Forum Discussion

orafaelferreira's avatar
orafaelferreira
MCT
Jan 02, 2025

Debug your APIs using request tracing

We are leveraging Azure API Management's tracing capabilities to monitor and log incoming traffic. The primary goal is to track traffic in APIM and attribute it to specific client applications by identifying the appid from JWT tokens included in requests. Additionally, we aim to ensure that trace logs are correctly sent to Log Analytics for debugging and further analysis.

 

To achieve this, we implemented a test policy in a GET method of a cloned API within APIM. The policy is as follows:

“<policies>

    <inbound>

        <base />

        <trace source="InboundTrace" severity="verbose">

            <message>Inbound processing started</message>

            <metadata name="User-Agent" value="@(context.Request.Headers.GetValueOrDefault("User-Agent", "unknown"))" />

        </trace>

    </inbound>

    <backend>

        <base />

    </backend>

    <outbound>

        <base />

        <trace source="OutboundTrace" severity="verbose">

            <message>Outbound response being sent</message>

            <metadata name="ResponseCode" value="@(context.Response.StatusCode.ToString())" />

        </trace>

    </outbound>

    <on-error>

        <base />

        <trace source="ErrorTrace" severity="error">

            <message>Error encountered</message>

            <metadata name="ErrorDetails" value="@(context.LastError.Message)" />

        </trace>

    </on-error>

</policies>”

 

This approach aims to ensure the appid appears in the tracerecords attribute of ApiManagementGatewayLogs, enabling us to identify which client applications are consuming specific APIs.

 

Challenges Faced

  1. Trace Logs:
    • Trace logs are not appearing in Log Analytics, despite being configured in diagnostics.
    • Using the queries suggested in the documentation, we could not find the TraceRecords field or metadata added by the trace policy.
    • We are unsure if the policy is being correctly applied or if additional configurations are needed.
  2. Traffic Attribution:
    • While traffic is traceable, attributing requests to client applications without the appid is challenging.
    • We want to confirm if the approach to extract and log the appid aligns with best practices and whether there are more efficient alternatives.

 

Questions

  • Are there additional configurations needed to ensure trace logs are correctly sent to Log Analytics?
  • Could you provide more detailed examples of KQL queries to check the records generated by the trace policy?
  • Does the proposed approach for extracting and logging appid align with best practices in APIM?
  • Are there any limitations or performance considerations when modifying global policies for this purpose?

References Followed

Resources