diff --git a/docs/integrations/microsoft-azure/azure-application-gateway.md b/docs/integrations/microsoft-azure/azure-application-gateway.md index 3ab22a7d1b..9295aed73f 100644 --- a/docs/integrations/microsoft-azure/azure-application-gateway.md +++ b/docs/integrations/microsoft-azure/azure-application-gateway.md @@ -86,7 +86,8 @@ Create the following field extraction rules (FER) for Azure Storage by following ``` ```sql title="Parse Expression" - json "resourceId" + json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop + | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId | toUpperCase(resourceId) as resourceId | parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop diff --git a/docs/integrations/microsoft-azure/azure-functions.md b/docs/integrations/microsoft-azure/azure-functions.md index 489783ab27..9446565600 100644 --- a/docs/integrations/microsoft-azure/azure-functions.md +++ b/docs/integrations/microsoft-azure/azure-functions.md @@ -85,7 +85,8 @@ Scope (Specific Data): tenant_name=* ``` ```sql title="Parse Expression" -json "resourceId" +json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop +| if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId | toUpperCase(resourceId) as resourceId | parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop @@ -93,7 +94,7 @@ json "resourceId" | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?[^/]+)/(?.+)" nodrop | parse regex field=resource_name "(?[^/]+)(?:/PROVIDERS/[^/]+)?/(?[^/]+)/?(?.+)" nodrop | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name -| fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type,service_name +| fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name ``` @@ -104,7 +105,7 @@ json "resourceId" If this rule already exists, there's no need to create it again. ```sql -Rule Name: AzureObservabilityMetadataExtractionFunctionAppLevel +Rule Name: AzureObservabilityMetadataExtractionAppServiceLevel ``` ```sql title="Metric match expression" diff --git a/docs/integrations/microsoft-azure/azure-load-balancer.md b/docs/integrations/microsoft-azure/azure-load-balancer.md index 867650e046..96824ca3f9 100644 --- a/docs/integrations/microsoft-azure/azure-load-balancer.md +++ b/docs/integrations/microsoft-azure/azure-load-balancer.md @@ -78,7 +78,8 @@ Create the following Field Extraction Rules (FER) for Azure Storage by following ``` ```sql title="Parse Expression" - json "resourceId" + json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop + | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId | toUpperCase(resourceId) as resourceId | parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop diff --git a/docs/integrations/microsoft-azure/azure-storage.md b/docs/integrations/microsoft-azure/azure-storage.md index 740a8b76b9..253df435b0 100644 --- a/docs/integrations/microsoft-azure/azure-storage.md +++ b/docs/integrations/microsoft-azure/azure-storage.md @@ -111,15 +111,16 @@ Create a Field Extraction Rule (FER) for Azure Storage by following the instruct ``` ```sql title="Parse Expression" - json "resourceId" - | toUpperCase(resourceId) as resourceId - | parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop - | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop - | parse regex field=resourceId "/PROVIDERS/(?[^/]+)" nodrop - | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?[^/]+)/(?.+)" nodrop - | parse regex field=resource_name "(?[^/]+)(?:/PROVIDERS/[^/]+)?/(?[^/]+)/?(?.+)" nodrop - | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name - | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name + json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop + | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId + | toUpperCase(resourceId) as resourceId + | parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop + | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop + | parse regex field=resourceId "/PROVIDERS/(?[^/]+)" nodrop + | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?[^/]+)/(?.+)" nodrop + | parse regex field=resource_name "(?[^/]+)(?:/PROVIDERS/[^/]+)?/(?[^/]+)/?(?.+)" nodrop + | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name + | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name ``` ### Configure metric rules diff --git a/docs/integrations/microsoft-azure/sql.md b/docs/integrations/microsoft-azure/sql.md index aeafee2074..d0dafb9d46 100644 --- a/docs/integrations/microsoft-azure/sql.md +++ b/docs/integrations/microsoft-azure/sql.md @@ -143,7 +143,8 @@ Create a Field Extraction Rule (FER) by following the instructions [here](/docs/ ``` ```sql title="Parse Expression" - json "resourceId" + json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop + | if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId | toUpperCase(resourceId) as resourceId | parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop | parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop @@ -151,7 +152,7 @@ Create a Field Extraction Rule (FER) by following the instructions [here](/docs/ | parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?