Azure-docs: how to configure the storage account's diagnostics logs using an arm template. can you please point me to any doc on that info
how to configure the storage account's diagnostics logs using an arm template
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: e88da5d5-2f28-00fc-d8c3-7414dbbac91a
- Version Independent ID: 10bef6bc-b450-c805-cd6c-cf4958b2d99f
- Content: How to monitor an Azure Storage account
- Content Source: articles/storage/common/storage-monitor-storage-account.md
- Service: storage
- GitHub Login: @tamram
- Microsoft Alias: tamram
rameshjanjyam
All 24 comments
@craigshoemaker - FYI
tamram
on 10 Aug 2018
@rameshjanjyam Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.
AdamS-MSFT
on 10 Aug 2018
Thank you @Adam-Smith-MSFT
rameshjanjyam
on 11 Aug 2018
Has there been any movement on this? @Adam-Smith-MSFT
chris31389
on 10 Sep 2018
Have there been any updates regarding this? @Adam-Smith-MSFT
We have come across the same question. I had a look at the generated automation script after configuring the diagnostic logs manually, hoping that I can use this as a reference on how to solve this, and found that these settings are not included in the script. In fact none of the diagnostic log settings for our resources are included in the automated script.
Can you please give me some pointers on how to configure diagnostic logs for storage accounts in ARM templates?
Thanks!
georgschmidtdumont
on 7 Feb 2019
Unfortunately, it's not supported.
fhryo-msft
on 21 Feb 2019
@fhryo-msft whats the suggested way of automating it then? Directly on the api; using az-cli/powershell? From my understanding ARM should be a first class citizen for automatically deploying resources.
Klaas-
on 28 Feb 2019
You are right. CLI & Powershell are recommended for automation.
fhryo-msft
on 28 Feb 2019
isn't ARM the suggested way of deploying resources to Azure?
Klaas-
on 4 Mar 2019
It's correct. However, storage diagnostic settings are controlled in data plane with Storage SDKs, and they have not been surfaced in ARM operations.
fhryo-msft
on 5 Mar 2019
i understand its not supported now, but are there plans to support setting diagnostic settings via arm-templates in near future?
rameshjanjyam
on 5 Mar 2019
Yes, we have the plan to on-board storage logs to Azure Monitor. Once it's ready, you should be able to configure settings via ARM template, reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-stream-template. It's about to public preview in H2CY2019.
@nkiest to comment on ARM template support of diagnostic settings.
fhryo-msft
on 5 Mar 2019
please-close
fhryo-msft
on 8 Apr 2019
@fhryo-msft
I was trying to add application insights for storage account,I was facing the following error.
Subscription '47254fc5-a663-47a3-98dd-5d2369669a17' is not whitelisted in the private preview of diagnostic log settings for Azure resource type 'microsoft.storage/storageaccounts', feature flag: 'microsoft.insights/diagnosticsettingpreview'
By following your discussion I came to know that storage account was not supported for configuring changes to arm template. Is this related to that issue?
shanmuksai
on 10 Dec 2019
Yes, we have the plan to on-board storage logs to Azure Monitor. Once it's ready, you should be able to configure settings via ARM template, reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-stream-template. It's about to public preview in H2CY2019.
@nkiest to comment on ARM template support of diagnostic settings.
Seems like Microsoft still doesnt support the DIAGNOSTICS SETTINGS for Storage Accounts thru ARM template? I am trying to set the Queue Properties thru ARM template and I cant find any documentation on how to do it?
ketaanhshah
on 5 Mar 2020
@fhryo-msft - Can you comment on configuring diagnostics with an ARM template?
@normesta FYI
tamram
on 5 Mar 2020
Log are not currently supported, but metrics are. If you adjust your ARM template to only collect metrics, you should not get the above error.
