I have created an Alert Rule in Event Grid for Dropped Events, alert works fine and I get the email, but neither in the Alert email or when I go and look at it in the Azure portal it shows me the actual error, like which subscription(s) had the failure and the error text (in my case I actually stopped one of the Functions that was subscribing one of the events to test the Alert)
In the Diagnostic Settings of Event Grid, I have set the logs to be sent to Log Analytics workspace but even after this I see no logs for the corresponding failures, am I missing anything? Is there an easy way to see the logs against a particular Alert?
Azure alerts proactively notify you when important conditions are found in your monitoring data. Log alerts allow users to use a Log Analytics query to evaluate resources logs every set frequency, and fire an alert based on the results.
You can search for the functions app logs under log analytics, check this Monitoring Azure Functions with Azure Monitor Logs documentation for the steps to do it.
Azure monitor processes terabytes of customer's log from across the world, which can also cause logs ingestion latency. It can be solved by optimizing the log alert queries.
Related
I have an application installed on a VM that publishes a page via OData.
I need to be able to trigger a high urgency alert based on one specific value published by the page.
I am little aware of Application Insights to monitor applications in Azure. But I am not sure if there is a way to read the data from the API and trigger an alert.
What options do I have to accomplish this in Azure?
Pls allow me to share my idea here.
creating app insights alert
enable app insights for azure vm
First, adding app insights to your application can made AI to capture your requests, dependencies, logs and some other messages, including calling API.
In my thoughts, I can log the response message of the API and set alert for some specific keywords. I created an azure function, and it will call MS graph API when triggered, and log the response. This function has integrated AI, so I created an alert by kql:
traces
| where timestamp > ago(30m) and message contains "xxx"
and set alert rule based on number of results greater than 0. When the alert was triggered, it will send email to my mailbox to mention me.
This means any time my API returned the response contains specific words, I will receive an email about it.
Topic.
I want to setup an alert when someone on my team updates a configuration in a function app. I could not find this in the docs. Is this possible?
have a look at the Azure App Service as an Event Grid source
you can use an azure portal to subscribe for the eventType Microsoft.Web.AppUpdated and handle this event message in your properly subscriber, for instance: send the email, etc.
Azure Portal is down so can not provide more detailed answer right now. Will try to update it later.
You can "create log alert" if you're able to find a log message in Application Insights. You'll have to setup Function to send logs to Log Analytics.
Something like:
Go to your Function's logs (Logs at left bottom in Portal or your Log Analytics Workspace).
Find the right table that has Function App Activity events/logs.
Write appropriate query.
Click on Create Alert button above the query editor and follow steps.
If you've configured it to run say every 30 mins over last 30 min window, then Azure will just run that query on your logs every 30 minutes and if there are any hits (or not, depends on your alert configuration) it'll create an alert.
If the configuration of an AppService (or Function App) is changed, an event is created in the Activity Log.
You can send these logs to Log Analytics and create an alert based on the entries.
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log
Send the Activity log to a Log Analytics workspace to enable the features of Azure Monitor Logs which includes the following:
...
Use log alerts with Activity entries allowing for more complex alerting logic.
I wanted to monitor Azure Logic Apps with the help of Azure Monitor alerts. In alerts, I came across a metric Run Throttled events which is showing some numbers in recent days. But I couldn't find any events anywhere to resolve the issue. Is it possible view the actual run throttled events in Azure Portal?
You will need to setup diagnostic logging for Logic Apps, see here.
When you are done with the setup and initial run through of logs and if interested you want to look at more advanced queries via this logs data then go here.
Specifically on throttling you need to see this. Also take a look at limits set for Logic Apps from here as well.
We have provisioned the instance of the Azure app gateway (Standard v2 East AU region) and has enabled the diagnostics settings of it to dump all metrics and logs to the log analytics workspace and this seem to be working fine, however we wanted to additional insights of the request and hence have scaled up the tier and enabled the WAF v2 (as shown in the image below).
Now based on this documentation here https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging and after waiting for some time, we expected that the firewall logs will be automatically populating in the same log analytics workspace however this does not seem to work and they are simply not populated there.
Note that we can see the "ApplicationGatewayAccessLog" logs and below query is evident of the same AzureDiagnostics | distinct Category that returns only one category i.e. "ApplicationGatewayAccessLog"
Does anyone know if we are missing something or have any input?
Sometimes, the output is not the same when you explore data from Application Gateway ---logs and from your specific Log Analytics workspace---logs. You cam compare these results on your side. See this issue.
In this case, you should have finished some access actions to your Application Gateway and trigger the firewall access log collection before the data can be collected by the Azure monitoring. Though document stated Firewall logs are collected every 60 seconds. Sometimes, the data delays(even more than 2 days) to be logged in the logs and your located region also impacts on the data display time. From this blog, you can see hourly log of firewall actions on the WAF.
For more information, you can use Log Analytics to examine Application Gateway Web Application Firewall Logs.
Currently I am logging my custom log messages to an Azure Table.
Now I need to automatically trigger the sending of emails based on log types and also need to generate an analysis report from the log messages.
Which service is more suitable to get this done? Azure Application Insights or Azure Log Analytics?
I think Application Insights will fit both - creating reports as well as sending out emails. You can do the same with Log Snalytics but the difference is, is that Log Analytics is basically a logical storage of all your log data and you can create custom reports, alerts etc. across many different services, also, everything can be nicely visualized in OMS.
As being said in the comments, you need to describe a bit more about the scenario.