[^/]+)/(?.+)" nodrop | parse regex field=resource_name "(?[^/]+)(?:/PROVIDERS/[^/]+)?/(?[^/]+)/?(?.+)" nodrop | if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name - | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type,service_name + | fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name ``` ### Configure metric rules diff --git a/docs/integrations/microsoft-azure/web-apps.md b/docs/integrations/microsoft-azure/web-apps.md index 8f104bcf4a..f0e3a7b9aa 100644 --- a/docs/integrations/microsoft-azure/web-apps.md +++ b/docs/integrations/microsoft-azure/web-apps.md @@ -13,11 +13,24 @@ The Azure Web Apps app allows you to collect Azure web server and application di For more information, see [Azure Web Apps](https://azure.microsoft.com/en-us/services/app-service/web/). -## Log types +## Log and metric types -The Azure Web Apps app supports: -* **Web Server Logging.** Information about HTTP transactions using the [W3C extended log file format](http://msdn.microsoft.com/library/windows/desktop/aa814385.aspx). This is useful when determining overall site metrics such as the number of requests handled or how many requests are from a specific IP address. -* **Application Diagnostics Logs.** Application diagnostics allows you to capture information produced by a web application. ASP.NET applications can use the [System.Diagnostics.Trace](http://msdn.microsoft.com/library/windows/desktop/aa814385.aspx) class to log information to the application diagnostics log. +For Azure Web Apps, you can collect the following logs and metrics: + +- **Resource logs**, which provide an insight into operations that were performed within an Azure resource. For a complete schema for resource logs refer to the below documentation: + * [Web Server Logging](http://msdn.microsoft.com/library/windows/desktop/aa814385.aspx) + * [Application Diagnostics Logs](http://msdn.microsoft.com/library/windows/desktop/aa814385.aspx) + * [Activity logs](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema) + * [AppServiceAuditLogs](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/appserviceauditlogs) + * [AppServiceFileAuditLogs](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/appservicefileauditlogs) + * [AppServiceIPSecAuditLogs](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/appserviceipsecauditlogs) + * [AppServicePlatformLogs](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/appserviceplatformlogs) + * [AppServiceAntivirusScanAuditLogs](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/appserviceantivirusscanauditlogs) + +- **Activity logs**, provides insight into any subscription-level or management group level events that have occurred in the Azure. To learn more, refer to [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema). + +* **Azure WebApps platform metrics**. These are metrics specific to Functions like execution count and execution units. +For more information on supported metrics, refer to [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-web-sites-metrics). ### Sample log messages @@ -39,140 +52,322 @@ _sourceCategory=Azure/Web-app | outlier _count ``` -## Collecting logs for Azure Web Apps - -In this step, you configure a pipeline for shipping logs from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) to an Event Hub. - -1. To set up the logs collection in Sumo Logic, refer to [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/). - - When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: `Azure/WebApps/Logs`. -2. Push logs from Azure Monitor to Event Hub. - 1. Sign in to [Azure Portal](https://portal.azure.com/). - 1. Go to your Azure Web App and in the left pane, go to **Monitoring** > **Diagnostics Settings.** - 1. Diagnostic Settings blade will show all your existing settings if any already exist. Click **Edit Setting** if you want to change your existing settings, or click **Add diagnostic setting** to add a new one. - 1. Select the **Stream to an event hub box** checkbox. - 1. Select an Azure subscription. - 1. **Event bub namespace.** If you have chosen Method 1 (Azure Event Hubs Source) for collecting logs, select the **EventHubNamespace** created manually, or else if you have chosen Method 2 (Collect logs from Azure monitor using Azure functions), then select `SumoAzureLogsNamespace` namespace created by the ARM template. - 1. **Event hub name (optional).** If you have chosen Method 1 (Azure Event Hub Source) for collecting logs, select the event hub name, which you created manually, or if you have chosen Method 2 (Collect logs from Azure monitor using Azure functions), then select **insights-operational-logs**. - 1. Select **RootManageSharedAccessKey** from **Select Event hub policy name** dropdown. - 1. Select the checkbox for log types under **Categories** which you want to ingest.
