Develop Reference

Logs for Azure Storage account SFTP service?

Can we get logs from the Azure SFTP service in Storage account? I've enabled the SFTP feature in the storage account which works as an SFTP service, I'm able to push files into it using client apps like Filezilla and Win SCP. But it's not working when I'm trying to push files from a client app. Client app is a reporting system which has the ability to push reports into an SFTP server.
My intention is to check the logs for the SFTP service and see why it's not serving requests from the client app

If the client can't reach the server for whatever reason, having logs on the Azure side won't help in any way. Check the client logs. What error are you getting?
Here's a list of common issues that might help:
https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-known-issues

As per this current documentation, you can pull the sftp logs by applying the filters in the activity logs or by enabling diagnostic settings on the storage accounts.
You can refer this documentation , for more information about the know issues with SFTP protocol in Azure blob storage account & currently this feature is in preview.

You can activate logs on your storage account from the diagnostic settings.
Go to the sftp storage account resource, then from the side menu you will see:
From it select the storage type (blob for example) you can then add a diagnostic settings:
Then select the category and select to which ever destination you desire, for example you can map it to a log analytic resource
Then you can query the logs, for example:
StorageBlobLogs
| where Category contains "StorageWrite"

How to get Users Logging Information Using Log Analytics in Azure SQL Database

I am trying to get Users logged in information in Azure SQL Database Using Log Analytics. Can it be possible if so, can you please help me on this ?
Below are Options available in Diagnostic Settings for Azure SQL Database.
Click 'Add Diagnostic setting' above to configure the collection of the following data:
DmsWorkers
ExecRequests
RequestSteps
SqlRequests
Waits
Basic
InstanceAndAppAdvanced
WorkloadManagement
I want to achieve this without using Sys schemas objects related to Azure SQL Databases.
Thanks,
Brahma

You need to enable Auditing in Azure SQL Server using and then you can check the logs in Azure Log Analytics.
Easiest way to enable auditing is through the Azure Portal. However, it can be easily set up through ARM templates, Azure Powershell, Azure CLI.
Auditing can be enabled either at the individual database level or at the logical server level. If enabled at the server level then it automatically applies to existing databases and any new databases that are created.
However, enabling both at the server and database level leads to duplicate logs.
In the homepage of the desired Azure Sql server, in the left pane there is an option for “Auditing”.
By default, Auditing is off. Enable it. Choose the Log Analytics Workspace where you need to store the logs. Click on Save.
Click on Add diagnostics setting. Let us enable diagnostics for errors and InstanceAndAppAdvanced. Send this data to the log analytics workspace using your subscription and log analytics workspace. Click on Save for the configuration.
To view the logs, open up the Log Analytics workspace that was configured as a sink and choose logs and select the scope.
Summarizing the connection attempts by caller IP addresses
AzureDiagnostics
|summarize count() by client_ip_s
Source: https://www.mssqltips.com/sqlservertip/6782/kusto-query-language-query-audit-data-azure-sql-database/

Analyse log files in Azure blob storage

I have on-prem Linux machines, we store their logs in our Azure storage account as blobs.
Can we use Azure log analytics to collect these logs stored in the blob storage?

​Yes, we can use Azure log analytics to collect the logs. There are 2 ways:
WAY-1
Try following the below steps
Fill in the required parameters and execute the script locally or in Azure Cloud Shell.
This PowerShell script downloads the logs from Azure Storage.
Convert the diagnostic logs into JSON format, as that is what the API expects.
Load custom data into Log Analytics using the HTTP Data Collector API.
For more information, you can refer to this Document
WAY-2
There is a direct process where you can install a log analytics agent in the virtual machines through Azure Monitor.
Azure Monitor collects the data directly from your physical or virtual Linux computers in your environment into a Log Analytics workspace for detailed analysis and correlation using the azure log analytics agents.
Steps to follow in order to collect data from data center using Azure monitor
STEP - 1: Install the log analytics agent for Linux
Enter the log analytics workspace id and primary key in the following command.
wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY>
2. Enter the log analytics workspace id in the following command and restart the agent
sudo /opt/microsoft/omsagent/bin/service_control restart [<workspace id>]
STEP - 2: Collect the event and performance data
Azure portal --> Log Analytics --> Log Analytics workspace --> Advance settings --> Data --> Syslog --> '+' sign.
Uncheck the severities Info, Notice, Debug and then Apply.
Now go to Linux Performance counters and click Add Recommended Counters and click Apply.
STEP - 3: View Collected Data
Log Analytics Workspace --> Logs (from the left pane)
On the Logs query page, type Perf in the query editor and select Run.
For more information, you can refer to this Blog.

I was able to push logs from local machine to AI in azure using telemetry service. How do I push the same from AI to OMS in azure?

I want to visualize logs in OMS(Log analytics workspace). I was able to push logs from local machine to AI in azure using the telemetry configuration. Ho do I push the same from AI to OMS(Log analytics workspace) in azure. (AI - azure application insights)

If you meant OMS as Log Analytics workspace then this might help you.

You do not need to push it to Log Analytics, you can query directly, and use the result for visualization using the app expression:
app("name-of-your-ai-resource").requests
| order by timestamp desc
| project timestamp, url, resultCode
Or you convert your Application Insights to use a Log Analytics Workspace for storage directly as KrishnaG-MSFT suggests. There is a conversion guide for that, found here.
Be aware though:
Choosing to migrate will instead change the location where new data is written to a Log Analytics workspace while preserving access to your classic resource data.
And do mind, you can create rich, interactive visualizations in App Insigths directly using workbooks.

How to Fetch only Azure Computers in OMS Log Analytics search query

I am trying to fetch underutilized computers in Azure. I am trying to use OMS Log Analytics query for this.
The query returns the Azure VMs and on-premise servers as well (fetched via SCOM or direct agent). I need to filter the result to get only the Azure VMs. What is the best way (or query) to fetch only Azure computers in OMS Log Analytics Search Query?
I know that I need to create a Computer Group and then use that Computer Group in my Query as shown below.
Type=Perf ObjectName=Processor CounterName="% Processor Time" Computer IN $ComputerGroups[AzureComputers]
I need to know what Query should I use to create the Computer Group "AzureComputers" which is used in the above query.This computer group will contain only computers which are present in Azure i.e. which are Azure VMs.

This feature is now provided out of the box in OMS Log Analytics. Finding Azure computers is as easy as running below query in Log Analytics:
 
Heartbeat | where ComputerEnvironment == "Azure" and notempty(ResourceId) | distinct Computer