    Make sure the hosted collector is tagged with tenant_name field for the out of the box Azure apps to work. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name).
-:::
-1. Search for and select **Azure Event Hubs**.
-1. Enter a **Name** for the Source. The description is optional.
-1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
-1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). <br/><ForwardToSiem/>
-1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
-   * <img src={useBaseUrl('img/reuse/green-check-circle.png')} alt="Green check circle" width="20"/> A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
-   * <img src={useBaseUrl('img/reuse/orange-exclamation-point.png')} alt="Orange exclamation point" width="20"/> An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  
-1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name. 
-1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name.
-1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim.
-1. **Consumer Group Name**. If needed, specify a custom consumer group name. When using a custom **Consumer Group** make sure that it exists for the Event Hub instance.
-1. **Receive data with latest offset or from timestamp**. Choose one of the following options:
-    * **Latest offset** (default) - this will start the receiver with the latest offset and collect any new logs received to the Event Hub moving forward.
-    * **Timestamp** - use this option to start receiving logs from a specific point in time in the event stream. **Timestamp** can be used to ingest historical data. Once all historical data has been ingested it is recommended to switch to **Latest offset.** This will ensure the Collector continues from the latest recorded checkpoint when restarted and not use the **Timestamp** specified as a starting point, which could result in logs being received and processed more than once.        
-1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in Create a Processing Rule.
-1. **Advanced Options for Logs**.
-   * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
-   * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
-   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a Source. See [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference) for more information.        
-1. When you are finished configuring the Source, click **Submit**.
-
-## Metadata fields
-
-| Field | Value | Description |
-| :--- | :--- | :--- |
-| `_siemDataType` | `Inventory` | Set when **Forward To SIEM** is checked. |
-| `_siemProduct` | `Azure` | Set when **Forward To SIEM** is checked. |
-| `_siemVendor` | `Microsoft` | Set when **Forward To SIEM** is checked. |
-| `_siemFormat` | `JSON` | Set when **Forward To SIEM** is checked. |
-| `_siemEventID` | `<metadata.eventType>` | Where `metadata.eventType` is populated from the field in the event JSON, such as Administrative or Resource Health. See more information about the available event types for the Azure platform in Activity Log Categories and Resource Log Categories. Logs that do not contain a category field are assigned category UNKNOWN. |
-
-## JSON schema
-
-Sources can be configured using UTF-8 encoded JSON files with the Collector Management API. See [how to use JSON to configure Sources](/docs/send-data/use-json-configure-sources) for details. 
-
-| Parameter | Type | Value | Required | Description |
-|:--|:--|:--|:--|:--|
-| schemaRef | JSON Object  | `{"type":"Azure Event Hubs"}` | Yes | Define the specific schema type. |
-| sourceType | String | `"Universal"` | Yes | Type of source. |
-| config | JSON Object | [Configuration object](#configuration-object) | Yes | Source type specific values. |
-
-### Configuration Object
-
-| Parameter | Type | Required | Default | Description | Example |
-|:--|:--|:--|:--|:--|:--|
-| name | String | Yes | `null` | Type a desired name of the source. The name must be unique per Collector. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_source`. | `"mySource"` |
-| description | String | No | `null` | Type a description of the source. | `"Testing source"`
-| category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"`
-| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. Use the boolean field `_siemForward` to enable forwarding to SIEM.|`{"_siemForward": false, "fieldA": "valueA"}` |
-| namespace | String | Yes | `null` | Your Azure Event Hubs Namespace name. |  |
-| hub_name | String | Yes	 | `null` | The Azure Event Hubs Instance Name. |  |
-| access_policy_name | String | Yes | `null` | Your Shared Access Policy Name. The Shared Access Policy requires the Listen claim. |  |
-| access_policy_key | String | Yes |`null`  | Your Shared Access Policy Key. The Shared Access Policy requires the Listen claim. |  |
-| consumer_group | String | Yes | $Default | If needed, specify a custom consumer group name. When using a custom Consumer Group make sure that it exists for the Event Hub instance. |  |
-| receive_with_latest_offset | Boolean | Yes | True | Receive data with the latest offset or from the timestamp. |  |
-| receive_from_timestamp | Boolean | No  | `null` | Set to true when receive_with_latest_offset is false. |  |
-| timeZone | String | No | null | Type the time zone you'd like the source to use in TZ database format. | `"America/Los_Angeles"`. See [time zone format](/docs/send-data/use-json-configure-sources) for details. |
-| forceTimeZone | Boolean | No | false | Type `true` to force the Source to use a specific time zone, otherwise type `false` to use the time zone found in the logs. The default setting is false. |  |
-| automaticDateParsing | Boolean | No | true | Determines if timestamp information is parsed or not. Type `true` to enable automatic parsing of dates (the default setting); type `false` to disable. If disabled, no timestamp information is parsed at all. |  |
-| autoParseTimeFormat | Boolean | No | true | Sets if the timestamp format is automatically detected by Sumo Logic. If `autoParseTimeFormat` is set to false, then `defaultDateFormats` must be specified. |  |
-| defaultDateFormats | array | No | `null` | Define formats for the dates present in your log messages. You can specify a locator regex to identify where timestamps appear in log lines.<br/>The `defaultDateFormats` object has two elements:<br/>`format` (required)—Specify the date format.<br/>`locator` (optional)—A regular expression that specifies the location of the timestamp in your log lines. | For example, `INFO(.*)`<br/> For an example, see [Timestamp example](/docs/send-data/use-json-configure-sources/#timestamp-example).<br/>For more information about timestamp options, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). |
-
-### JSON example
-
-```json reference
-https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.json
-```
-
-### Terraform example
-
-```sh reference
-https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.tf
-```
-
-## FAQ
-
-:::info
-Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
-:::

