SOLVED

Monitoring Through Log Aanlytics

%3CLINGO-SUB%20id%3D%22lingo-sub-793125%22%20slang%3D%22en-US%22%3EMonitoring%20Through%20Log%20Aanlytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-793125%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20monitor%20all%20below%20given%20resources%20through%20Log%20Analytics.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EStorage%20account%3C%2FLI%3E%3CLI%3EEvent%20Hubs%20Namespace%3C%2FLI%3E%3CLI%3ELoad%20balancers%3C%2FLI%3E%3CLI%3ENetwork%20interface%3C%2FLI%3E%3CLI%3EPublic%20IP%20address%3C%2FLI%3E%3CLI%3EApplication%20Gateway%3C%2FLI%3E%3CLI%3EAutomation%20Account%3C%2FLI%3E%3CLI%3EKey%20vault%3C%2FLI%3E%3CLI%3ENetwork%20security%20group%3C%2FLI%3E%3CLI%3EAzure%20Database%20for%20MySQL%20server%3C%2FLI%3E%3CLI%3EAPI%20Management%20service%3C%2FLI%3E%3CLI%3EAzure%20Databricks%20Service%3C%2FLI%3E%3CLI%3ERecovery%20Services%20vault%3C%2FLI%3E%3CLI%3EExpressRoute%20circuit%3C%2FLI%3E%3CLI%3EVirtual%20network%20gateway%3C%2FLI%3E%3CLI%3EVirtual%20network%3C%2FLI%3E%3CLI%3EAzure%20Activity%3C%2FLI%3E%3CLI%3ECheckpoint%20Firewall%20(NVA)%3C%2FLI%3E%3CLI%3EVPNs%3C%2FLI%3E%3CLI%3EAzure%20Native%20backup%3C%2FLI%3E%3CLI%3EAzure%20%26amp%3B%20on-Prem%20Active%20Directory%20(DHCP%2C%20DNS).%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20checked%20and%20found%20this%20could%20be%20possible%20through%20signal%20based%20alert%20(given%20by%20Microsoft%20metric).%3C%2FP%3E%3CP%3ENow%20concern%20if%20I%20will%20use%20this%20option%20then%20i%20have%20to%20follow%20this%20same%20click-click%20pattern%20for%20each%20and%20every%20resource.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20to%20achieve%20these%20task%20through%20script%20or%20KQL.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%20for%20the%20help%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-793125%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794734%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Through%20Log%20Aanlytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794734%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F184511%22%20target%3D%22_blank%22%3E%40Gourav%20Kumar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20are%20examples%20to%20create%20%3CSTRONG%3ELog%20Alerts%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Monitor%2FAzure-Monitor-predefined-Alerts%2Fm-p%2F786683%2Fhighlight%2Ffalse%23M35%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Monitor%2FAzure-Monitor-predefined-Alerts%2Fm-p%2F786683%2Fhighlight%2Ffalse%23M35%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20%3CSTRONG%3EMetric%20alerts%3C%2FSTRONG%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20article%20(I've%20not%20used%20it%20myself)%20talks%20about%20custom%20metrics%20(if%20you%20haven't%20found%20one%20or%20two%20you%20need%20and%20using%20ARM%20to%20build%20alerts%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECLI%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fazure%2Frelease-notes-azureps%3Fview%3Dazps-1.8.0%23azmonitor%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fazure%2Frelease-notes-azureps%3Fview%3Dazps-1.8.0%23azmonitor%3C%2FA%3E%3CSPAN%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Faz.monitor%2Fadd-azmetricalertrulev2%3Fview%3Dazps-1.8.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Faz.monitor%2Fadd-azmetricalertrulev2%3Fview%3Dazps-1.8....%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20Clive%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-795861%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Through%20Log%20Aanlytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-795861%22%20slang%3D%22en-US%22%3EBe%20careful%20with%20Log%20Alerts%20if%20you're%20using%20Azure%20Diagnostics%20to%20collect%20log%20data%20from%20the%20different%20resources%20as%20you%20will%20run%20into%20an%20issue%20where%20the%20Azure%20Diagnostics%20schema%20will%20grow%20to%20500%20columns%20and%20new%20resource%20types%20will%20not%20be%20able%20to%20be%20ingested.%20Wherever%20it%20is%20available%2C%20use%20the%20resource%20specific%20diagnostics%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdiagnostic-logs-stream-log-store%23azure-diagnostics-vs-resource-specific%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdiagnostic-logs-stream-log-store%23azure-diagnostics-vs-resource-specific%3C%2FA%3E%3C%2FLINGO-BODY%3E
Contributor

Hi All,

 

I want to monitor all below given resources through Log Analytics.

 

  • Storage account
  • Event Hubs Namespace
  • Load balancers
  • Network interface
  • Public IP address
  • Application Gateway
  • Automation Account
  • Key vault
  • Network security group
  • Azure Database for MySQL server
  • API Management service
  • Azure Databricks Service
  • Recovery Services vault
  • ExpressRoute circuit
  • Virtual network gateway
  • Virtual network
  • Azure Activity
  • Checkpoint Firewall (NVA)
  • VPNs
  • Azure Native backup
  • Azure & on-Prem Active Directory (DHCP, DNS).

 

I have checked and found this could be possible through signal based alert (given by Microsoft metric).

Now concern if I will use this option then i have to follow this same click-click pattern for each and every resource.

 

Is there any way to achieve these task through script or KQL.

 

Thanks in advance for the help :)

2 Replies

@GouravIN 

 

Here are examples to create Log Alerts

 

https://techcommunity.microsoft.com/t5/Azure-Monitor/Azure-Monitor-predefined-Alerts/m-p/786683/high...

 

For Metric alerts 

This article (I've not used it myself) talks about custom metrics (if you haven't found one or two you need and using ARM to build alerts

 

CLI

https://docs.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-1.8.0#azmonitor and https://docs.microsoft.com/en-us/powershell/module/az.monitor/add-azmetricalertrulev2?view=azps-1.8....

 

 

Thanks Clive 

 

best response confirmed by GouravIN (Contributor)
Solution
Be careful with Log Alerts if you're using Azure Diagnostics to collect log data from the different resources as you will run into an issue where the Azure Diagnostics schema will grow to 500 columns and new resource types will not be able to be ingested. Wherever it is available, use the resource specific diagnostics: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-stream-log-store#azure...