Add logs from Azure

Add logs hosted in your Azure cloud to record and monitor the systems and get alerted about any potential problems. The Azure Event Hub messaging system has built-in support for streaming logs out of a large variety of Azure-hosted resources, such as VMs, load balancers, and more.

Add logs from Azure automatically

The Azure PowerShell module must be installed prior to completing these instructions. See Install Azure PowerShell on Windows with MSI in the Microsoft technical documentation.

1. Download the template directory in GitHub and save it locally.

2. Connect to your Azure account. Run the following command in the PowerShell Console.

   Connect-AzAccount -Tenant xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx -Subscription yyyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyy

3. Copy or create an API token (Ingestion type), found in the settings area of SolarWinds Observability. You will need it later. See API Tokens for details.

4. In the following PowerShell script, run the following script as an Administrator.

   1. Replace YourSolarWindsApiToken with the text copied previously and YourOtelEndpoint with your organization's OTel endpoint. See Data centers and endpoint URIs to determine your organization's endpoint.

   2. Replace YourResourceGroupName with the name defined for the new resource group that will be created by script.
      

      The name of the resource group must be unique. You cannot use the same name in the Azure tenant where logs resources will be deployed. This parameter is optional, and the default value is swi-logs.

   3. Replace YourProjectName with the name defined for the new project that will be created by script.
      

      The name of the project must be unique. You cannot use the same name in the Azure tenant where logs resources will be deployed. This parameter is optional, and the default value is swi-logs.

   4. Replace FunctionName with name defined for the function that will be created by script.

      The name of the function must be unique. You cannot use the same name in the Azure tenant where logs resources will be deployed. This parameter is optional, and the default value is forwarder-function.

   5. Replace YourResourceGroupLocation with the region name where these resources will be deployed.

      This parameter is optional, and the default value is eastus.

   ./deploy-swi-azure-logs-forwarder.ps1 -SwiApiKey YourSolarWindsApiToken -swiOtelEndpoint YourOtelEndpoint
   -ResourceGroupName YourResourceGroupName -ProjectName "YourProjectName"-FunctionName YourFunctionName 
   -ResourceGroupLocation YourResourceGroupLocation
   

5. Forward logs you want to see in the website to a created event hub. Follow the guide on how to forward logs from a resource to the event hub.

Logs from your Azure cloud will now be sent to SolarWinds Observability.

Add logs from Azure manually

Create a Resource group

1. Sign in to the Azure portal.

2. Navigate to the Resource groups, and click Create.

3. For Subscription, select the name of the Azure subscription in which you want to create the resource group.

4. Type a unique name for the resource group. Azure checks to see if the name is available in the currently selected Azure subscription.

5. Select a region for the resource group.

6. Click Review + Create.

Create an Event Hub namespace

1. Navigate to Event Hubs, and click Create.

2. On the Create Namespace page, select the subscription, resource group, name, and location for the namespace.

3. Click Review + Create.

4. On the Review + Create page, review the settings, and click Create.

Create an Event Hub

1. On the Event Hubs Namespace page, click Event Hubs in the left menu.

2. At the top of the window, click + Event Hub.

3. Type a name for your event hub, and then click Create.

Create a function app

Azure function apps have built-in triggers for the Event Hub that pass the contents of log messages to the function app. You can use C# script code and forward the contents of log messages to SolarWinds Observability with a simple HTTP POST call.

1. From the Azure portal menu or the home page, click Create a resource.

2. Choose the Function App from the list of the resources, and click Create.

3. On the Basics page, specify the subscription, resource group, region, and name for the function app.

4. In the Publish field, click Code.

5. In the Runtime stack drop-down, click .NET.

6. In the Version drop-down, click 6.

7. Select operating system Windows, and serverless plan type

8. Click Next:Hosting.

9. Select a storage account.

10. Click Review + Create to review the app configuration.

11. On the Review + Create page, review your settings, and then click Create to provision and deploy the function app.

Create Event Hub Trigger function

1. From the left menu of the Function App window, click Functions, and then click Create from the top menu.

2. In the Create Function window, ensure the Development environment property has Develop in portal and select the EventHub trigger template.

3. Choose an available Event Hub connection or create a new one by specifying the Event Hub namespace created previously.

4. Specify the previously created Event Hub in Event Hub name field.

5. Click Code + Test.

6. Replace the contents of the EventHubTriggerCSharp.csx file with contents of this run.csx file, and then click Save.

If you encounter the "One or more loaded extensions do not meet the minimum requirements" error, see Functions V4 - Require a minimum version for supported extensions · Issue #1987 · Azure/Azure-Functions to apply the work around for the issue:

1. From the Function App home page, navigate to App files.

2. Choose host.json and update the extension bundle version according to recommendation:

   {
     "version": "2.0",
     "extensionBundle": { 
       "id": "Microsoft.Azure.Functions.ExtensionBundle",
       "version": "[2.8.4, 3.0.0)"
     }
   }

7. Return to the Function App detail page, navigate to the Configuration page, and configure the following Application settings (environment variables):

   • SWI_API_KEY - the environmental variable containing your SolarWinds Observability API key.

   • SWI_OTEL_ENDPOINT - the environmental variable containing telemetry endpoint URI: logs.collector.xx-yy.cloud.solarwinds.com (where xx-yy is determined by the URL you use to access SolarWinds Observability, described in Data centers and endpoint URIs).

8. Forward logs you want to see in the website to a created event hub. Follow the guide on how to forward logs from a resource to the event hub.

Forward logs from a resource to the event hub

1. Open the detail of a resource from which the logs should be forwarded.

2. Click the Activity log link.

3. Click Export Activity Logs.

4. Click Add diagnostic Setting.

5. Select all the categories you want to export.

6. In Destination details, select Stream to event hub.

7. Click Save.

For more helpful information, see the Azure Monitor Logs overview.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.