From eacf491f4ae7697567a8eee23cecf61c661aaae9 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 02:37:03 +0530
Subject: [PATCH 09/13] Create azure-event-hubs-source.md

---
 .../azure-event-hubs-source.md                | 150 ++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md

diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md
new file mode 100644
index 0000000000..706cd8c5b4
--- /dev/null
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md
@@ -0,0 +1,150 @@
+---
+id: azure-event-hubs-source
+title: Azure Event Hubs Source
+tags:
+  - cloud-to-cloud
+  - azure-event-hubs
+sidebar_label: Azure Event Hubs
+---
+
+import ForwardToSiem from '/docs/reuse/forward-to-siem.md';
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+:::important
+From April 30, 2025, Sumo Logic will no longer support adding a source using this Azure Event Hubs source. Existing Azure Event Hubs source configurations will still work for some time, but we recommend you [migrate](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration/) to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
+:::
+
+:::note
+Collecting data from Azure Event Hubs using this Cloud-to-Cloud collection method supports a throughput limit of 1MB/s (86GB/day) per named Event Hub egress rate. If you require higher throughput, we recommend using [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source).
+:::
+
+<img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="Azure Event Hub icon" width="40"/>
+
+This cloud-to-cloud Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required authentication, scheduling, and state tracking information.
+
+:::tip Migrating to C2C
+See [Migrating from ARM based Azure Monitor Logs Collection](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration).
+:::
+
+## Data collected
+
+| Polling Interval | Data |
+| :--- | :--- |
+| 5 min | [Resource Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-schema) |
+| 5 min | [Activity Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema) |
+
+Third party apps or services can be configured to send event data to Event Hubs as well, including [Auth0](https://auth0.com/docs/logs/streams/azure-event-grid).
+
+## Setup
+
+### Vendor configuration
+
+The Event Hub doesn't have to be in the same subscription as the resource sending logs if the user who configures the setting has appropriate Azure role-based access control access to both subscriptions. By using Azure Lighthouse, it's also possible to have diagnostic settings sent to a event hub in another Azure Active Directory tenant. The event hub namespace needs to be in the same region as the resource being monitored if the resource is regional so you may have to configure multiple Azure Event Hubs Sources. More details about destination limitations and permissions are described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
+
+1. [Create an Event Hub using the Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) by navigating to Event Hubs in the Azure Portal.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep1.png')} alt="Select Azure Event Hubs" style={{border: '1px solid gray'}} width="800" />
+1. Create an Event Hubs namespace. In this example, Namespace is set to **cnctest**:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep2.png')} alt="Select Add" style={{border: '1px solid gray'}} width="300" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep3.png')} alt="Select Review and Create" style={{border: '1px solid gray'}} width="600" />
+1. Create an Event Hub Instance.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep4.png')} alt="Create Event Hubs instance" style={{border: '1px solid gray'}} width="800" />
+    * Shared Access Policies can be set up for the entire namespace. These policies can be used to access/manage all hubs in the namespace. A policy for the namespace is created by default: **RootManageSharedAccessKey** <br/><img src={useBaseUrl('img/send-data/AzureEventHubstep5.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" />
+    <br/>In this example, Event Hub Instance is set to <strong>my-hub</strong>.
+1. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) with the **Listen** claim to the newly created Event Hub Instance:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep6.png')} alt="Listen claim" style={{border: '1px solid gray'}} width="800" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep7.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep8.png')} alt="SumoCollectionPolicy" style={{border: '1px solid gray'}} width="800" /><br/>In this example, Event Hub Instance is set to **SumoCollectionPolicy**.
+1. Copy the Shared Access Policy Key.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep9.png')} alt="Copy access key" style={{border: '1px solid gray'}} width="800" />
+    Copy the Primary/Secondary key associated with this policy.
+1. When [configuring the Azure Event Hubs Source](#vendor-configuration) in Sumo Logic, our input fields might be:
+
+   | Field | Value  |
+   |:----------------------------|:----------------------|
+   | Azure Event Hubs Namespace | cnctest |
+   | Event Hubs Instance Name   | my-hub               |
+   | Shared Access Policy Name  | SumoCollectionPolicy |
+   | Shared Access Policy Key<br/>(use primary key)  | mOsLf3RE…            |
+
+### Source configuration
+
+When you create an Azure Event Hubs Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
+
+To configure an Azure Event Hubs Source:
+
+1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.<br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. 
+1. On the Collectors page, click **Add Source** next to a **HostedCollector**.
+:::
+    Make sure the hosted collector is tagged with tenant_name field for the out of the box Azure apps to work. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name).
+:::
+1. Search for and select **Azure Event Hubs**.
+1. Enter a **Name** for the Source. The description is optional.
+1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
+1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). <br/><ForwardToSiem/>
+1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
+   * <img src={useBaseUrl('img/reuse/green-check-circle.png')} alt="Green check circle" width="20"/> A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
