Skip to main content
Sumo Logic

Collect Metrics from Azure Monitor

Instructions for configuring a pipeline for shipping metrics available from Azure Monitor to  Sumo Logic.

This page has instructions for configuring a pipeline for shipping metrics available from Azure Monitor to an Event Hub, on to an Azure Function, and finally to an HTTP source on a hosted collector in Sumo Logic. Azure Monitor collects metrics and well as logs. The pipeline described below is for metrics, not logs. 

For information about Azure metrics, see Overview of metrics in Microsoft Azure in Azure help.

Here’s how the solution fits together:

  • Azure Monitor collects metrics for most Microsoft Azure services and streams the data to an Azure event hub. 
  • Azure Event Hubs is a data streaming platform and event ingestion service. In this pipeline, an event hub streams the metrics collected by Azure Monitor to a Sumo-provided Azure function. 
  • The Azure function is a small piece of code that is triggered by the event hub to send metrics to the Sumo HTTP Source, function logs to one Storage Account, and failover data to another.

For more information about the solution strategy, see Azure Monitoring

Azure-metrics.png

Configure metric collection

This section has instructions for configuring collection of metrics from Azure Monitor

Step 1. Configure an HTTP source

In this step, you configure an HTTP source to receive logs from the Azure function.

  1. Select a hosted collector where you want to configure the HTTP source. If desired, create a new hosted collector, as described on Configure a Hosted Collector.
  2. Configure an HTTP source, as described on HTTP Logs and Metrics Source

Step 2. Configure Azure resources using ARM template

In this step, you use a Sumo-provided Azure Resource Manager (ARM) template to create an Event Hub, an Azure function and two Storage Accounts. The Azure function is triggered by Event Hub. Two storage accounts are used to store log messages from the Azure function and failover data from Event Hub. 

  1. Download the azuredeploy_metrics.json ARM template.
  2. Go to Template deployment in the Azure Portal.
    after step2.3.png
  3. Click Create.
  4. On the Custom deployment blade, click Build your own template in the editor.
  5. Copy the contents of azuredeploy_metrics.json and paste it into the editor window, and click Save.
    edit-template.png
  6. Now you are back on the Custom deployment blade. 
    1. Create a new Resource Group (recommended) or select an existing one.
    2. Choose Location.
    3. For the Sumo Endpoint URL supply the URL for  HTTP source you defined in Step 1
    4. Agree to the terms and conditions.
    5. Click Purchase.
      purchase.png
  7. Verify the deployment was successful by looking at Notifications at top right corner of Azure Portal.
    go-to-resource-group.png
  8. (Optional) In the same window, you can click Go to resource group to verify all resources have been created successfully. You will see something like this:
    created-resources.png
  9.  Go to Storage accounts and search for “sumometfail”. Click on “sumometfail<random-string>”.
    storage-accounts.png
  10. Under Blob Service, click Containers, then click + Container, enter the Name "sumomet-failover", and select "Private" for the Public Access Level. Click OK.
    add-container.png

Step 3. Export metrics for a particular resource to Event Hub

Follow these steps to export metrics for a resource to Event Hub.

  1. From the left pane, select ALL Services.

  2. Search for and select "Monitor".
    step2.png

  3. In the Monitor pane, select Diagnostic Settings under Settings.
    step3.png

  4. Select the resource for which you want to export metrics. If diagnostics is not enabled click Turn on Diagnostics Settings.
    step5.png

  5. Once diagnostics are enabled, click Add a diagnostic setting.
    add-diagnostic-setting.png

  6. The Diagnostic Settings page appears.
    diagnostic-settings.png

    1. In the left pane
      • Enter a name for the diagnostic setting.
      • Click the  Stream to an event hub checkbox.
      • Select Configure event hub. The right pane appears.
    2. In the right pane:
      • Choose a Subscription.
      • Select SumoMetricsNamespace<UniqueSuffix> as the event hub namespace.
      • Select insights-metrics-pt1m as the event hub name.
      • Select an event hub policy name. You can use the default policy RootManageSharedAccessKey.
    3. Click OK.
    4. Save the Diagnostics Setting.

Troubleshooting metrics collection

If metrics are not flowing into Sumo Logic, follow the steps below to investigate the problem.

Verify Configurations

First, make sure that the resources you created above were successfully created.

  1. Go to Resource groups, and select the resource group you created or selected in Step 2. Configure Azure resources using ARM Template. You should see the five resources you created: an App Service plan, an App Service, an Event Hubs Namespace, and two Storage accounts. 
    step2.11.png
  2. From the left pane of Azure Portal, Click AppServices, search for “SumoAzureApp”. You should find the “SumoAzureApp<random-string>” Function App. Click it. 
  3. On the Function Apps blade, click Integrate. Verify that the Triggers field value is “Azure Event Hubs” and the Outputs field value is “Azure Blob Storage”. 
    triggers.png
  4. In the same window, click the function app settings link. Check that the value of the  SumoAuditEndpoint field matches the HTTP source URL. 
    application-settings.png

Verify Event Hub is receiving metrics

To verify that events are appearing in your event hub:

  1. Navigate to the event hub in the Azure Portal.
  2. Click the Messages link.
  3. Message summary information appears below the chart. Check that the Incoming Messages count is greater than zero.
    event-hub-messages.png

Run the function manually

Perform the steps below to verify that the Azure function is sending messages to Sumo.

  1. Click EventHubs_Logs under the Function blade.
  2. Copy and paste the sample payload into the Request Body window 
  3. Click Run. This sends the test payload to the URL for the HTTP source you configured.
  4. Check the output, and make sure you see “Successfully sent to Sumo” log messages.
    2018-04-17T20:30:09.681 [Info] Successfully sent to Sumo
    2018-04-17T20:30:09.681 [Info] Sent all data to Sumo. Exit now.
    2018-04-17T20:30:09.681 [Info] Function completed (Success, Id=b6ee4119-dd3e-4ba6-9cbd-484a57f822a0, Duration=90ms)
  5. In Sumo, open a Live Tail tab and make sure you receive the event. Search by the source category you assigned to the HTTP Source that receives the metrics, for example:
    _sourceCategory="azure/ad"
    livetail.png