Often I see questions around how I can the auto provisioning agents capabilities (now renamed to Settings & monitoring) in Defender for Cloud via API.
Tag: Log Analytics
Azure Monitor Log Alert V2
Log Alerts have been available in Log Analytics for quite some time. Initially they were available via legacy Log Alert API that was specific for Log Analytics. In order to make Log Alert more native to Azure a new Log Alert API was available. With a few minor features like (custom webhook payload) that API was direct translate from the legacy one offering the same features. Now Azure Monitor team is introducing a new Log Alert that is named Log Alert V2. That new alert is using the same API but with new version. So if you use the API version 2018-04-16 to create Log Alert you are creating v1 and if you use version 2021-08-01 you are creating v2. Log Alert v2 will be generally available probably very soon as I have received e-mail notification containing the following information:
- any API version like 2021-02-01-preview will be deprecated and replaced by version 2021-08-01
- billing for Log Alert v2 will start from 30th of November.
This for me signals that before 30th of November or several weeks after the service will be generally available. I am not aware of specific information just the official e-mail notification leads me to these conclusions. The Log Alert v2 has been in preview for a couple of months which I have been testing and providing feedback.
Finding Columns that are used by more than one service in AzureDiganostics table
AzureDiagnstics table is used by many Azure Services when you send diagnostic logs thus the 500 column limit that Microsoft is trying to fix for that table. When you hit that limit there is currently the described workaround but let’s say you have used one service that was sending logs and you no longer use that service. The logs associated with that service are yet to purged but you also want to clean up any custom columns that the service was using. That way you can free some slots for new custom columns for new services that will send logs to AzureDiagnostics table. Of course you can delete the custom column from Log Analytics blade but you do not want to delete a custom column that is also used by another service. This will be a short blog post that I will show you how to find if custom column is used by more than one service by using Kusto query language.
Tracking Issues with Resource Health and Log Analytics
I have been away from blogging for a while as I needed to dedicate some more time to my family but now I am back with new blog post. Today’s topic we will focus on two Azure Monitor features – Resource Health and Log Analytics. Resource Health is may be not so known feature of Azure Monitor. The service will basically track the health of your resources for specific known issues. Think of it like something between Service Health which monitors health for specific services rather resources on higher level and Log Analytics/Application Insights which allows you to monitor on lower level. Using all of them you can achieve end-to-end monitoring. There are a number of resources that are supported by resource health with a number of issues that are monitored. My advise is if you do not have any monitoring on an Azure resource you should at least create resource health alerts for it. Even if you have monitoring I would still advise to use resource health as it will alert you on things that you probably cannot or your are not checking with your monitoring.
Inside Azure Management V4 Book Now Available
The time has come to publish the Inside Azure Management v4 book. This is the only free book that focuses on Azure Management. If you want you can also support us with purchase from Amazon. Links for both the free and purchasable version you will find below. It is needless to say that the authors of this book Pete Zerger, Tao Yang and Kevin Greene and me have put a lot of effort. Additionally also Ryan Irujo, Alexandre Verkinderen and Bert Wolters have put also a lot of effort in authoring of certain chapters. I would like to thank to all authors for the great work. Comparing v3 to v4 release we have tried to make the existing content better with providing even more examples. Overall we have followed the same guidance as before: trying to give you less content that is already available and focus on tips, tricks, scenarios and examples. Any feedback you can send it to us via e-mail: insidemscloud (at) outlook.com. I hope that you will enjoy our work and you will find it useful.