Skip to main content
Splunk Lantern

Azure critical infrastructure health

 

You can collect Azure metrics on almost any type of Azure infrastructure and send these into your Splunk platform instance. This central metric collection mechanism allows you to gain immediate visibility into the health and performance of your Azure infrastructure across regions and accounts without additional instrumentation.

Data required 

Microsoft Azure metrics data

Procedure

  1. Configure the Microsoft Azure Add-on for Splunk.
  2. Run the following search. You can optimize it by specifying an index and adjusting the time range.
sourcetype="azure:metrics" 
| mvexpand host 
| search host="/subscription*" 
| rex field=host "(?<resource>[^\/\r\n]*)\Z" 
| search resource="<RESOURCE-NAME>" AND metric_name="<METRIC-NAME>"
| eval final=resource."-".metric_name 
| timechart avg(average) AS average BY final

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search Explanation

sourcetype="azure:metrics"

Search only Azure metrics data. 

| mvexpand host | search host="/subscription*" 

Filter to Azure resources.
| rex field=host "(?<resource>[^\/\r\n]*)\Z"  Extract the resource name.
| search resource="<RESOURCE-NAME>" AND metric_name="<METRIC-NAME>"

Filter to a specific resource. Replace <RESOURCE-NAME> with the name of the resource you want to review. Replace <METRIC-NAME> with the metric name(s) that you want to plot on a chart. Multiple values and wildcards in both of these fields are acceptable.

| eval final=resource."-".metric_name  Combine the host name with the name of each metric.
| timechart avg(average) AS average BY final Calculate the average value over time of the specific metrics.

Next steps

The results of this search help you to identify health and performance metrics that might indicate problems or inefficiencies in your environment.

You might also be interested in other processes associated with the Managing Azure cloud infrastructure use case.