Monitoring Microsoft Azure
TABLE OF CONTENTS
The Azure Agent collects data from Azure APIs to monitor services managed by Azure.
Note: This documentation covers installing the Azure Agent, which allows you to collect data from Azure APIs to monitor services managed by Azure. If you want to monitor an Azure Virtual Machine or a Kubernetes cluster running on Azure Kubernetes Service (AKS), refer to the Install the Instana Host Agent documentation.
The Azure Agent must be installed on a host inside or outside your Azure environment. Each Azure agent can monitor remote services of one subscription, so you will need multiple Azure agents to monitor multiple Azure subscriptions.
- Create a service-principal account with read-access to your resources in Azure Portal.
Enable the Azure sensor in the agent's configuration.yaml file; a minimal sensor configuration looks like the following:
com.instana.plugin.azure: enabled: true subscription: "[Your-Subscription-Id]" tenant: "[Your-Tenant-Id]" principals: - id: "[Your-Service-Principal-Account-Id]" secret: "[Your-Service-Principal-Secret]"
Note: Make sure that Service Principal Secret is Base64 Encoded. When you create one via Azure Portal, the secret is already encoded and can be easily copy pasted directly to our configuration file without the need of reencoding it.
The host agent needs to be restarted for the new configuration to be applied, after which the agent will automatically discover supported remote-services on the specified subscription.
The Azure Agent supports filtering of Azure services.
The filtering of services and their instances is based on tags and the resource groups; refer to the Use tags to organize your Azure resources and management hierarchy documentation for more information on how to apply tags to Azure resources and to the What is Azure Resource Manager? documentation for defining resource groups in Azure.
The filtering is applied by modifying the agent configuration file
/opt/instana/agent/etc/instana/configuration.yaml of the Azure Agent as follows:
com.instana.plugin.azure: # Comma separated list of tags in key:value format include_tags: # Comma separated list of tags in key:value format exclude_tags: # Comma separated list of resource groups include_resource_groups: # Comma separated list of resource groups exclude_resource_groups:
Filtering can also be applied at the level of the specific service; for more information, refer to the documentation of the specific services, which is linked from the Monitored Services section.
Azure Monitoring API comes with a limitation of
12000 requests per Service principal, which limits the number of services one Azure Agent can monitor.
To overcome this limitation, you can create multiple service principals.
For information on how to create service principles, refer to the How to: Use Azure PowerShell to create a service principal with a certificate documentation.
Once the service principals have been created, update the
/opt/instana/agent/etc/instana/configuration.yaml file on the Azure agent host to look like the following:
com.instana.plugin.azure: enabled: true subscription: "[Your-Subscription-Id]" tenant: "[Your-Tenant-Id]" principals: - id: "[Your-Service-Principal-Account-Id-1]" secret: "[Your-Base64-encoded-Service-Principal-Secret-1]" - id: "[Your-Service-Principal-Account-Id-2]" secret: "[Your-Base64-encoded-Service-Principal-Secret-2]"
Note: Changes to the principal configuration listed above will be hot-reloaded by the Azure Agent, meaning that they will take effect without needed to restart the Azure Agent.
Sometimes there could be too many API per one API Management Service to collect the data from and to efficiently make sense from. To focus only on those important APIs there is an additional configuration option to inclusively or exclusively filter API per name(s) by defining a regular expression like this:
com.instana.plugin.azure.apimanagement: monitorApiList: - serviceName: 'robotShopApiGateway' #inclusiveApiRegex: '^(API name 1|API name 2)$' exclusiveApiRegex: '^(API name 1|API name 2)$'
As shown in the example above, you can use complex regex expressions with
and. If both
exclusiveApiRegex are defined,
exclusiveApiRegex will be prioritized.