sorry if this is a dumb question, but I cannot seem to find the answer: I am using an external source to read in Audit Log events in Azure Eventhub. I am able to get the data flowing and working, but I see that there are messages with the records field that have 2 messages, but some records only have 1 message. For those records that have 2 json events in them, why is this the case? I see that they might be related.
What I mean is that some logs I will see for some: category:NoninteractiveSignin:
records:[{..},{..}]
CodePudding user response:
Event Hub messages are binary, and opaque to Event Hubs. It’s entirely up to the sender what’s in each one.
So you’ll need to ask whatever application creates the messages about that.