diagnostic-setting-web-apps - 1. Click **Save**. - -## Collecting Metrics for Azure Web Apps (Optional) - -In this step, you configure a pipeline for shipping metrics from Azure Monitor to an Event Hub, on to an Azure Function, and finally to an HTTP Source on a hosted collector in Sumo Logic. The pipeline is described on [Collect Metrics from Azure Monitor](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor.md). For exporting metrics you need to create another diagnostic setting and select All Metrics only with the following Event Hub configurations. - -The current Sumo Logic app for Web Apps does not support metric content so this step is optional. - -1. Perform Steps 1 and Step 2 of [Collect Metrics from Azure Monitor](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor). -In Step 1, you create an HTTP source. When you configure the, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: `Azure/WebApp/Metrics` -2. Push metrics from Azure Monitor to Event Hub. - 1. Sign in to [Azure Portal](https://portal.azure.com/). - 1. Go to your Azure Web App and in the left pane, go to **Monitoring** > **Diagnostics Settings.** - 1. Diagnostic Settings blade will show all your existing settings if any already exist. Click **Edit Setting** if you want to change your existing settings, or click **Add diagnostic setting** to add a new one. - 1. Select the **Stream to an event hub box** checkbox. - 1. Select an Azure subscription. - 1. **Event hub namespace.** Namespace created in [Collect Metrics from Azure Monitor](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor) by Metrics ARM template starting with `SumoMetricsNamespace`. - 1. **Event hub name (optional).** Select **insights-metrics-pt1m** from the **Select Event hub name** dropdown. - 1. **Event hub policy.** Select **RootManageSharedAccessKey** from **Select Event hub policy name** dropdown. - 1. Select the checkbox for **AllMetrics** types under **Metrics** which you want to ingest. - 1. Click **Save**. - -## Installing the Azure Web Apps app - -This section provides instructions on how to install the Azure Web Apps app, and shows examples of each of the preconfigured dashboards you can use to analyze your data. - -import AppInstall2 from '../../reuse/apps/app-install-v2.md'; +## Setup - +Azure service sends monitoring data to Azure Monitor, which can then [stream data to Eventhub](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs). Sumo Logic supports: -## Viewing Azure Web Apps dashboards +* Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/). +* Activity Logs collection from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) using our [Azure Event Hubs source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/). It is recommended to create a separate source for activity logs. If you are already collecting these logs, you can skip this step. +* Metrics collection using our [HTTP Logs and Metrics source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/) via Azure Functions deployed using the ARM template. -import ViewDashboards from '../../reuse/apps/view-dashboards.md'; +You must explicitly enable diagnostic settings for each web app that you want to monitor. You can forward logs to the same event hub provided they satisfy the limitations and permissions as described [here](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#destination-limitations). - +When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: `Azure/WebApps/Logs`, `Azure/WebApps/Metrics`. -### Overview +### Configure field in field schema +1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**.
[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**. +1. Search for following fields: + - `tenant_name`. This field is tagged at the collector level and you can get the tenant name using the instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tenant-management-read-tenant-name#get-your-tenant-name). + - `location`. The region to which the resource name belongs to. + - `subscription_id`. ID associated with a subscription where resource is present. + - `resource_group`. The resource group name where the Azure resource is present. + - `provider_name`. Azure resource provider name (for example, Microsoft.WEB). + - `resource_type`. Azure resource type (for example, SITES). + - `resource_name`. The name of the resource (for example, Azure Function App name). +1. Create the fields if they are not present. Refer to [Manage fields](/docs/manage/fields/#manage-fields). -Overview +### Configure Field Extraction Rules -**Visits by Country.** Performs a geo location operation to display the IP addresses of visitors on a map of the world for the last three hours. +Create a Field Extraction Rule (FER) by following the instructions [here](/docs/manage/field-extractions/create-field-extraction-rule/). If the FER already exists with same name, then skip this step. -**Response Time and Data Volume.