Among the several new cool features recently added to the AutoMonX Azure Sensor pack, there is the Log Analytics Custom sensor. The great thing about it is that it allows customers to create custom sensors based on KQL (Kusto Query Language) in their Azure tenant and the Azure Sensor pack will auto-discover them and use them for monitoring!
Use cases
There are various situations where the information you wish to monitor is well hidden inside the Azure log analytics and not available in Azure monitor:
You have some custom applications writing events to the Azure Analytics logs
You wish to query the built-in Azure logs for specific information
There is no built-in metric in Azure for a specific item you wish to monitor
Cheat sheet of KQL custom monitoring
1. Create the query in Azure
2. Save the query into a QueryPack
3. Add the Azure resource you wish to a query in the label list.
4. Run the AutoMonX Azure Sensor pack auto-discovery and add the new Log Analytics sensor for monitoring
Creating the query
Go to the resource (for example, Virtual Machine). Under Monitoring select Logs and write your own query. Your KQL query must include UTF-8 characters only. Adjust it so that the returned values will be of the following format:
1. Single value – The returned value must be numeric. The channel name in PRTG will be automatically set to “Value”. This type of queries would be relevant for state or count queries.
2. Channel name and Value – Make sure that the first column will always return the same name for the channel name. Limited to 40 pairs of values and channels. All values must be numeric while the channel names are textual.
3. Channel name, Value and unit – the third column can represent the custom unit to show in PRTG. Limitations as listed above.
Example Query:
InsightsMetrics | where Origin == 'vm.azm.ms' | where Namespace == 'Processor' and Name == 'UtilizationPercentage' | top 1 by TimeGenerated desc | project Name, Val
Saving the Query
After you have reached the desired output, press Save to Save as query. In the popped-out window, give the query a meaningful name as this would be the name of the sensor in PRTG.
Important:
You must use the Description field to list the specific resources to perform this query on. This must include the full Resource ID. The resource ID can be found find under the Settings -> Properties tab of each Azure resource.
Make sure to set the displayName field (inside the query code) to set the name of the sensor in PRTG
Creating the sensor in PRTG
The sensors will be automatically discovered and created like any regular AutoMonX sensor during the discovery process. It will be placed in the PRTG device tree under the resource’s device (given the Azure resource id was provided as a label during the query creation process).
Editing the query
To adjust or add new resources as labels, open the Query Pack you saved the query into, press on the Export templates tab, and press Deploy, followed by pressing the Edit Template button.
After you finish editing the query body or labels, press Save and continue to Create the template. The sensor will be updated automatically.
Important: You must run our auto-discovery in order to create sensors for new resources
Comments