Collect text logs with Azure Monitor Agent
Question
I'm using Azure Monitor Agent to for monitoring a Linux virtual machine in Azure. I have some text logs made by an application that i want to check.
I followed the guide at https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-text-log?tabs=portal .
I have a data collection endpoint and a Custom table with the structure of the log entries.
I set the Data collection rule (DCR) and put in "Find Pattern" filed the location of the log file /home/user/Myfolder/mylog.log .
When i query the custom table i have no results, and if i look at the json of the DCR i see that the source is not configured correctly:
"datasources": {}
If i retry to create the rule, the source filed on json remain void even if it's configured in the portal. What im i doing wrong?
My logs are in the format TimeGeneratd label namespace name value , and TimeGenerated in format yyyy-MM-ddThh:mm:ss .
1 answers
solution1
0 2023-01-13 07:51:02
I set up the custom log collection a few minutes back from Ubuntu 20.04 VM using the steps available in the doc and it worked. Here is some information that should help:-
- In the Resource JSON obtained by clicking "JSON View" in the "Overview" of DCR, contains the
"datasources": {}as empty. It only contains very basic information of the resource (DCR) itself. You should be checking the "Data sources" and "Resources" options under Configuration for details of Data source.
. If you want to get the complete configuration details (ARM template) for the DCR, use the "Export template" option as shown in the image above.
Before investigating the custom log, ensure that the Linux VM is connected to the Log Analytics workspace. To check this, you can query the
Heartbeattable in the "Log Analytics" workspace to ensure that the heartbeats are being collected at regular intervals (every 1 minutes).If the Heartbeats are getting in regularly, the DCR might have an issue. Ensure that the table name is mentioned correctly. This is the name of the table ( including "_CL" in the name which is appended to all custom tables ) created in the first step of configuring the "text log collection". See Create a custom table for details.
The log collection starts after the DCR is configured. Therefore, any new entry will be collected and old entries will be ignored. Enure that there are new entries in the log file after the DCR was configured.
Also, ensure that all the pre-requisites are met as mentioned here , ie,
- log has to be on a local drive of machine and delineated with an end of line.
- Only ASCII or UTF-8 encoding are supported for log. Other formats such as UTF-16 aren't supported.
- circular logging are not supported.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.