+   * <img src={useBaseUrl('img/reuse/orange-exclamation-point.png')} alt="Orange exclamation point" width="20"/> An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  
+1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name. 
+1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name.
+1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim.
+1. **Consumer Group Name**. If needed, specify a custom consumer group name. When using a custom **Consumer Group** make sure that it exists for the Event Hub instance.
+1. **Receive data with latest offset or from timestamp**. Choose one of the following options:
+    * **Latest offset** (default) - this will start the receiver with the latest offset and collect any new logs received to the Event Hub moving forward.
+    * **Timestamp** - use this option to start receiving logs from a specific point in time in the event stream. **Timestamp** can be used to ingest historical data. Once all historical data has been ingested it is recommended to switch to **Latest offset.** This will ensure the Collector continues from the latest recorded checkpoint when restarted and not use the **Timestamp** specified as a starting point, which could result in logs being received and processed more than once.        
+1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in Create a Processing Rule.
+1. **Advanced Options for Logs**.
+   * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
+   * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
+   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a Source. See [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference) for more information.        
+1. When you are finished configuring the Source, click **Submit**.
+
+## Metadata fields
+
+| Field | Value | Description |
+| :--- | :--- | :--- |
+| `_siemDataType` | `Inventory` | Set when **Forward To SIEM** is checked. |
+| `_siemProduct` | `Azure` | Set when **Forward To SIEM** is checked. |
+| `_siemVendor` | `Microsoft` | Set when **Forward To SIEM** is checked. |
+| `_siemFormat` | `JSON` | Set when **Forward To SIEM** is checked. |
+| `_siemEventID` | `<metadata.eventType>` | Where `metadata.eventType` is populated from the field in the event JSON, such as Administrative or Resource Health. See more information about the available event types for the Azure platform in Activity Log Categories and Resource Log Categories. Logs that do not contain a category field are assigned category UNKNOWN. |
+
+## JSON schema
+
+Sources can be configured using UTF-8 encoded JSON files with the Collector Management API. See [how to use JSON to configure Sources](/docs/send-data/use-json-configure-sources) for details. 
+
+| Parameter | Type | Value | Required | Description |
+|:--|:--|:--|:--|:--|
+| schemaRef | JSON Object  | `{"type":"Azure Event Hubs"}` | Yes | Define the specific schema type. |
+| sourceType | String | `"Universal"` | Yes | Type of source. |
+| config | JSON Object | [Configuration object](#configuration-object) | Yes | Source type specific values. |
+
+### Configuration Object
+
+| Parameter | Type | Required | Default | Description | Example |
+|:--|:--|:--|:--|:--|:--|
+| name | String | Yes | `null` | Type a desired name of the source. The name must be unique per Collector. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_source`. | `"mySource"` |
+| description | String | No | `null` | Type a description of the source. | `"Testing source"`
+| category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"`
+| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. Use the boolean field `_siemForward` to enable forwarding to SIEM.|`{"_siemForward": false, "fieldA": "valueA"}` |
+| namespace | String | Yes | `null` | Your Azure Event Hubs Namespace name. |  |
+| hub_name | String | Yes	 | `null` | The Azure Event Hubs Instance Name. |  |
+| access_policy_name | String | Yes | `null` | Your Shared Access Policy Name. The Shared Access Policy requires the Listen claim. |  |
+| access_policy_key | String | Yes |`null`  | Your Shared Access Policy Key. The Shared Access Policy requires the Listen claim. |  |
+| consumer_group | String | Yes | $Default | If needed, specify a custom consumer group name. When using a custom Consumer Group make sure that it exists for the Event Hub instance. |  |
+| receive_with_latest_offset | Boolean | Yes | True | Receive data with the latest offset or from the timestamp. |  |
+| receive_from_timestamp | Boolean | No  | `null` | Set to true when receive_with_latest_offset is false. |  |
+| timeZone | String | No | null | Type the time zone you'd like the source to use in TZ database format. | `"America/Los_Angeles"`. See [time zone format](/docs/send-data/use-json-configure-sources) for details. |
+| forceTimeZone | Boolean | No | false | Type `true` to force the Source to use a specific time zone, otherwise type `false` to use the time zone found in the logs. The default setting is false. |  |
+| automaticDateParsing | Boolean | No | true | Determines if timestamp information is parsed or not. Type `true` to enable automatic parsing of dates (the default setting); type `false` to disable. If disabled, no timestamp information is parsed at all. |  |
+| autoParseTimeFormat | Boolean | No | true | Sets if the timestamp format is automatically detected by Sumo Logic. If `autoParseTimeFormat` is set to false, then `defaultDateFormats` must be specified. |  |
+| defaultDateFormats | array | No | `null` | Define formats for the dates present in your log messages. You can specify a locator regex to identify where timestamps appear in log lines.<br/>The `defaultDateFormats` object has two elements:<br/>`format` (required)—Specify the date format.<br/>`locator` (optional)—A regular expression that specifies the location of the timestamp in your log lines. | For example, `INFO(.*)`<br/> For an example, see [Timestamp example](/docs/send-data/use-json-configure-sources/#timestamp-example).<br/>For more information about timestamp options, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). |
+
+### JSON example
+
+```json reference
+https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.json
+```
+
+### Terraform example
+
+```sh reference
+https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.tf
+```
+
+## FAQ
+
+:::info
+Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
+:::

