Collect Logs for Azure Web Apps
This page has instructions for collecting logs for the Azure Web Apps App, as well as a sample log message and query sample. Click a link to jump to a topic:
- Prerequisites
- Step 1: Configure Azure storage account
- Step 2: Configure an HTTP source
- Step 3: Configure Azure resources using ARM template
- Step 4: Enable diagnostics in the Azure Portal
- Troubleshooting
- Sample Log Message
- Query Sample
Prerequisites
Make sure the following environment prerequisites are met:
- Only General-purpose v2 (GPv2) and Blob storage accounts are supported. This integration does not support General-purpose v1 (GPv1) accounts.
- Configure your storage account in the same location as your Azure WebApp Service.
Step 1. Configure Azure storage account
In this task you configure a storage account (General-purpose v2 or Blob storage) to which you will export monitoring data for your Azure WebApp service.
To configure an Azure storage account, do the following:
- Create new storage account and container, by following the instructions in Step 1 in Collect Logs from Blob Storage.
- Continue with Step 2: Configure an HTTP source.
Step 2: Configure an HTTP source
In this task, you configure an HTTP source to receive logs from the Azure function.
To configure an HTTP source for Azure, do the following:
- Do one of the following:
- Select a hosted collector on which to configure the HTTP source.
- Create a new hosted collector, as described on Configure a Hosted Collector.
- Configure an HTTP source, as described on HTTP Logs and Metrics Source. Make a note of the URL for the source, you will need it in the next step.
Step 3: Configure Azure Resources using ARM template
To deploy a Sumo provided ARM template, follow the in instructions in Step 3 in Collect Logs from Azure Blob Storage.
Step 4. Enable diagnostics in the Azure portal
In this task, you enable logs for your Azure Web app. For related information see Enable diagnostics logging for web apps in Azure App Service in the Azure help documentation.
To enable logs for an Azure web app, do the following:
- Login to https://portal.azure.com/.
- Go to your Azure Web App and click Monitoring > Diagnostics logs.
- Set Application Logging (Blob) to On.
- For Level, select Information.
- Click Storage Settings and select the storage account you want to used to store logs for your Web App, the one you created or designated for use in Step 1: Configure an Azure storage account task above
- Click Add Container.
- For Web server logging select Storage.
- Click Storage Settings and select the same settings as you did in Step 5 of this task.
Troubleshooting
If logs don't start flowing into Sumo Logic after you perform the configuration above, see Troubleshoot Azure Blob Storage Log Collection.
Sample Log Message
2017-09-25 23:27:36 eShopCart GET / X-ARR-LOG-ID=9b3056e8-21d5-43f7-8fd7-4aec6b29525e 80 - 60.4.192.44 Mozilla/5.0+(Macintosh+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML, +like+Gecko)+Chrome/60.4.192.44+Safari/537.36 PHPSESSID=tv2iv6tn8c9su542l464ibaro5; +ARRAffinity=d6c6606b1a249bd37139b09d6c2cb4dd61f6b5cd607f934012aca86bd59515444 - eShopCart.azurewebsites.net 200 0 0 3098 1008 1000
Query Sample
Traffic over time outlier
_sourceCategory=Azure/Web-app
| parse regex "\d+-\d+-\d+ \d+:\d+:\d+ (?<s_sitename>\S+) (?<cs_method>\S+) (?<cs_uri_stem>\S+) (?<cs_uri_query>\S+) (?<src_port>\S+) (?<src_user>\S+) (?<client_ip>\S+) (?<cs_user_agent>\S+) (?<cs_cookie>\S+) (?<cs_referrer>\S+) (?<cs_host>\S+) (?<sc_status>\S+) (?<sc_substatus>\S+) (?<sc_win32_status>\S+) (?<sc_bytes>\S+) (?<cs_bytes>\S+) (?<time_taken>\S+)"
| timeslice 5m
| count by _timeslice
| outlier _count