For a clearer picture

Category: Azure

Part 5 – lessons learned

I was very pleasantly surprised by the rich amount of monitoring available within Azure that was effectively free.

The good points:

  • Free – there is no additional cost over the cost of the resource you are using.
  • Triaging can be done via pinning tiles to a dashboard.
  • 90 days retention so you can see short term history.

But …

  • There is no free alerting, notifications or automation. However, alerting and notifications do come in at very low cost so configuring alerts would be a logical next step. Azure Automation would require more thought depending on the use case.
  • Although you can triage via pinning tiles to a dashboard, you can’t query across multiple data streams. Using log analytics would allow you to collect that data into a single data store and then query that data across resources and indeed subscriptions. This makes it hugely more powerful
  • Is 90 days of history enough?
  • You are restricted in the metrics you can collect. Azure Application Insights and Log Analytics offer up huge extensibility that allow for much more granular metrics.

So my conclusion would be that the free monitoring offers a whole lot more than I thought it would. But for enterprise scale monitoring and visualisations you will need to look at Log Analytics to provide that scalability, extensibility and longer data retention periods than the free functionality provides.

Part 4 – Metrics

Part 4 – Metrics

Key information
  • Metrics are collected at one-minute frequency unless specified otherwise in the metric’s definition.
  • Stored for 90 days. You can copy metrics to Log Analytics for long term trending but that will incur storage costs.

There are standard metrics for almost every resource and you don’t have to do anything to enable them. Deploy your resource, sit back and wait for those metrics to start being collected.

There are a list of available metrics by resource and I’ve linked to the those for virtual machines here.

You can set the time period to display, the metric(s) and the resources. So with a few clicks of the mouse you can pin metrics tile to a dashboard to provide rich visualisations.

And as you can see from the above screenshot, you can also export the data to excel which would allow to build additional visualisations through Power View, Power BI or your other favourite visualisation \ analytical tool e.g. Tableau.

Rather than me go through each and every resource show casing the metrics available, I’d suggest taking a look through the above URL for the resource you are interested in and checking out the available “free” metrics.

Part 3 – Azure Activity Logs

Part 3 – Azure Activity Logs

Key Information

Activity Log data is retained for 90 days. You can export this e.g. to Azure Storage but that will start incurring charges which breaks our “free” criteria.

Azure Activity Logs action operations (PUT, POST, DELETE) as listed here.

So if I want to find out who deleted one of my Azure Application Insight web tests, I filtered on the resource group in the last month with delete as part of the operation.

I can download this data to csv free of charge but the two other options listed – Export to Event Hub and Logs (Log Analytics) – will incur charges so we will park those for a later article.

If you select an entry then in the bottom half of the portal you will be able to see more detailed summary details plus take an extract of the audit in json format which will give you more details about the activity e.g. the IP address from where the delete took place:

{
"authorization": {
"action": "microsoft.insights/webtests/delete",
"scope": "/subscriptions/**Sub ID**/ai-scomgsm-prod-rg/providers/microsoft.insights/webtests/MyWebTest"
},
"caller": "graham@mcinsight.co.uk",
"channels": "Operation",
"claims": {
"aud": "https://management.core.windows.net/",
"iss": "https://sts.windows.net/** Tenant Id **/",
"iat": "**",
"nbf": "**",
"exp": "**",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"aio": "**",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
"appid": "**",
"appidacr": "2",
"e_exp": "262800",
"groups": "**",
"ipaddr": "** IP Address **",
"name": "** User **",
"http://schemas.microsoft.com/identity/claims/tenantid": "** Tenant Id **",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "** User **",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "** User **",
"uti": "JZLmyAWzPkqofdcUdSYCAA",
"ver": "1.0",
"wids": "62e90394-69f5-4237-9190-012177145e10"
},
"correlationId": "24f963b3-701e-4e71-80ae-6123bc0aba8b",
"description": "",
"eventDataId": "fb1f9e5f-39ca-4db4-9410-1d0a247d86d7",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
},
"category": {
"value": "Administrative",
"localizedValue": "Administrative"
},
"eventTimestamp": "2018-09-19T19:57:51.6021772Z",
"id": "/subscriptions/**Sub ID**/resourcegroups/ai-scomgsm-prod-rg/providers/microsoft.insights/webtests/MyWebTest/events/fb1f9e5f-39ca-4db4-9410-1d0a247d86d7/ticks/636729838716021772",
"level": "Informational",
"operationId": "3b93f5a5-feb5-4b6d-b16b-5dbef60e4e51",
"operationName": {
"value": "microsoft.insights/webtests/delete",
"localizedValue": "Delete web test"
},
"resourceGroupName": "ai-scomgsm-prod-rg",
"resourceProviderName": {
"value": "microsoft.insights",
"localizedValue": "Microsoft Insights"
},
"resourceType": {
"value": "microsoft.insights/webtests",
"localizedValue": "microsoft.insights/webtests"
},
"resourceId": "/subscriptions/**Sub ID**/resourcegroups/ai-scomgsm-prod-rg/providers/microsoft.insights/webtests/MyWebTest",
"status": {
"value": "Succeeded",
"localizedValue": "Succeeded"
},
"subStatus": {
"value": "",
"localizedValue": ""
},
"submissionTimestamp": "2018-09-19T19:58:19.1075243Z",
"subscriptionId": "**Sub ID**",
"properties": {
"statusCode": "OK",
"serviceRequestId": "29756e97-65ce-436f-b2ec-3f83d31a600a"
},
"relatedEvents": []
}

In the middle of the json; you’ll see category: administrative. There are a variety of different categories available which are discussed in detail here.

There is also another in depth knowledge article here – https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit – so I’m not going to go into any more detail at this stage. These are very thorough articles which delve deep into what you can do with the Activity Log data that is available.

Part 2 – Azure Service Health

Part 2 – Azure Service Health

Key information
  • History is retained for 90 days at no additional cost.

Azure Service Health gives the following information:

  • Service issues – Problems in the Azure services that affect you right now.
  • Planned maintenance – Upcoming maintenance that can affect the availability of your services in the future.
  • Health advisories – Changes in Azure services that require your attention. Examples include when Azure features are deprecated or if you exceed a usage quota.
Service Issues

In the screenshot below you can see that Azure Application Insights has an issue with additional details on possible impact and the ability to track using a CR bar code straight to the Azure App on my iPhone.

I can also print out more information about the issue to pdf and there is a link that I can share with appropriate support teams and insert into my incident management solution.

Planned Maintenance

Upcoming maintenance that will impact your Azure resources.

Health Advisories

Upcoming changes to Azure which will impact your Azure deployments such as a service been deprecated. Usage quotas being breached will also show here.

Health History

And here we can see the history which goes back 3 months.

Resource Health

Resource Health allows you to select resources to view their current health state – here my IOT hub is healthy. Possible options are:

  • Healthy (with any events of the last 24 hours available to view)
  • Unavailable
    • Platform events triggered by Azure infrastructure
    • Non-Platform events triggered by end users e.g. shutting down a virtual machine.
  • Degraded if there are performance issues but the resource is available

Health Alerts

These are off limits for my mini-series as they will incur charges. But I’ll cover alerting in a future article and it obviously makes sense to make use of this functionality.