From 3e6e5b6da23f73b9aca62f6301af2a259b42ca78 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Wed, 1 Apr 2026 10:34:29 +0530
Subject: [PATCH 10/13] edited redirections

---
 blog-service/2022/12-31.md                    |   2 +-
 cid-redirects.json                            |   6 +-
 .../azure-event-hubs-source.md                | 150 ------------------
 3 files changed, 4 insertions(+), 154 deletions(-)
 delete mode 100644 docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md

diff --git a/blog-service/2022/12-31.md b/blog-service/2022/12-31.md
index 3fcb78d9f6..537aa8ea8d 100644
--- a/blog-service/2022/12-31.md
+++ b/blog-service/2022/12-31.md
@@ -618,7 +618,7 @@ New - We are delighted to announce the release of the [Sumo Logic Amazon Route 5
 
 Update - The [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source) now has the option to collect undelivered logs from the backup directory.
 
-Update - The [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source) now supports Processing Rules and timestamp configuration options for logs.
+Update - The [Azure Event Hubs Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) now supports Processing Rules and timestamp configuration options for logs.
 
 ---
 ## March 17, 2022 (Apps)
diff --git a/cid-redirects.json b/cid-redirects.json
index e916a441fe..4993d2a3bc 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -124,7 +124,7 @@
   "/03Send-Data/Collect-from-Other-Data-Sources/Azure_Monitoring/Collect_Metrics_from_Azure_Monitor": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor",
   "/03Send-Data/Collect-from-Other-Data-Sources/Azure-API-Management-Collector": "/docs/send-data/collect-from-other-data-sources/azure-monitoring",
   "/03Send-Data/Collect-from-Other-Data-Sources/Azure-API-Management": "/docs/send-data/collect-from-other-data-sources/azure-monitoring",
-  "/03Send-Data/Collect-from-Other-Data-Sources/Azure-Event-Hubs-Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source",
+  "/03Send-Data/Collect-from-Other-Data-Sources/Azure-Event-Hubs-Source": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source",
   "/03Send-Data/Collect-from-Other-Data-Sources/Collect_AWS_Lambda_Logs_using_an_Extension": "/docs/send-data/collect-from-other-data-sources/collect-aws-lambda-logs-extension",
   "/03Send-Data/Collect-from-Other-Data-Sources/Collect_AWS_Lambda_Logs_using_an_Extension/Performance_Impact_and_Failover_Handling": "/docs/send-data/collect-from-other-data-sources/performance-impact-failover-handling",
   "/03Send-Data/Collect-from-Other-Data-Sources/Collect-from-Docker-Containers/01-Configure-a-Docker-Collector": "/docs/send-data/collect-from-other-data-sources/docker-collection-methods",
@@ -295,7 +295,7 @@
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/AWS_Cost_Explorer_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source",
   "/docs/send-data/hosted-collectors/amazon-aws/aws-cost-explorer": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source",
   "/docs/send-data/hosted-collectors/amazon-aws/aws-cost-explorer-source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-cost-explorer-source",
-  "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Azure_Event_Hubs_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source",
+  "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Azure_Event_Hubs_Source": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Carbon_Black_Cloud_Source": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/carbon-black",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Carbon_Black_Inventory_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Cisco_AMP_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source",
@@ -2138,7 +2138,6 @@
   "/cid/24000": "/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-events",
   "/cid/24841": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
   "/cid/25611": "/docs/integrations/saas-cloud/akamai-cloud-monitor",
-  "/cid/25612": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source",
   "/cid/25613": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/carbon-black",
   "/cid/25614": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source",
   "/cid/25615": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-amp-source",
@@ -3009,6 +3008,7 @@
   "/cid/1150": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source/",
   "/cid/1151": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/",
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
+  "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md
deleted file mode 100644
index 706cd8c5b4..0000000000
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source.md
+++ /dev/null
@@ -1,150 +0,0 @@
----
-id: azure-event-hubs-source
-title: Azure Event Hubs Source
-tags:
-  - cloud-to-cloud
-  - azure-event-hubs
-sidebar_label: Azure Event Hubs
----
-
-import ForwardToSiem from '/docs/reuse/forward-to-siem.md';
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-:::important
-From April 30, 2025, Sumo Logic will no longer support adding a source using this Azure Event Hubs source. Existing Azure Event Hubs source configurations will still work for some time, but we recommend you [migrate](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration/) to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
-:::
-
-:::note
-Collecting data from Azure Event Hubs using this Cloud-to-Cloud collection method supports a throughput limit of 1MB/s (86GB/day) per named Event Hub egress rate. If you require higher throughput, we recommend using [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source).
-:::
-
-<img src={useBaseUrl('img/send-data/azure-event-hub.svg')} alt="Azure Event Hub icon" width="40"/>
-
-This cloud-to-cloud Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required authentication, scheduling, and state tracking information.
-
-:::tip Migrating to C2C
-See [Migrating from ARM based Azure Monitor Logs Collection](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration).
-:::
-
-## Data collected
-
-| Polling Interval | Data |
-| :--- | :--- |
-| 5 min | [Resource Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs-schema) |
-| 5 min | [Activity Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema) |
-
-Third party apps or services can be configured to send event data to Event Hubs as well, including [Auth0](https://auth0.com/docs/logs/streams/azure-event-grid).
-
-## Setup
-
-### Vendor configuration
-
-The Event Hub doesn't have to be in the same subscription as the resource sending logs if the user who configures the setting has appropriate Azure role-based access control access to both subscriptions. By using Azure Lighthouse, it's also possible to have diagnostic settings sent to a event hub in another Azure Active Directory tenant. The event hub namespace needs to be in the same region as the resource being monitored if the resource is regional so you may have to configure multiple Azure Event Hubs Sources. More details about destination limitations and permissions are described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
-
-1. [Create an Event Hub using the Azure portal](https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-create) by navigating to Event Hubs in the Azure Portal.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep1.png')} alt="Select Azure Event Hubs" style={{border: '1px solid gray'}} width="800" />
-1. Create an Event Hubs namespace. In this example, Namespace is set to **cnctest**:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep2.png')} alt="Select Add" style={{border: '1px solid gray'}} width="300" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep3.png')} alt="Select Review and Create" style={{border: '1px solid gray'}} width="600" />
-1. Create an Event Hub Instance.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep4.png')} alt="Create Event Hubs instance" style={{border: '1px solid gray'}} width="800" />
-    * Shared Access Policies can be set up for the entire namespace. These policies can be used to access/manage all hubs in the namespace. A policy for the namespace is created by default: **RootManageSharedAccessKey** <br/><img src={useBaseUrl('img/send-data/AzureEventHubstep5.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" />
-    <br/>In this example, Event Hub Instance is set to <strong>my-hub</strong>.
-1. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) with the **Listen** claim to the newly created Event Hub Instance:<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep6.png')} alt="Listen claim" style={{border: '1px solid gray'}} width="800" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep7.png')} alt="Shared access policies" style={{border: '1px solid gray'}} width="500" /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep8.png')} alt="SumoCollectionPolicy" style={{border: '1px solid gray'}} width="800" /><br/>In this example, Event Hub Instance is set to **SumoCollectionPolicy**.
