Azure Container Instances
Azure Container Instances is a fully managed serverless container service that enables you to deploy and manage containers in Azure without the need for virtual machines. It is ideal for event-driven applications, microservices, and batch processing workloads.
Log and metric types​
For Azure Container Instances, you can collect the following logs and metrics:
- Audit Logs. The activity log contains subscription-level events that track operations for each Azure resource as seen from outside that resource. For more details, refer to the Azure Documentation.
- Resource Logs. Capture container creation, execution, and failure logs. Refer to the Microsoft Documentation to know about the schema for resource logs.
- Metrics. Metrics for Azure Container Instances are in the following namespaces:
For more information on supported dimensions, refer to Azure documentation.
Setup​
Azure service sends monitoring data to Azure Monitor, which can then stream data to an event hub. Sumo Logic supports:
- Logs collection from Azure Monitor using our Azure Event Hubs source.
- Metrics collection using our HTTP Logs and Metrics source via Azure Functions deployed using the ARM template.
You must explicitly enable diagnostic settings for each domain, namespaces, custom topic, and system topic you want to monitor. You can forward logs to the same event hub provided they satisfy the limitations and permissions as described here.
When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: Azure/AzureContainerInstances/Logs, Azure/AzureContainerInstances/Metrics.
Configure field in field schema​
- Classic UI. In the main Sumo Logic menu, select Manage Data > Logs > Fields.
New UI. In the top menu select Configuration, and then under Logs select Fields. You can also click the Go To... menu at the top of the screen and select Fields. - Search for the following fields:
tenant_name. This field is tagged at the collector level. You can get the tenant name using the instructions here.location. The region to which the resource name belongs to.subscription_id. ID associated with a subscription where the resource is present.resource_group. The resource group name where the Azure resource is present.provider_name. Azure resource provider name (for example, Microsoft.Network).resource_type. Azure resource type (for example, storage accounts).resource_name. The name of the resource (for example, storage account name).service_type. Type of the service that can be accessed with a Azure resource.service_name. Services that can be accessed with an Azure resource (for example, in Azure Container Instances service is Subscriptions).
- Create the fields if they are not present. Refer to Manage fields.
Configure field extraction rules​
Create the following Field Extraction Rule(s) (FER) for Azure Storage by following the instructions in Create a Field Extraction Rule.
Azure location extraction FER​
Rule Name: AzureLocationExtractionFER
Applied at: Ingest Time
Scope (Specific Data): tenant_name=*
json "location", "properties.resourceLocation", "properties.region" as location, resourceLocation, service_region nodrop
| replace(toLowerCase(resourceLocation), " ", "") as resourceLocation
| if (!isBlank(resourceLocation), resourceLocation, location) as location
| if (!isBlank(service_region), service_region, location) as location
| if (isBlank(location), "global", location) as location
| fields location
Resource ID extraction FER​
Rule Name: AzureResourceIdExtractionFER
Applied at: Ingest Time
Scope (Specific Data): tenant_name=*
json "resourceId", "ResourceId" as resourceId1, resourceId2 nodrop
| if (isBlank(resourceId1), resourceId2, resourceId1) as resourceId
| toUpperCase(resourceId) as resourceId
| parse regex field=resourceId "/SUBSCRIPTIONS/(?<subscription_id>[^/]+)" nodrop
| parse field=resourceId "/RESOURCEGROUPS/*/" as resource_group nodrop
| parse regex field=resourceId "/PROVIDERS/(?<provider_name>[^/]+)" nodrop
| parse regex field=resourceId "/PROVIDERS/[^/]+(?:/LOCATIONS/[^/]+)?/(?<resource_type>[^/]+)/(?<resource_name>.+)" nodrop
| parse regex field=resource_name "(?<parent_resource_name>[^/]+)(?:/PROVIDERS/[^/]+)?/(?<service_type>[^/]+)/?(?<service_name>.+)" nodrop
| if (isBlank(parent_resource_name), resource_name, parent_resource_name) as resource_name
| fields subscription_id, location, provider_name, resource_group, resource_type, resource_name, service_type, service_name
Configure metric rules​
Create the following metrics rules by following the instructions in Create a metrics rule.
Azure observability metadata extraction container instance level​
Rule Name: AzureObservabilityMetadataExtractionAzureContainerInstanceLevel
resourceId=resourceId=/SUBSCRIPTIONS/*/RESOURCEGROUPS/*/PROVIDERS/MICROSOFT.CONTAINERINSTANCE/*/* tenant_name=*
| Fields extracted | Metric rule |
|---|---|
| subscription_id | $resourceId._1 |
| resource_group | $resourceId._2 |
| provider_name | MICROSOFT.CONTAINERINSTANCE |
| resource_type | $resourceId._3 |
| resource_name | $resourceId._4 |
Configure metrics collection​
For metrics collection follow guidelines in Azue Metrics Source.
