I am trying to fetch invocation id of an Azure Function using the app insights query:
requests
| project
id,
operation_Name,
operation_Id,
cloud_RoleName,
invocationId=customDimensions['InvocationId']
| where cloud_RoleName =~ 'appname' and operation_Name =~ 'Gen'
And The result table shows no value for invocation id:
Am I missing something? Please let me know in the comment If I can add more information. Thanks.
I tried to reproduce your issue as I have got the invocation Id in the logs by following the below steps:
Created the Function App (.Net Core 6 Stack) in Azure with the HTTP Trigger Function Class inside the Azure Portal.
Open the Function App> Click on Logs in Monitoring Menu (left index pane) > Close this dialog box
Copied your query to get the results, where in the query:
cloud_RoleName is given as FunctionAppName,
operation_Name is given as FunctionName.
Related
I need to set an azure alert to my azure function http triggered. When I have an internal server error (500) then I need to send an alert email to a group of emails.
How to create a azure dash board to get the number of hits to an API.
need a better solution for alert email template and alerts setting.
I Tried to reproduce the same in my environment to create azure alerts when the function gets HTTP 500 server error:
Azure alert when azure function http triggered.
I have created a function app, like below.
Azure portal > Function App >Create
Create a function with visual studio and upload the same to the function app.
Sample code to create an exception.
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
throw new Exception("An error has occurred.");
}
Once publish the code to Azure Function app, check the Function Status. Like below.
Azure Portal > Function App > Select your Function app >Functions.
Run the function and check the result, like below.
Open Functions >Code + Test > Test/Run
Note: Body section add above vs code to get 500 server error.
Output
To generate the alert for HTTP 500 error.
Functions > Monitor > Run query in Application Insights
Query to check 500 internal error.
requests
| project
timestamp,
id,
operation_Name,
success,
resultCode,
duration,
operation_Id,
cloud_RoleName,
invocationId=customDimensions['InvocationId']
| where timestamp > ago(30d)
| where cloud_RoleName =~ 'httpdtriggeredfunc01' and operation_Name =~ 'Function1'
| order by timestamp desc
| take 20
Click on a new alert rule to generate the alert for the same error.
Create an action group with your DL email id.
When the function triggered HTTP 500 internal server error, you will get an alert to your mail id.
Successfully received an email.
2. How to create an azure dashboard to get the number of hits to an API.
To create a dashboard for the function app.
Open your function app > Application Insights > View Application Insights data.
Once open the application Insights data and select the application dashboard option, it will create a dashboard for your function app automatically.
Here alert setup based on status of a runbook job is mentioned. Can alerts also be made based on the errors present in the errors tab(as given below). So status might say 'completed' but there will be errors in the 'Errors' tab, I am talking about such a situation.
I have tried to reproduce this use case and I believe that alerts can be made based on the errors present in the errors tab i.e., by forwarding job data to Log Analytics and by using below kusto query in your log alert rule.
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.AUTOMATION" and RunbookName_s == "<YourRunbookName>"
| where ResultDescription startswith "Write-Error"
Illustration:
Create a runbook with the content Write-Error -Message "This is an error message". For example, check below screenshot.
enter image description here
Publish the runbook and execute it. Then as shown in below screenshot, you will be able to see the errors present in the Errors tab.
enter image description here
Go to Logs tile of your Log Analytics workspace to which you have forwarded the Azure Automation job data and then run below kusto query to verify if the logs are forwarded or not. For reference, check below screenshot as well.
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.AUTOMATION" and RunbookName_s == "test6_error"
| project TimeGenerated, Category, ResultType, ResultDescription, StreamType_s
enter image description here
As you can see JobStreams category recorded the error thats present in Errors tab in the Azure Automation job so our kusto query can be something like shown below.
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.AUTOMATION" and RunbookName_s == "test6_error"
| where ResultDescription startswith "Write-Error"
| project TimeGenerated, Category, ResultType, ResultDescription, StreamType_s
enter image description here
I have timer triggered Function. It is executed every minute but I don't see any logs in Monitor section in Azure Portal.
However when I click "Run query in Application Insights" and fix cloudRoleName in query (by default it is set to name of application but we changed it with ITelemetryInitializer) it displays all executions correctly.