-1. Copy the Shared Access Policy Key.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep9.png')} alt="Copy access key" style={{border: '1px solid gray'}} width="800" />
-    Copy the Primary/Secondary key associated with this policy.
-1. When [configuring the Azure Event Hubs Source](#vendor-configuration) in Sumo Logic, our input fields might be:
-
-   | Field | Value  |
-   |:----------------------------|:----------------------|
-   | Azure Event Hubs Namespace | cnctest |
-   | Event Hubs Instance Name   | my-hub               |
-   | Shared Access Policy Name  | SumoCollectionPolicy |
-   | Shared Access Policy Key<br/>(use primary key)  | mOsLf3RE…            |
-
-### Source configuration
-
-When you create an Azure Event Hubs Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
-
-To configure an Azure Event Hubs Source:
-
-1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.<br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. 
-1. On the Collectors page, click **Add Source** next to a **HostedCollector**.
-:::
-    Make sure the hosted collector is tagged with tenant_name field for the out of the box Azure apps to work. You can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name).
-:::
-1. Search for and select **Azure Event Hubs**.
-1. Enter a **Name** for the Source. The description is optional.
-1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
-1. **Forward to SIEM**. Check the checkbox to forward your data to [Cloud SIEM](/docs/cse/). <br/><ForwardToSiem/>
-1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
-   * <img src={useBaseUrl('img/reuse/green-check-circle.png')} alt="Green check circle" width="20"/> A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
-   * <img src={useBaseUrl('img/reuse/orange-exclamation-point.png')} alt="Orange exclamation point" width="20"/> An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**.  
-1. **Azure Event Hubs Namespace**. Enter your Azure Event Hubs Namespace name. 
-1. **Event Hubs Instance Name**. Enter the Azure Event Hubs Instance Name.
-1. **Shared Access Policy**. Enter your Shared Access Policy Name and Key. The Shared Access Policy requires the **Listen** claim.
-1. **Consumer Group Name**. If needed, specify a custom consumer group name. When using a custom **Consumer Group** make sure that it exists for the Event Hub instance.
-1. **Receive data with latest offset or from timestamp**. Choose one of the following options:
-    * **Latest offset** (default) - this will start the receiver with the latest offset and collect any new logs received to the Event Hub moving forward.
-    * **Timestamp** - use this option to start receiving logs from a specific point in time in the event stream. **Timestamp** can be used to ingest historical data. Once all historical data has been ingested it is recommended to switch to **Latest offset.** This will ensure the Collector continues from the latest recorded checkpoint when restarted and not use the **Timestamp** specified as a starting point, which could result in logs being received and processed more than once.        
-1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in Create a Processing Rule.
-1. **Advanced Options for Logs**.
-   * **Timestamp Parsing**. This option is selected by default. If it's deselected, no timestamp information is parsed at all.
-   * **Time Zone**. There are two options for Time Zone. You can use the time zone present in your log files, and then choose an option in case time zone information is missing from a log message. Or, you can have Sumo Logic completely disregard any time zone information present in logs by forcing a time zone. It's very important to have the proper time zone set, no matter which option you choose. If the time zone of logs cannot be determined, Sumo Logic assigns logs UTC; if the rest of your logs are from another time zone your search results will be affected.
-   * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a Source. See [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference) for more information.        
-1. When you are finished configuring the Source, click **Submit**.
-
-## Metadata fields
-
-| Field | Value | Description |
-| :--- | :--- | :--- |
-| `_siemDataType` | `Inventory` | Set when **Forward To SIEM** is checked. |
-| `_siemProduct` | `Azure` | Set when **Forward To SIEM** is checked. |
-| `_siemVendor` | `Microsoft` | Set when **Forward To SIEM** is checked. |
-| `_siemFormat` | `JSON` | Set when **Forward To SIEM** is checked. |
-| `_siemEventID` | `<metadata.eventType>` | Where `metadata.eventType` is populated from the field in the event JSON, such as Administrative or Resource Health. See more information about the available event types for the Azure platform in Activity Log Categories and Resource Log Categories. Logs that do not contain a category field are assigned category UNKNOWN. |
-
-## JSON schema
-
-Sources can be configured using UTF-8 encoded JSON files with the Collector Management API. See [how to use JSON to configure Sources](/docs/send-data/use-json-configure-sources) for details. 
-
-| Parameter | Type | Value | Required | Description |
-|:--|:--|:--|:--|:--|
-| schemaRef | JSON Object  | `{"type":"Azure Event Hubs"}` | Yes | Define the specific schema type. |
-| sourceType | String | `"Universal"` | Yes | Type of source. |
-| config | JSON Object | [Configuration object](#configuration-object) | Yes | Source type specific values. |
-
-### Configuration Object
-
-| Parameter | Type | Required | Default | Description | Example |
-|:--|:--|:--|:--|:--|:--|
-| name | String | Yes | `null` | Type a desired name of the source. The name must be unique per Collector. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_source`. | `"mySource"` |
-| description | String | No | `null` | Type a description of the source. | `"Testing source"`
-| category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"`
-| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. Use the boolean field `_siemForward` to enable forwarding to SIEM.|`{"_siemForward": false, "fieldA": "valueA"}` |
-| namespace | String | Yes | `null` | Your Azure Event Hubs Namespace name. |  |
-| hub_name | String | Yes	 | `null` | The Azure Event Hubs Instance Name. |  |
-| access_policy_name | String | Yes | `null` | Your Shared Access Policy Name. The Shared Access Policy requires the Listen claim. |  |
-| access_policy_key | String | Yes |`null`  | Your Shared Access Policy Key. The Shared Access Policy requires the Listen claim. |  |
-| consumer_group | String | Yes | $Default | If needed, specify a custom consumer group name. When using a custom Consumer Group make sure that it exists for the Event Hub instance. |  |
-| receive_with_latest_offset | Boolean | Yes | True | Receive data with the latest offset or from the timestamp. |  |
-| receive_from_timestamp | Boolean | No  | `null` | Set to true when receive_with_latest_offset is false. |  |
-| timeZone | String | No | null | Type the time zone you'd like the source to use in TZ database format. | `"America/Los_Angeles"`. See [time zone format](/docs/send-data/use-json-configure-sources) for details. |
-| forceTimeZone | Boolean | No | false | Type `true` to force the Source to use a specific time zone, otherwise type `false` to use the time zone found in the logs. The default setting is false. |  |
-| automaticDateParsing | Boolean | No | true | Determines if timestamp information is parsed or not. Type `true` to enable automatic parsing of dates (the default setting); type `false` to disable. If disabled, no timestamp information is parsed at all. |  |
-| autoParseTimeFormat | Boolean | No | true | Sets if the timestamp format is automatically detected by Sumo Logic. If `autoParseTimeFormat` is set to false, then `defaultDateFormats` must be specified. |  |
-| defaultDateFormats | array | No | `null` | Define formats for the dates present in your log messages. You can specify a locator regex to identify where timestamps appear in log lines.<br/>The `defaultDateFormats` object has two elements:<br/>`format` (required)—Specify the date format.<br/>`locator` (optional)—A regular expression that specifies the location of the timestamp in your log lines. | For example, `INFO(.*)`<br/> For an example, see [Timestamp example](/docs/send-data/use-json-configure-sources/#timestamp-example).<br/>For more information about timestamp options, see [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference). |
-
-### JSON example
-
-```json reference
-https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.json
-```
-
-### Terraform example
-
-```sh reference
-https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/azure-event-hubs/example.tf
-```
-
-## FAQ
-
-:::info
-Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
-:::