** Displays the average response time and data volume in a line chart on a timeline for the last three hours. +#### Azure Location Extraction FER -**Traffic Over Time.** Shows the traffic in a line chart on a timeline for the last 24 hours. +```sql +Rule Name: AzureLocationExtractionFER +Applied at: Ingest Time +Scope (Specific Data): tenant_name=* +``` -**OS Platform Breakdown.** Provides the operating systems used in a pie chart for the last three hours. +```sql title="Parse Expression" +json "location", "properties.resourceLocation", "properties.region" as location, resourceLocation, service_region nodrop +| replace(toLowerCase(resourceLocation), " ", "") as resourceLocation +| if (!isBlank(resourceLocation), resourceLocation, location) as location +| if (!isBlank(service_region), service_region, location) as location +| if (isBlank(location), "global", location) as location +| fields location +``` -**400 and 500 Server Errors.** Displays any 400 and 500 server errors in a pie chart for the last 15 minutes. +#### Resource ID Extraction FER -**Traffic Over Time (Outlier).** Shows the traffic and any outliers in an outlier chart on a timeline for the last 24 hours. +```sql +Rule Name: AzureResourceIdExtractionFER +Applied at: Ingest Time +Scope (Specific Data): tenant_name=* +``` -**OS Platform Breakdown by Country.** Lists the operating system used by country in a table chart for the last three hours. +```sql title="Parse Expression" +json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop +| if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId +| toUpperCase(resourceId) as resourceId +| parse regex field=resourceId "/SUBSCRIPTIONS/(?[^/]+)" nodrop +| parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop +| parse regex field=resourceId "/PROVIDERS/(?[^/]+)" nodrop +| parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?[^/]+)/(?.+)" nodrop +| parse regex field=resource_name "(?[^/]+)(?:/PROVIDERS/[^/]+)?/(?[^/]+)/?(?.+)" nodrop +| if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name +| fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name +``` -**Errors by Country.** Displays the number of errors by country in a bar chart for the last three hours. +### Configure metric rules -### Server Operation - Errors and Response Codes +#### Azure Observability Metadata Extraction Service Level -Server Operation - Errors and Response Codes +If this rule already exists, there's no need to create it again. -**Server Errors by Site.** Shows details on server errors by site in a column chart for the last three hours. +```sql +Rule Name: AzureObservabilityMetadataExtractionAppServiceLevel +``` -**Response Codes Over Time.** Displays the number of response codes over time in a line chart on a timeline for the last three hours. +```sql title="Metric match expression" +resourceId=/SUBSCRIPTIONS/*/RESOURCEGROUPS/*/PROVIDERS/*/SITES/* tenant_name=* +``` -**Application Log Levels Over Time.** Shows details on log levels over time in a column chart on a timeline for the last three hours. +| Fields extracted | Metric rule | +|:-----------------|:---------------| +| `subscription_id` | $resourceId._1 | +| `resource_group` | $resourceId._2 | +| `provider_name` | $resourceId._3 | +| `resource_type` | SITES | +| `resource_name` | $resourceId._4 | -**Application Errors by Site.** Provides details about application errors by site in a line chart on a timeline for the last three hours. -**Client Errors.** Displays details on client errors in a column chart for the last three hours. +### Configure metrics collection +In this section, you will configure a pipeline for shipping metrics from Azure Monitor to an Event Hub, on to an Azure Function, and finally to an HTTP Source on a hosted collector in Sumo Logic. -### Server Operation - Requests and Response Time +1. [Configure an HTTP Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-1-configure-an-http-source). +1. [Configure and deploy the ARM Template](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-2-configure-azure-resources-using-arm-template). +1. [Export metrics to Event Hub](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-3-export-metrics-for-a-particular-resource-to-event-hub). Perform below steps for each Azure WebApps that you want to monitor. + 1. Choose `Stream to an event hub` as destination. + 1. Select `AllMetrics`. + 1. Use the Event Hub namespace created by the ARM template in Step 2 above. You can create a new Event Hub or use the one created by ARM template. You can use the default policy `RootManageSharedAccessKey` as the policy name.