While you configure metrics collection you need to tag the location field in the source with right location value. 
Also you need to configure namespaces as shown below. 
Configure logs collection​
- Add a hosted collector and HTTP Source.
- Create and push a custom image using a Docker file and output_conf.yaml onto a Docker hub.
- Use existing resource group or create a new one in Azure.
- Update the logging-sidecar-deploy.yaml file with your own application image whose logs you want to collect. In the file we have used nginx application as an example whose log files(access logs and error logs) are created in a shared volume(/var/log/nginx).
- Deploy the logging-sidecar-deploy.yaml Azure template.
- parameter -
/fluent-bit/bin/fluent-bitis fluent-bit executable path. - parameter -
-c /root/output_conf.yamlis fluent-bit configuration file path.- Inputs parameters in the
output_conf.yamlfile.- tail. Read logs command name.
- path. Log file path from where fluent bit collector is collecting logs.
- Outputs parameters in the
output_conf.yamlfile.- *name. HTTP output collector. By default, the name key will be assigned with http as value.
- format. Data format by which you can send logs to Sumo Logic. By default, the format key will be assigned with json_lines as value.
- compress. Payload compression mechanism. The recommended file type from Sumo Logic is
gzip. - match. Log matching rule.
- host. Sumo Logic collector host.
- port. Sumo Logic collector port.
- tls=on. By default, on value will be assigned to enable the TLS support.
- tls.verify. By default, off value will be assigned to disable the certificate validation.
- URI. Sumo Logic HTTP collector URI.
- json_date_key. Name of the date field in output.
- header. X-Sumo-Fields header used to tag fields during logs collection.
- Inputs parameters in the
- parameter -
To learn more details on how to deploy azure container instance, refer to the Azure Documentation.
Activity Logs​
To collect activity logs, follow the instructions here. Skip this step if you are already collecting activity logs for a subscription.
Since this source contains logs from multiple regions, make sure that you do not tag this source with the location tag.
Viewing the Azure Container Instances dashboards​
All dashboards have a set of filters that you can apply to the entire dashboard. Use these filters to drill down and examine the data to a granular level.
- You can change the time range for a dashboard or panel by selecting a predefined interval from a drop-down list, choosing a recently used time range, or specifying custom dates and times. Learn more.
- You can use template variables to drill down and examine the data on a granular level. For more information, see Filtering Dashboards with Template Variables.
- Most Next-Gen apps allow you to provide the scope at the installation time and are comprised of a key (
_sourceCategoryby default) and a default value for this key. Based on your input, the app dashboards will be parameterized with a dashboard variable, allowing you to change the dataset queried by all panels. This eliminates the need to create multiple copies of the same dashboard with different queries.
Error Logs​
The Azure Container Instance - Error Logs dashboard provides detailed information on the container activity. This dashboard also provides comprehensive overview of Total Errors, Top 10 Errors bar chart, Log Level Error distribution, Error Trend by Container, and Recent Container Logs.
Administrative Operations​
The Azure Container Instances - Administrative Operations dashboard provides details on the operational activities and status of your Azure Container Instances resources.
Use this dashboard to:
- Monitor the distribution of operation types and their success rates to ensure proper functioning of your Container Instances system.
- Identify potential issues by analyzing the top operations causing errors and correlating them with specific users or applications.
- Track recent write and delete operations to maintain an audit trail of changes made to your Azure Container Instances configuration.
Resources​
The Azure Container Instances - Resources dashboard shows average memory usage, avg CPU usage, and average network bytes received and transmitted per sec.
Use this dashboard to:
- Monitor Average Memory and CPU usage with it's trend.
- Monitor Average Received and Transmitted network bytes.
Policy and Recommendations​
The Azure Container Instances - Policy and Recommendations dashboard provides details on policy events and recommendations for your Azure Container Instances resources.
Use this dashboard to:
- Monitor the success and failure rates of policy events to ensure proper configuration and compliance.
- Track and analyze recent recommendations to improve the performance and security of your Azure Container Instances setup.
- Identify trends in policy events and recommendations over time to proactively address potential issues.
Troubleshooting​
HTTP Logs and Metrics Source used by Azure Functions​
To troubleshoot metrics collection, follow the instructions in Troubleshooting metrics collection in Collect Metrics from Azure Monitor.