Skip to main content

Troubleshoot Azure Storage Log Collection

If logs do not start flowing into Sumo Logic after you perform the procedure to collect logs from Azure blob storage (using block blobs or append blobs), see the troubleshooting tips below.

Error while deploying the ARM template

If you received the following error while deploying the ARM template: The Resource 'X' under resource group 'Y' was not found.

Azure_ARM-template-error.png

To redeploy, do the following steps:

  1. Go to the resource group where the deployment failed.
  2. Click on Deployments under Settings, and then click on Microsoft.Template(last deployment) in the next window.
  3. Click Redeploy, provide the required fields, and click Purchase. You should see the successful deployment notification.

Azure_ARM-template-troubleshoot.png

If you get namespace invalid error make sure it follows the naming convention specified in this doc.

{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "BadRequest",
"message": "{\r\n \"error\":
{\r\n \"message\": \"The specified service namespace is invalid. CorrelationId: fb6a08d9-fc78-4540-a79e-861f1d81fe2e\",\r\n \"code\": \"BadRequest\"\r\n }
\r\n}"
},
{
"code": "BadRequest",
"message": "{\r\n \"error\":
{\r\n \"message\": \"The specified service namespace is invalid. CorrelationId: fb6a08d9-fc78-4540-a79e-861f1d81fe2e\",\r\n \"code\": \"BadRequest\"\r\n }
\r\n}"
}
]

For common deployment errors, refer to Troubleshoot common Azure deployment errors.

AutoScaling producer function to handle huge load on creating tasks for consumer function

  1. Go to the Producer function app.
  2. Under Settings blade, select Scale out (App Service plan).
  3. Select Rule Based Scaling.
  4. Add your rules based scaling configuration as defined in Create your first autoscale setting.
autoscalling

Verify configurations

Make sure that the resources you created in the Collect Logs from Azure Blob Storage procedure were successfully created.

  1. Go to Resource groups, and select the resource group you created or selected in Configure Azure resources using ARM Template. You should see resources you created:
    • Two App Service plans.
    • Three App Services.
    • A Service Bus Namespace.
    • An Event Hubs Namespace.
    • A Storage account.
  2. In the left pane of the Azure Portal, click AppServices, and search for “SUMOBRTaskConsumer”. You should find the “SUMOBRTaskConsumer\<random-string\>” Function App and click it.
  3. Click the Application settings link. Check that the value of the SumoLogEndpoint field matches the HTTP source URL.

Verify Blob Create Events are getting published

  1. Click All Services. Go to Event Grid Subscription services.
  2. Select Storage Account and region from the dropdown.
  3. Select the Event Subscription created in Step 3 from the list.
  4. Click Metrics.
  5. On the Event Grid Metrics page, check that the Publish Succeeded and Delivery Succeeded counts are greater than zero.
    event-grid-metrics.png

Verify Event Hub is receiving log messages

To verify that events are appearing in your event hub:

  1. In the left pane of Azure Portal, Click Eventhub.
  2. Search for “SUMOBREventHubNamespace”. You should find the “SUMOBREventHubNamespace\<random-string>” Event Hub Namespace and click it.
  3. Click the Messages link.
  4. Message summary information appears below the chart. Check that the Incoming Messages count is greater than zero.
    eventhub-messages-metrics.png

Verify Service Bus Queue is receiving tasks

Go to Service Bus Service from the Azure portal and click on SUMOBRTaskQueueNamespace\<unique string> Service Bus Namespace. Check that the incoming messages count is greater than zero.

service-bus-metrics.png

Verify Azure Function is not getting Failed

  1. Go to Function App.
  2. Go to Application Insights.
    app-insights
  3. Go to Failures section.
    failures.png
  4. Click on the Function Name under Operation Name
  5. In the top 3 exception types, click on the count it will open a sample exception.
  6. Click on any exception it will open an end to end transaction details page where you can click on View all telemetry to view all the logs for that execution.
    end-transaction.png

Verify with Live Tail

In Sumo Logic, open a Live Tail tab and run a search to verify Sumo Logic is receiving events. Search by the source category you assigned to the HTTP Source that receives the log data, for example: _sourceCategory="azure/ad"

For more information about using Live Tail, see Sumo Logic Live Tail.

Common Azure function errors

For common error messages, refer Blob Reader error messages section.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.