Skip to main content
Sumo Logic

Collect Logs for Azure Web Apps

This page has instructions for collecting logs for the Azure Web Apps App, as well as a sample log message and query sample. Click a link to jump to a topic:

Prerequisites 

Make sure the following environment prerequisites are met:

  • Only General-purpose v2 (GPv2) and Blob storage accounts are supported. This integration does not support General-purpose v1 (GPv1) accounts.
  • Configure your storage account in the same location as your Azure WebApp Service.

Step 1. Configure Azure storage account

In this task you configure a storage account (General-purpose v2 or Blob storage) to which you will export monitoring data for your Azure WebApp service.

To configure an Azure storage account, do the following:

  1. Create new storage account and container, by following the instructions in Step 1 in Collect Logs from Blob Storage.
  2. Continue with Step 2: Configure an HTTP source.

Step 2: Configure an HTTP source 

In this task, you configure an HTTP source to receive logs from the Azure function.

To configure an HTTP source for Azure, do the following:

  1. Do one of the following:
  • Select a hosted collector on which to configure the HTTP source.
  • Create a new hosted collector, as described on Configure a Hosted Collector.
  1. Configure an HTTP source, as described on HTTP Logs and Metrics Source. Make a note of the URL for the source, you will need it in the next step. 

Step 3: Configure Azure Resources using ARM template 

To deploy a Sumo provided ARM template, follow the in instructions in Step 3 in Collect Logs from Azure Blob Storage.

Step 4. Enable diagnostics in the Azure portal

In this task, you enable  logs for your Azure Web app. For related information see Enable diagnostics logging for web apps in Azure App Service in the Azure help documentation.

To enable logs for an Azure web app, do the following:

  1. Login to https://portal.azure.com/.
  2. Go to your Azure Web App and click Monitoring > Diagnostics logs.

  1. Set Application Logging (Blob) to On.
  2. For Level, select Information.
  3. Click Storage Settings and select the storage account you want to used to store logs for your Web App, the one you created or designated for use in Step 1: Configure an Azure storage account task above
  4. Click Add Container.
  5. For Web server logging select Storage.
  6. Click Storage Settings and select the same settings as you did in Step 5 of this task.

Troubleshooting 

If logs don't start flowing into Sumo Logic after you perform the configuration above, see Troubleshoot Azure Blob Storage Log Collection.

Sample Log Message

2017-09-25 23:27:36 eShopCart GET / X-ARR-LOG-ID=9b3056e8-21d5-43f7-8fd7-4aec6b29525e 
80 - 60.4.192.44 Mozilla/5.0+(Macintosh+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,
+like+Gecko)+Chrome/60.4.192.44+Safari/537.36 PHPSESSID=tv2iv6tn8c9su542l464ibaro5;
+ARRAffinity=d6c6606b1a249bd37139b09d6c2cb4dd61f6b5cd607f934012aca86bd59515444 - 
eShopCart.azurewebsites.net 200 0 0 3098 1008 1000

Query Sample

Traffic over time outlier

_sourceCategory=Azure/Web-app
| parse regex "\d+-\d+-\d+ \d+:\d+:\d+ (?<s_sitename>\S+) (?<cs_method>\S+) (?<cs_uri_stem>\S+) (?<cs_uri_query>\S+) (?<src_port>\S+) (?<src_user>\S+) (?<client_ip>\S+) (?<cs_user_agent>\S+) (?<cs_cookie>\S+) (?<cs_referrer>\S+) (?<cs_host>\S+) (?<sc_status>\S+) (?<sc_substatus>\S+) (?<sc_win32_status>\S+) (?<sc_bytes>\S+) (?<cs_bytes>\S+) (?<time_taken>\S+)"
| timeslice 5m
| count by _timeslice
| outlier _count