Azure Data Explorer
Azure Data Explorer is a fully managed, high-performance, and big data analytics platform that is easy to analyze high volumes of data in near real time. This integration helps in monitoring the usage, health, and performance of the Azure Data Explorer cluster resources.
Log and metric types​
For Azure Data Explorer, you can collect the following logs and metrics:
- Ingestion Logs. These logs have information about ingestion operations and detailed statistics of batches ready for ingestion (duration, batch size, blobs count, and batching types).
- Commands and Queries: These logs have information about admin commands and queries that have reached a final state.
- Tables: These logs have detailed information about the tables whose extents were scanned during query execution.
- Journal: These logs have detailed information about metadata operations.
- Metrics
- Cluster metrics
- Export metrics
- Ingestion metrics
- Streaming ingest metrics
- Query metrics
- Materialized view metrics
For more details on logs and metrics collected, refer to the supported metrics documentation and logs schema documentation.
Setup​
Azure service sends monitoring data to Azure Monitor, which can then stream data to Eventhub. Sumo Logic supports:
- Logs collection from Azure Monitor using our Azure Event Hubs source.
- Metrics collection using our HTTP Logs and Metrics source via Azure Functions deployed using the ARM template.
You must explicitly enable diagnostic settings for each Azure Data Explorer cluster you want to monitor. You can forward logs to the same event hub provided they satisfy the limitations and permissions as described here.
When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: Azure/DataExplorer/Logs
, Azure/DataExplorer/Metrics
.
Configure metrics collection​
In this section, you will configure a pipeline for shipping metrics from Azure Monitor to an Event Hub, on to an Azure Function, and finally to an HTTP Source on a hosted collector in Sumo Logic.
- Configure an HTTP Source.
- Configure and deploy the ARM Template.
- Export metrics to Event Hub. Choose
Stream to an event hub
as destination and selectAllMetrics
. Use the Event hub namespace created by the ARM template in Step 2 above. You can create a new Event hub or use the one created by ARM template. You can use the default policyRootManageSharedAccessKey
as the policy name.
Configure logs collection​
In this section, you will configure a pipeline for shipping diagnostic logs from Azure Monitor to an Event Hub.
- To set up the Azure Event Hubs source in Sumo Logic, refer to Azure Event Hubs Source for Logs.
- To create the Diagnostic settings in Azure portal, refer to the Azure documentation.
- Choose
Stream to an event hub
as the destination. - Select all the
Categories
underLogs
. - Use the Event hub namespace and Event hub name configured in previous step in destination details section. You can use the default policy
RootManageSharedAccessKey
as the policy name.
- Choose
Troubleshooting​
HTTP Logs and Metrics Source used by Azure Functions​
To troubleshoot metrics collection, follow the instructions in Collect Metrics from Azure Monitor > Troubleshooting metrics collection.