Azure WebApps metrics -Server Operation - Requests and Response Time +### Configure logs collection -**Requests by Hostname.** Displays the number of requests by hostname in a line chart on a timeline for the last three hours. +#### Diagnostic logs -**Requests by Site Over Time.** Shows the number of requests by site in a line chart on a timeline for the last three hours. +In this section, you will configure a pipeline for shipping diagnostic logs from [Azure Monitor](https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-get-started) to an Event Hub. -**Top 10 Slowest Pages.** Provides details on the top 10 slowest pages in a table chart including information on the URL and the average time in seconds for the last three hours. +1. To set up the Azure Event Hubs source in Sumo Logic, refer to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/). +1. To create the **Diagnostic setting** in the Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-gb/azure/data-factory/monitor-configure-diagnostics). Perform the below steps for each Azure WebApps that you want to monitor. + 1. Choose `Stream to an event hub` as the destination. + 1. Select `HTTP logs`, `App Service Console Logs`, `App Service Application Logs`, `Access Audit Logs`, `IPSecurity Audit logs`, `App Service Platform logs`, `Report Antivirus Audit Logs`, `Site Content Change Audit Logs`. + 1. Use the Event Hub namespace and Event Hub name configured in previous step in destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name. +1. Tag the location field in the source with right location value.
Azure WebApps Tag Location
Azure WebApps logs -**Response Time Histogram.** Displays response times in a column chart for the last three hours. +#### Activity logs (optional) -**Response Throughput.** Shows details on response throughput in a table chart including information on the URL and the average throughput in seconds for the last three hours. +To collect activity logs, follow the instructions [here](/docs/integrations/microsoft-azure/audit). If you are already collecting activity logs for a subscription, do not perform this step. +:::note +Since this source contains logs from multiple regions, make sure that you do not tag this source with the location tag. +::: -### Traffic Insights - Apps and Requests +##### Enabling Microsoft Defender for Cloud -Traffic Insights - Apps and Requests +For Security events, make sure you enable [Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-app-service-plan#enable-the-defender-for-app-service-plan). In Defender Plans Settings page toggle the App Service status under Cloud Workload Protection section. -**Visits by Country.** Performs a geo lookup operation and displays the IP addresses of worldwide visitors on a map of the world for the last three hours. +Edit Settings -**US Visits by State.** Performs a geo lookup operation and displays the IP addresses of US visitors on a map of the United States for the last three hours. +Cloud Defender Plans -**Requests by App.** Displays the number of requests by app in a line chart on a timeline for the last three hours. +##### Enabling health check metric -**Top Clients.** Provides details on the top clients by IP address in a bar chart for the last three hours. +For getting health check metric, make sure you enable **Health check** under the **Monitoring** dropdown. -**Traffic Over Time (Outlier).** Shows the traffic and any outliers in an outlier chart on a timeline for the last 24 hours. +Enable Health Check Metric +## Installing the Azure Web Apps app -### Traffic Insights - Content and Client Platform +This section provides instructions on how to install the Azure Web Apps app, and shows examples of each of the preconfigured dashboards you can use to analyze your data. -Traffic Insights - Content and Client Platform +import AppInstall2 from '../../reuse/apps/app-install-v2.md'; -**Media Types Requested Over Time.** Displays media types requested over time by count in a line chart on a timeline in the last three hours. + -**OSes and Browsers.** Shows details on operating systems and browsers used in a column chart for the last three hours. +## Viewing Azure Web Apps dashboards -**Top Requested Documents.** Provides the top requested documents in a table chart including details on the URL and number of requests for the last three hours. +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; -**OS Platform.** Displays the different operating systems used in a pie chart for the last three hours. + -**Top Requested Documents by Country.** Lists the top requested documents in a table chart including details on URI, country name, and number of requests for the last three hours. +### Overview -**Top 10 Slowest Pages by Country.