From 7d65498df0a0bed109580de4f009636c079cd455 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Tue, 7 Apr 2026 14:09:18 -0500
Subject: [PATCH 11/13] Fix broken links

---
 docs/integrations/app-development/github.md               | 2 +-
 .../microsoft-azure/azure-app-service-plan.md             | 2 +-
 .../microsoft-dynamics365-customer-insights.md            | 8 ++++----
 docs/manage/manage-subscription/fedramp-capabilities.md   | 2 +-
 .../azure-monitoring/ms-azure-event-hubs-source.md        | 2 +-
 docs/send-data/use-json-configure-sources/index.md        | 2 +-
 .../json-parameters-hosted-sources.md                     | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/integrations/app-development/github.md b/docs/integrations/app-development/github.md
index 0f0f10d11a..2922caec46 100644
--- a/docs/integrations/app-development/github.md
+++ b/docs/integrations/app-development/github.md
@@ -14,7 +14,7 @@ The Sumo Logic App for GitHub connects to your GitHub repository at the Organiza
 :::note
 If you want to collect audit logs for [GitHub Enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise):
 
-1. Follow the instructions on [how to stream GitHub Enterprise Audit Logs to an Amazon S3 bucket](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3) or [Azure Event Hubs](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-azure-event-hubs). Use an [Amazon S3 source](/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source) or [Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source) to send those logs to Sumo Logic. 
+1. Follow the instructions on [how to stream GitHub Enterprise Audit Logs to an Amazon S3 bucket](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3) or [Azure Event Hubs](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-azure-event-hubs). Use an [Amazon S3 source](/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source) or [Event Hubs Source](//docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) to send those logs to Sumo Logic. 
 1. This app will work with [global webhook for Github enterprise](https://docs.github.com/en/enterprise-cloud@latest/webhooks/using-webhooks/creating-webhooks#creating-a-global-webhook-for-a-github-enterprise), [organization webhook](https://docs.github.com/en/enterprise-cloud@latest/webhooks/using-webhooks/creating-webhooks#creating-an-organization-webhook) or [repository webhook](https://docs.github.com/en/enterprise-cloud@latest/webhooks/using-webhooks/creating-webhooks#creating-a-repository-webhook).
 
 Make sure not to select the same webhook event type at multiple levels (i.e., enterprise, organization, or repository) to avoid ingesting duplicate data.
diff --git a/docs/integrations/microsoft-azure/azure-app-service-plan.md b/docs/integrations/microsoft-azure/azure-app-service-plan.md
index e8616f9252..251d723ea1 100644
--- a/docs/integrations/microsoft-azure/azure-app-service-plan.md
+++ b/docs/integrations/microsoft-azure/azure-app-service-plan.md
@@ -22,7 +22,7 @@ For Azure App Service Plan, you can collect the following metrics:
 
 Azure service sends monitoring data to Azure Monitor, which can then [stream data to Eventhub](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs). Sumo Logic supports:
 
-* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/).
+* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
 * Metrics collection using our [Azure Metrics Source](/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source).
 
 You must explicitly enable diagnostic settings for each Azure App Service plan you want to monitor. You can forward logs to the same event hub provided they satisfy the limitations and permissions as described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations).
diff --git a/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md b/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md
index d15cb75d6f..4633dcd989 100644
--- a/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md
+++ b/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md
@@ -25,7 +25,7 @@ API events and workflow events have a common structure, but with a few differenc
 
 Azure service sends monitoring data to Azure Monitor, which can then [stream data to Eventhub](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs). Sumo Logic supports:
 
-* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/).
+* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
 
 When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: `Azure/Dynamic365/Logs`
 
@@ -37,11 +37,11 @@ Follow the [prerequisites](https://learn.microsoft.com/en-us/dynamics365/custome
 
 In this section, you will configure a pipeline for shipping diagnostic logs from Azure Monitor to an Event Hub.
 
