Azure Video Indexer supports monitoring of Audit logs
Published May 29 2022 03:53 AM 3,710 Views
Microsoft

We are excited to announce that Azure Video Indexer customers using paid ARM based accounts can now monitor their Audit logs (with Azure Monitor). This will allow you to gain deeper insights on the operations of your Azure Video Indexer resources and consume this data in flexible ways. This will allow users to analyze data, troubleshoot issues, set alerts for failed operations, and monitor the usage and identities accessing the Azure Video Indexer resource. 
 
In November 2021, Azure Video Indexer introduced a new account type to public preview – ARM Based accounts.  This enables users to better secure and monitor their accounts as well as many other benefits – see here to learn more. ARM Based accounts allow users to utilize many robust Azure native capabilities for Azure Video Indexer control plane while also enabling powerful integrations such as with Azure Monitor. 

 

In this blog, we will help you get started by showing how to: 

  • Set up Diagnostic Settings configuration using Azure portal. 
  • Use Azure Log Analytics to monitor Azure Video Indexer Audit logs. 
  • Use Kusto(KQL) queries to monitor Azure Video Indexer resources. 

 

Set up Diagnostic Setting logs for the Azure Video Indexer account  

To enable Diagnostic logs through the Azure Portal, take the following steps: 

  • Go to the Azure portal 
  • Use the search bar to look for "Azure Video indexer" 
  • Select the relevant Video Indexer account  

Under Monitoring choose Diagnostic settings.


Choose "Diagnostic settings" under the monitoring section in the Azure Video Indexer account.Choose "Diagnostic settings" under the monitoring section in the Azure Video Indexer account.

Using Diagnostic settings, logs can be exported to several destinations: Event hub, storage account, third party solution or Azure Log Analytics. The following instructions are specific to exporting, configuring, and querying the logs using Azure Log Analytics. 

  1. Enter a new name for the diagnostic settings connection you are going to create. 
  2. Select Audit from the categories and the Log Analytics workspace from the destination list. 
    • Then choose the right subscription and 'Target Log Analytics' workspace and click the 'Save' button. 

 

Set a connection to an Azure Log Analytics workspaceSet a connection to an Azure Log Analytics workspace

 

 

Congratulations, in a few minutes and depending on the actions you would perform on the account you should see logs using the 'Logs'00009-icon-Log Analytics Workspaces-Analytics (2).png  button through the Video Indexer resource or through the Log Analytics Workspace. 

 

Using Azure Log Analytics to monitor Azure Video Indexer Audit logs

There are two ways to view and analyze logs produced by Azure Video Indexer:

  1. Azure Video Indexer resource view - this includes only the logs of the specific Video Indexer instance.
    From Azure Video Indexer resource view – select the “Logs” icon 00009-icon-Log Analytics Workspaces-Analytics (2).png in this view.
  2. Log Analytics Workspace – this includes logs of all Video Indexer instances sending logs to the Log Analytics workspace. As multiple Video Indexer instances can send logs to a single Log Analytics workspace, this option is ideal when working with multiple Video Indexer instances and looking to view and query them in one workspace.
    From the Azure Portal, search for the Log Analytics Workspace you selected as the target destination when configuring the "diagnostic settings" (pervious section) and choose the "Logs"ItaiNorman_1-1653817551787.png.  
    Results can be filtered out by account with the Account Name or ‘AccountId’ properties.  

 

 

 

 

VIAudit
| where AccountId == "<YOUR ACCOUNT ID>"
| where  Status == "Failure"
| project TimeGenerated, OperationName,CorrelationId, _ResourceId

 

 

 

 

 

Useful Kusto(KQL) queries for monitoring Azure Video Indexer resources

Querying of audit logs is done through the Video Indexer resource or log Analytics Workspace using Kusto query language.  

In order to query Azure Video Indexer Audit table efficiently, in Log Analytics or in the resource view, we recommend exploring the table's structure here. 
To get started easily, we would like to share some basic KQL queries:


Example 1: 

Use the following query to look for failed operations and their cause. 
As the examples show, in the last 24 hours, this account had four failures when attempting to upload a video. From the error message you can see the two different reasons for the failure. The first one is an access token that was expired, the second was due to an access token with wrong scope of permission.

example1.png

 

Query sample:

 

 

 

 

// Project failures with detailed error message.
VIAudit
| where  Status == "Failure"
| parse Description with "ErrorType: " ErrorType ". Message: " ErrorMessage ". Trace" *
| project TimeGenerated, OperationName, ErrorMessage, ErrorType, CorrelationId, _ResourceId

 

 

 

 

 

Example 2:

Search for the top 10 operations of the account:
For the selected time range, 28% of the operations were searching for videos with in the account.

example2.png

 

Query sample:

 

 

 

 

VIAudit
| summarize count() by OperationName
| top 10 by count_
| render piechart 

 

 

 

 

 

Example 3:

Query searching for top ten active user for an account.

third-query.png

 

 

Query sample:

 

 

 

 

// Trend of top 10 active Upn's
VIAudit
| where TimeGenerated > ago(30d)
| summarize count() by Upn
| top 10 by count_ desc
| project Upn
| join (VIAudit
| where TimeGenerated > ago(30d)
| summarize count() by Upn, bin(TimeGenerated, 1d)) on Upn
| project TimeGenerated, Upn, count_
| render timechart

 

 

 

 

 

For more information on how to get started monitoring your Azure Video Indexer resource visit our public documentation.
For asks around monitoring Azure Video Indexer leave comments on this blog or visit our user voice page.  

Join us and share your feedback

For those of you who are new to our technology, we encourage you to get started today with these helpful resources:

 

     

 

Co-Authors
Version history
Last update:
‎May 29 2022 08:23 AM
Updated by: