Send Logs from Edge Delta to Azure Log Analytics

How to configure Azure when sending logs from Edge Delta to Azure Log Analytics.

  3 minute read  

Overview

You can configure Edge Delta agents to send logs, cluster patterns and samples, and custom data items to Azure Log Analytics.

Pipeline Configuration

To send telemetry data to Azure Log Analytics, configure Azure using instructions on this page, and add the Azure Log Analytics node to your Edge Delta pipeline.

Azure Configuration

You need the following objects configured in Azure:

Register Azure Application

Register Edge Delta as an application.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Select Identity - Applications - App registrations and select New registration.
  3. Enter Edge Delta Stream, for example, as the application display name.
  4. Accounts in this organizational directory only is selected by default. Click Register.
  5. Copy and save the Application (client) ID and Directory (tenant) ID. The Application (client) ID value is used for the client_id parameter, while the Directory (tenant) ID is used for the tenant_id parameter in the Log Analytics node.
  6. Click Add a certificates or secret.
  7. Click New client secret.
  8. Enter a description and expiration date and and click Add.
  9. Copy and save the secret Value. This secret Value value is used for the client_secret parameter in the Log Analytics node.

See the official Azure documentation for more details.

Data Collection Endpoint

Create the data collection endpoint in Azure Monitor.

  1. Navigate to the Data Collection Endpoints service in Azure.
  2. Click Create.
  3. Enter Edge-Delta-Stream-Ingestion, for example, as the Endpoint name.
  4. Specify your organization’s Subscription, Resource Group, and Region.
  5. Select Review + create. Then select Create.
  6. Open the Edge-Delta-Stream-Ingestion endpoint when it appears.
  7. Copy and save the Logs Ingestion value. This Logs Ingestion value is used for the data_collection_endpoint parameter in the Log Analytics node.

Log Analytics Workspace Table

Create a new table in the Log Analytics Workspace to receive the telemetry data.

Note: it is recommended to use two Azure Logs Analytic nodes to send logs and cluster patterns data separately.

  1. In the Azure portal, navigate to the Log Analytics workspaces service.
  2. Select the workspace that will receive data.
  3. Click Tables in the Settings section.
  4. Click Create and select New custom log (DCR-based)
  5. Specify a Table name.
  6. Click Create a new data collection rule.
  7. Specify a name for the data collection rule and click Done.
  8. Select the Data collection endpoint you created earlier, for example, Edge-Delta-Stream-Ingestion.
  9. Click Next.
  10. Upload a sample of logs in JSON format using this logs sample or this patterns sample depending on which node you are configuring.
  11. The timestamp field in Edge Delta is not recognized due to its data type. Click Transformation Editor.
  12. Update the query to read as follows using auto-complete to ensure there are no formatting errors:
source
| extend TimeGenerated = todatetime(timestamp)
  1. Click Run to test the query. The Edge Delta timestamp field should be used to populate the TimeGenerated field. Click Apply.
  2. Click Next.
  3. Click Create.

Configure IAM

Assign rule permissions for the Edge Delta Stream app:

  1. In the Azure portal, navigate to the Data collection rules service.
  2. Click the Data Collection rule you created in a previous step.
  3. Click JSON View.
  4. Copy and save the immutableId value without the quotation marks. This immutableId value is used for the data_collection_rule_id parameter in the Log Analytics node.
  5. Copy and save the first key name without the quotation marks from streamDeclarations, for example agent_CL in the following snippet:
        ...
        "properties": {
            "immuteableId": "123456789"
            "dataCollectionEndpointId": "/subsriptions/123456789/resour...",
            "streamDeclarations": {
                "agent_CL": {
                    "columns": [{
                      {...

This value is used for the stream_name parameter in the Log Analytics node.

  1. Close the JSON view and click Access control (IAM).
  2. Click Add role assignment.
  3. Click the Monitoring Metrics Publisher role.
  4. Click Next.
  5. Click Select members.
  6. Search for and select Edge Delta Stream (the application name you registered earlier) and click Select.
  7. Click Review + assign.
  8. Click Review + assign to confirm.
Log Analytics Workspace Table Patterns for Edge Delta

A sample of patterns for creating a Log Analytics Workspace table.

Log Analytics Workspace Table Sample for Edge Delta

A sample for creating a Log Analytics Workspace table.