-1. Create an Event Hubs namespace as described in step 2 of [Vendor configuration](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/#vendor-configuration). Here, you do not have to create an Event Hub Instance in step 3 since `Microsoft Dynamics 365 Customer Insights` automatically creates the below two Event Hubs:
+1. Create an Event Hubs namespace as described in step 2 of [Vendor configuration](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration). Here, you do not have to create an Event Hub Instance in step 3 since `Microsoft Dynamics 365 Customer Insights` automatically creates the below two Event Hubs:
     * **insight-logs-audit**. It contains audit events.
     * **insight-logs-operational**. It contains operational events.
-2. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) for the entire namespace with the `Listen` claim or you can use the existing default `RootManageSharedAccessKey` policy. Copy the `Primary key` associated with this policy. For more details, refer to steps 4 and 5 of the [Vendor configuration section](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/#vendor-configuration).
-3. Create two Azure Event Hubs Sources using the instructions described [here](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/#vendor-configuration). You can add both of them to the same Hosted Collector. Provide `insight-logs-audit` and `insight-logs-operational` as `Event Hubs Instance Name` in the two Azure Event Hubs Sources, respectively.
+2. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) for the entire namespace with the `Listen` claim or you can use the existing default `RootManageSharedAccessKey` policy. Copy the `Primary key` associated with this policy. For more details, refer to steps 4 and 5 of the [Vendor configuration section](//docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration).
+3. Create two Azure Event Hubs Sources using the instructions described [here](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration). You can add both of them to the same Hosted Collector. Provide `insight-logs-audit` and `insight-logs-operational` as `Event Hubs Instance Name` in the two Azure Event Hubs Sources, respectively.
 4. To create the Diagnostic settings in the Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-us/dynamics365/customer-insights/diagnostics#set-up-diagnostics-with-azure-monitor).
    1. Choose Event Hub as the `Resource type`.
    1. Select the Event Hub's `Subscription` name, `Resource group` name, and `Resource` name for the destination resource.
diff --git a/docs/manage/manage-subscription/fedramp-capabilities.md b/docs/manage/manage-subscription/fedramp-capabilities.md
index a9c31832db..ff08b5d278 100644
--- a/docs/manage/manage-subscription/fedramp-capabilities.md
+++ b/docs/manage/manage-subscription/fedramp-capabilities.md
@@ -52,7 +52,7 @@ The following table shows the capabilities included with Sumo Logic’s FedRAMP
 | Collection - Amazon Web Services | [CSE AWS EC2 Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cse-aws-ec-inventory-source/) | &#10003; | |
 | Collection - Archive | [AWS S3 archive](/docs/manage/data-archiving/archive) | &#10003; | &#10003; |
 | Collection - Cloud APIs | [Akamai SIEM API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-siem-api-source/) | &#10003; | &#10003;<br/>*Available upon request within 5 business days.* |
-| Collection - Cloud APIs | [Azure Event Hubs](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/) | &#10003; | &#10003; |
+| Collection - Cloud APIs | [Azure Event Hubs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) | &#10003; | &#10003; |
 | Collection - Cloud APIs | [Box](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/box-source/) | &#10003; | &#10003;<br/>*Available upon request within 5 business days.* |
 | Collection - Cloud APIs | [Carbon Black Cloud](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source/) | &#10003; | &#10003;<br/>*Available upon request within 5 business days.* |
 | Collection - Cloud APIs | [Carbon Black Inventory](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source/) | &#10003; | &#10003;<br/>Available upon request within 5 business days. |
diff --git a/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md b/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md
index acccb0d5e5..12d21ef713 100644
--- a/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md
+++ b/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source.md
@@ -54,7 +54,7 @@ The Event Hub doesn't have to be in the same subscription as the resource sendin
     * Shared Access Policies can be set up for the entire namespace. These policies can be used to access/manage all hubs in the namespace. A policy for the namespace is created by default: `RootManageSharedAccessKey`. In this example, Event Hub Instance is set to `my-hub`.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep5.png')} alt="Create Event Hub page with the 'Name' field set to 'my-hub' and the 'Create' button highlighted." />
 4. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) with the Listen claim to the newly created Event Hub Instance. In this example, Event Hub Instance is set to `SumoCollectionPolicy`.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep6.png')} alt="Event Hubs Namespace overview page showing the 'Event Hubs' section under Entities with the newly created 'my-hub' Event Hub listed." /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep7.png')} alt="Shared access policies page for the 'my-hub' Event Hub with the 'Add' button highlighted." /><br/><img src={useBaseUrl('img/send-data/AzureEventHubstep8.png')} alt="Add SAS Policy page for the 'my-hub' Event Hub with the policy name set to 'SumoCollectionPolicy' and the 'Listen' permission checked. The 'Create' button is highlighted." />
 5. Copy the **Shared access policies** Key. Copy the **Primary key** associated with this policy.<br/><img src={useBaseUrl('img/send-data/AzureEventHubstep9.png')} alt="SAS Policy page for the 'my-hub' Event Hub showing the 'SumoCollectionPolicy' details, including primary and secondary keys, with the 'copy' icon highlighted." />
-6. When [configuring the Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/#vendor-configuration) in Sumo Logic, our input fields might be:
+6. When [configuring the Azure Event Hubs Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration) in Sumo Logic, our input fields might be:
 
