In this article, I will demonstrate how to analyze Microsoft Azure cloud resources with the help of the Grafana monitoring tool. I hope that you already installed and configured Grafana service on a machine, if not please follow the below tutorial to setup.
In the above tutorial we have used InfluxDB as a data source but to configure Azure we need another data source called “Azure Monitor”. Please note that Azure monitoring is officially released on Grafana v6.0.0. The azure monitoring plugin is shipped with this package so we don’t want to install it manually.
Azure monitor plugin verification:
I have installed configured Grafana on my Azure cloud. Login to Grafana and make sure that the Azure Monitor plugin is available. Login to Grafana Home and click on “data source” ( Create your first data source) and search for azure. It displays the plugin.
Select the data source and you will be redirected to the data source configuration page. Here we have to enter all the required details. Here you can see that there three different monitoring options
- Azure Monitor Details:– With the help of this configuration we can monitor all azure resources.
- Azure Log Analytics API Details:- This is to view all the log collected from the Operating system, Network device, application, etc. For more details about these read Microsoft azure documents
- Application Insights Details: This is an Application Performance management (APM) Service to monitor your live web application.
In this blog post, we will configure all the above but create the Grafana dashboard only for Azure Monitor.
From the above screenshot, it is clear that we need a Tenant ID, Client, secret, etc to configure this data source.
Grafana uses the Active Directory service principal to connect azure monitoring API and collect data from Azure. First, create a service principal, you can follow Microsoft documentation (below) or I will explain all the steps one by one.
Create a service principle:
For this create an Active directory application.
- Login to Azure account
- Select Azure active directory
- Go to App Registration
- select New registration.
Given any name for your application and select a single tenant. Add “http://localhost:3000” as Redirect URL. Refer to the below image.
Register the application. Once the registration completed, you can view the Tenant ID and Client ID on the dashboard. Copy these details and save it safely. We need these details to configure Grafana.
Add application role:
Next, we need to add a role for the newly created application then only it access a resource in our subscription.
Go to All Service -> Select “Subscription”
Select your subscription which you want to add the rule. If your subscription is not listed select “Global subscription filter”
- Select Access Control (IAM)
- Select “Add a role assignment.
Add the “Log Analytics Reader” role for the App. Refer below screenshot for more details. Click save to commit the changes.
In the “Role Assignment” tab you could able to view the application and assigned role.
yes, now the Service principle has created. The next application needs credentials to authenticate with Azure Active Directory (AD). This can be achieved by two methods, Azure AD certificate, and application secrets. I will explain the Application secret.
Create new application secret:
Go back to the App registration and choose “Certificate & Secrets”. Click on “New client secret” to generate a secret key.
Keep the generated key in a safe place (we required it to configure Grafana) because we will not able to retrieve the key once we left the session.
Now, we have all the values which are required to set up azure Monitor Details. Next, we are configuring Azure Log Analytics API, for this we need same details as Azure Monitor and additionally “Default workspace”.
Create Log Analytics Workspace:
Go to All services -> Log Analytics Workspace and click the “Add” button to create a new one.
Add all required details and click ok to generate the workspace.
Create Application Insights:
Go to all services and search for Application Insights. Click the “Add” button and add requested details to create an Application insight.
For communication create an API key. Click API Access from the left side panel.
Add the required details and create the key. (Permission is Read telemetry”)
Note down the generated API key to a safe place as we need to add it to the Grafana. Please note that, once we lost this key we Can’t recover it.
Now, we have all the values required to configure Grafana. Add all the details below in the Grafana data source.
If you added all the details as above then you will get the above message without any error message.
Data source configuration is done, next, we have to create Grafana dashboard with this data source. Please go next page to see the details.