** Lists the 10 slowest pages by country in a table chart including details on URI, country name, and average time in seconds for the last three hours. +The **Azure WebApps - Overview** dashboard provides comprehensive information of all the service health incidents or resource health events associated with Azure WebApps in your azure account. + +Use this dashboard to: +* View recent resource and service health incidents. +* View distribution of service and resource health by incident type. + + + +### Antivirus Scan Audit + +The **Azure WebApps - Antivirus Scan Audit** dashboard provides detailed insights into the antivirus scan results and audit logs associated with your Azure WebApps. + +Use this dashboard to: +* View recent antivirus scan results and their statuses. +* Analyze audit logs for compliance and security checks. + +### Content and Client Platform + +The **Azure WebApps - Content and Client Platform** dashboard offers an overview of the content delivery performance and client platform statistics for your Azure WebApps. + +Use this dashboard to: +* Monitor content delivery metrics and client platform usage. +* Identify trends in client platform access and performance. + +### Cost + +The **Azure WebApps - Cost** dashboard presents an overview of the costs associated with your Azure WebApps services. + +Use this dashboard to: +* Analyze cost trends and breakdowns for your Azure WebApps usage. +* Review budget forecasts and optimize spending. + +### IP Restrictions + +The **Azure WebApps - IP Restrictions** dashboard provides insights into the IP address restrictions configured for your Azure WebApps. + +Use this dashboard to: +* View configured IP restrictions and their statuses. +* Monitor access attempts based on IP restrictions. + +### Memory + +The **Azure WebApps - Memory** dashboard tracks memory usage and performance metrics for your Azure WebApps. + +Use this dashboard to: +* Monitor real-time memory utilization and trends. +* Identify memory-related performance issues and bottlenecks. + +Azure WebApps health dashboard +--> +### Network + +The **Azure WebApps - Network** dashboard offers comprehensive insights into the network performance and traffic for your Azure WebApps. + +Use this dashboard to: +* Analyze network traffic patterns and performance metrics. +* Identify potential network issues affecting your applications. + +### I/O Operations + +The **Azure WebApps - I/O Operations** dashboard provides a comprehensive view of the I/O operational metrics and activities associated with your Azure WebApps. + +Use this dashboard to: +* Monitor I/O operational events and their impact on service availability. +* Analyze trends in operational performance over time. + +### OS Statistics + +The **Azure WebApps - OS Statistics** dashboard presents an overview of operating system metrics related to your Azure WebApps. + +Use this dashboard to: +* Monitor key OS performance indicators and health metrics. +* Identify potential issues at the operating system level. + +### Platform + +The **Azure WebApps - Platform** dashboard provides insights into the underlying platform performance and configurations of your Azure WebApps. + +Use this dashboard to: +* Monitor platform health metrics and configurations. +* Identify trends and issues related to platform performance. + +### Errors + +The **Azure WebApps - Errors** dashboard details the error rates and response codes generated by your Azure WebApps. + +Use this dashboard to: +* Analyze error trends and response code distribution. +* Identify common issues affecting application performance. + +### Server Operations + +The **Azure WebApps - Server Operations** dashboard tracks request and response times for your Azure WebApps. + +Use this dashboard to: +* Monitor performance metrics related to request and response times. +* Identify latency issues and optimize response performance. + +### Traffic Insights + +The **Azure WebApps - Traffic Insights** dashboard provides a comprehensive view of traffic patterns for your Azure WebApps. + +Use this dashboard to: +* Analyze traffic metrics for different applications and requests. +* Identify usage trends and optimize application performance. + +### Health + +The **Azure WebApps - Health** dashboard provides information of any service health incidents or resource health events associated with Azure WebApps in your azure account. + +Use this dashboard to: +* View recent resource and service health incidents. +* View distribution of service and resource health by incident type. + +### Policy and Recommendations + +The **Azure WebApps - Policy and Recommendations** dashboard provides information of all effect action operations performed by Azure policy and recommendations events from Azure Advisor. + +Use this dashboard to: +* Monitor policy events with warnings and errors. +* View recent failed policy events. +* View total recommendation events. +* Identify High Impact recommendations. +* View recent recommendation events and navigate to the affected resource. + +### Administrative Operations + +The **Azure SQL - Administrative Operations** dashboard provides details on read/write/delete specific changes, different operations used, top 10 operations that caused most errors, and users performing admin operations. + +Use this dashboard to: +* Identify top users performing administrative operations. +* View Top 10 operations that caused the most errors. +* View recent read, write, and delete operations. + ## Upgrading the Azure Web Apps app (Optional) @@ -184,4 +379,4 @@ import AppUpdate from '../../reuse/apps/app-update.md'; import AppUninstall from '../../reuse/apps/app-uninstall.md'; - \ No newline at end of file + diff --git a/static/img/send-data/azure-webapps-logs.png b/static/img/send-data/azure-webapps-logs.png new file mode 100644 index 0000000000..f44e2807c3 Binary files /dev/null and b/static/img/send-data/azure-webapps-logs.png differ diff --git a/static/img/send-data/azure-webapps-metrics.png b/static/img/send-data/azure-webapps-metrics.png new file mode 100644 index 0000000000..0e2b64ebbf Binary files /dev/null and b/static/img/send-data/azure-webapps-metrics.png differ