   | Field | Value |
   |:---|:---|
diff --git a/docs/send-data/use-json-configure-sources/index.md b/docs/send-data/use-json-configure-sources/index.md
index 31a67118e9..7826d44ad1 100644
--- a/docs/send-data/use-json-configure-sources/index.md
+++ b/docs/send-data/use-json-configure-sources/index.md
@@ -85,7 +85,7 @@ Each source can have its own unique fields in addition to the generic fields lis
 | [AWS Kinesis Firehose for Logs Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#aws-kinesis-firehose-for-logs-source) | HTTP |
 | [Amazon S3 Audit Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#amazon-s3-audit-source) | Polling |
 | [AWS Metadata (Tag) Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#aws-metadata-tag-source) | Polling |
-| [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source) | Universal |
+| [Azure Event Hubs Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) | Universal |
 | [Carbon Black Cloud Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source) | Universal |
 | [Carbon Black Inventory Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source) | Universal |
 | [Cloud Syslog Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#cloud-syslog-source) | Cloudsyslog |
diff --git a/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources.md b/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources.md
index 14408c8d6f..9d7a459937 100644
--- a/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources.md
+++ b/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources.md
@@ -62,7 +62,7 @@ The Google Workspace Apps Audit Source cannot be created with JSON. This Source
 | [AWS Kinesis Firehose for Logs Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#aws-kinesis-firehose-for-logs-source) | HTTP |
 | [Amazon S3 Audit Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#amazon-s3-audit-source) | Polling |
 | [AWS Metadata (Tag) Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#aws-metadata-tag-source) | Polling |
-| [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source) | Universal |
+| [Azure Event Hubs Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) | Universal |
 | [Carbon Black Cloud Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source) | Universal |
 | [Carbon Black Inventory Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source) | Universal |
 | [Cloud Syslog Source](/docs/send-data/use-json-configure-sources/json-parameters-hosted-sources#cloud-syslog-source) | Cloudsyslog |

From 51584ef2f4ad834f9db3102d4cd9ff1f2f62b0be Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Tue, 7 Apr 2026 14:11:44 -0500
Subject: [PATCH 12/13] Fix link

---
 .../microsoft-azure/microsoft-dynamics365-customer-insights.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md b/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md
index 4633dcd989..8bba14c525 100644
--- a/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md
+++ b/docs/integrations/microsoft-azure/microsoft-dynamics365-customer-insights.md
@@ -40,7 +40,7 @@ In this section, you will configure a pipeline for shipping diagnostic logs from
 1. Create an Event Hubs namespace as described in step 2 of [Vendor configuration](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration). Here, you do not have to create an Event Hub Instance in step 3 since `Microsoft Dynamics 365 Customer Insights` automatically creates the below two Event Hubs:
     * **insight-logs-audit**. It contains audit events.
     * **insight-logs-operational**. It contains operational events.
-2. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) for the entire namespace with the `Listen` claim or you can use the existing default `RootManageSharedAccessKey` policy. Copy the `Primary key` associated with this policy. For more details, refer to steps 4 and 5 of the [Vendor configuration section](//docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration).
+2. Create a [Shared Access Policy](https://docs.microsoft.com/en-us/azure/governance/policy/overview) for the entire namespace with the `Listen` claim or you can use the existing default `RootManageSharedAccessKey` policy. Copy the `Primary key` associated with this policy. For more details, refer to steps 4 and 5 of the [Vendor configuration section](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration).
 3. Create two Azure Event Hubs Sources using the instructions described [here](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/#vendor-configuration). You can add both of them to the same Hosted Collector. Provide `insight-logs-audit` and `insight-logs-operational` as `Event Hubs Instance Name` in the two Azure Event Hubs Sources, respectively.
 4. To create the Diagnostic settings in the Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-us/dynamics365/customer-insights/diagnostics#set-up-diagnostics-with-azure-monitor).
    1. Choose Event Hub as the `Resource type`.

From f902bf205599905593bdb823c6533b835479213e Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Tue, 7 Apr 2026 14:23:33 -0500
Subject: [PATCH 13/13] One more tweak

---
 docs/integrations/app-development/github.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/app-development/github.md b/docs/integrations/app-development/github.md
index 2922caec46..c4f91a87a9 100644
--- a/docs/integrations/app-development/github.md
+++ b/docs/integrations/app-development/github.md
@@ -14,7 +14,7 @@ The Sumo Logic App for GitHub connects to your GitHub repository at the Organiza
 :::note
 If you want to collect audit logs for [GitHub Enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise):
 
-1. Follow the instructions on [how to stream GitHub Enterprise Audit Logs to an Amazon S3 bucket](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3) or [Azure Event Hubs](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-azure-event-hubs). Use an [Amazon S3 source](/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source) or [Event Hubs Source](//docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) to send those logs to Sumo Logic. 
+1. Follow the instructions on [how to stream GitHub Enterprise Audit Logs to an Amazon S3 bucket](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-amazon-s3) or [Azure Event Hubs](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-azure-event-hubs). Use an [Amazon S3 source](/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source) or [Event Hubs Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/) to send those logs to Sumo Logic. 
 1. This app will work with [global webhook for Github enterprise](https://docs.github.com/en/enterprise-cloud@latest/webhooks/using-webhooks/creating-webhooks#creating-a-global-webhook-for-a-github-enterprise), [organization webhook](https://docs.github.com/en/enterprise-cloud@latest/webhooks/using-webhooks/creating-webhooks#creating-an-organization-webhook) or [repository webhook](https://docs.github.com/en/enterprise-cloud@latest/webhooks/using-webhooks/creating-webhooks#creating-a-repository-webhook).
 
 Make sure not to select the same webhook event type at multiple levels (i.e., enterprise, organization, or repository) to avoid ingesting duplicate data.