EDIT:
This is my startup code
public class Startup : IWebJobsStartup
{
public void Configure(IWebJobsBuilder builder)
{
builder.Services
.AddSingleton<ITelemetryInitializer, CloudRoleNameInitializer>();
// more registrations
}
and CloudRoleNameInitializer
public class CloudRoleNameInitializer : ITelemetryInitializer
{
public void Initialize(ITelemetry telemetry)
{
telemetry.Context.Cloud.RoleName = "EmailPuller";
}
}
When I click run query in application Insights the query generated is
requests
| project timestamp, id, operation_Name, success, resultCode, duration, operation_Id, cloud_RoleName, invocationId=customDimensions['InvocationId']
| where timestamp > ago(30d)
| where cloud_RoleName =~ 'emailpuller-UNIQUE_ID_FROM_ARM_TEMPLATE' and operation_Name =~ 'OurOperationName'
| order by timestamp desc
| take 20
So you can see cloud_RoleName is different than set by ITelemetryInitializer. If I update query to use 'emailpuller' it returns information on executions
Your guess is right. The Monitor UI uses the default CloudRoleName to query the logs.
It's easy to find the root cause. The steps are as below:
1.Nav to azure portal -> your azure function -> Monitor -> press F12 to open the Develop Tool of the browser.
2.then click the Refresh button -> then in the Develop tool, select the api -> then in the Request Payload, you can see this api uses the default CloudRoleName to query the logs.
Here is the screenshot:
This may be a bug, you can raise an issue in github of Azure function.
I'm running a query in Azure Log Analytics to list which identities have read a secret from keyvault:
AzureDiagnostics
| where ResourceType == "VAULTS"
| order by TimeGenerated desc
| where OperationName == "SecretGet"
| project identity_claim_appid_g,
identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g,
identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s,
identity_claim_xms_mirid_s
The identity_claim_appid_g column contains the id of a registered application but is it possible to show the display name in the query results as well?
Not what you asked for, but for personal users you can use
identity_claim_unique_name_s
We are debugging our systems to see failed azure posts and want to learn why they failed in the first place.
The AzureMetric and Azure diagnostics are not helping when we are running the query over OMS.
Where do we see which values made us fail ?
Our OMS Query
search *
| where Resource == "xxx-API-NONPRODUCTION"
| where Type == "AzureDiagnostics"
Sample Error from OMS
$table
AzureDiagnostics
TenantId
yyy-0a7b-4833-8fb6-yyy
SourceSystem
Azure
TimeGenerated [UTC]
2017-12-20T15:05:00.845Z
Type
AzureDiagnostics
Environment_s
PROD
lastError_source_s
configuration
lastError_reason_s
OperationNotFound
lastError_message_s
Unable to match incoming request to an operation.
lastError_section_s
backend
OperationName
Microsoft.ApiManagement/GatewayLogs
Category
GatewayLogs
CallerIPAddress
51.yyy.34.yyy
location_s
UK West
method_s
GET
url_s
https://xxx-api-nonproduction.azure-api.net/qa/user/api/zzz/UserAccountExistsByEmailAddressAndIsEnabled/2bdel.qags2012#yopmail.com
cache_s
none
apiId_s
tttt
productId_s
tttt
userId_s
1
apimSubscriptionId_s
vvvv
ResourceId
/SUBSCRIPTIONS/vvvv-2F08-4DED-92B8-vvvv/RESOURCEGROUPS/xxx-CORE-NONPRODUCTION/PROVIDERS/MICROSOFT.APIMANAGEMENT/SERVICE/xxx-API-NONPRODUCTION
SubscriptionId
vvv-vvvv-vvv-vvv-vvv
ResourceGroup
xxx-CORE-NONPRODUCTION
ResourceProvider
MICROSOFT.APIMANAGEMENT
Resource
uuuu-API-NONPRODUCTION
ResourceType
SERVICE
CorrelationId
vvv-vvv-vvv-vvv-vvvvv
isRequestSuccess_b
false
Level_d
4
EventId_d
222
DurationMs
0
responseCode_d
404
responseSize_d
130
By default API management service does not log request body or headers, that can be done but with some extra work. You'll have to use log-to-eventhub policy to send body into eventhub and read it there later to log. Or you could save request body into a variable and return it as a response bidy from on-error section when request fails.
But from your log I can see that you get OperationNotFound: Unable to match incoming request to an operation. That means that URL was called on APIM service that didn't match any operation defined in API. The URL in question is https://xxx-api-nonproduction.azure-api.net/qa/user/api/zzz/UserAccountExistsByEmailAddressAndIsEnabled/2bdel.qags2012#yopmail.com
If we assume that "qa/user" is API suffix, then "/zzz/UserAccountExistsByEmailAddressAndIsEnabled/2bdel.qags2012#yopmail.com" should match URL template of one of operations in such API, and such operation must have method set as GET since that's what is being called.