Note, you need to configure on the subresource you want to monitor separately, ie blobservice:
/subscriptions/subID/resourceGroups/rgID/providers/Microsoft.Storage/storageAccounts/resourceName/blobServices/default
nkiest
on 6 Mar 2020
@nkiest can I set the Queue logs settings for the Storage Account then through Powershell then instead of ARM template? If yes any help on what Powershell I can use
ketaanhshah
on 6 Mar 2020
@normesta @tamram @fhryo-msft any help on this?? can I set the Queue logs settings for the Storage Account then through Powershell then instead of ARM template? If yes any help on what Powershell I can use
ketaanhshah
on 6 Mar 2020
@ketaanhshah - Try this PowerShell command:
tamram
on 6 Mar 2020
@tamram Thank you dear, that PS1 worked perfect for me.
ketaanhshah
on 6 Mar 2020
@nkiest @tamram - We are having issues with this. The subscriptions are registered for the limited public preview of Azure Storage logs integration with Azure Monitor. The storage account in question is an Azure Data Lake Gen2.
Azure Portal works great. However, we tried deploying an ARM template to configure diagnostic settings on a blob service level. After the deployment succeeds such diagnostics settings are, in fact, not created. Are we doing anything wrong with types/name or apiVersion? According to one of the error messages I got in the Portal, I believe there is a new version - 2020-01-01-preview.
We tried with the following resource template:
{
"type": "Microsoft.Storage/storageAccounts/blobServices/providers/diagnosticSettings",
"name": "[concat(parameters('storageAccountName'), '/blobServices/', '/microsoft.insights/', parameters('storageAccountName'), 'LogSettings')]",
"apiVersion": "2017-05-01-preview",
"properties": {
"workspaceId": "[parameters('logAnalyticsResourceId')]",
"logs": [
],
"metrics": [
{
"enabled": false,
"retentionPolicy": {
"days": 0,
"enabled": false
},
"category": "Capacity"
},
{
"enabled": true,
"retentionPolicy": {
"days": 0,
"enabled": false
},
"category": "Transaction"
}
]
}
}
RadoslavGatev
on 9 Jul 2020
Hi @RadoslavGatev - Here's a sample ARM template that our engineering teams provided that we will soon post on a sample repo. I haven't physically tried any of this out, but perhaps there is some material in here you can harvest? Here goes:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "String"
},
"settingName": {
"type": "String"
},
"storageSinkName": {
"type": "String"
},
"workspaceId": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2019-10-01",
"name": "nested",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"expressionEvaluationOptions": {
"scope": "inner"
},
"parameters": {
"endpoints": {
"value": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2019-06-01', 'Full').properties.primaryEndpoints]"
},
"settingName": {
"value": "[parameters('settingName')]"
},
"storageAccountName": {
"value": "[parameters('storageAccountName')]"
},
"storageSinkName": {
"value": "[parameters('storageSinkName')]"
},
"workspaceId": {
"value": "[parameters('workspaceId')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"endpoints": {
"type": "object"
},
"settingName": {
"type": "String"
},
"storageAccountName": {
"type": "String"
},
"storageSinkName": {
"type": "String"
},
"workspaceId": {
"type": "String"
}
},
"variables": {
"hasblob": "[contains(parameters('endpoints'),'blob')]",
"hastable": "[contains(parameters('endpoints'),'table')]",
"hasfile": "[contains(parameters('endpoints'),'file')]",
"hasqueue": "[contains(parameters('endpoints'),'queue')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/providers/diagnosticsettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('storageAccountName'),'/Microsoft.Insights/', parameters('settingName'))]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageSinkName'))]",
"metrics": [
{
"category": "Transaction",
"enabled": true
}
]
}
},
{
"condition": "[variables('hasblob')]",
"type": "Microsoft.Storage/storageAccounts/blobServices/providers/diagnosticsettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('storageAccountName'),'/default/Microsoft.Insights/', parameters('settingName'))]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageSinkName'))]",
"logs": [
{
"category": "StorageRead",
"enabled": true
},
{
"category": "StorageWrite",
"enabled": true
},
{
"category": "StorageDelete",
"enabled": true
}
],
"metrics": [
{
"category": "Transaction",
"enabled": true
}
]
}
},
{
"condition": "[variables('hastable')]",
"type": "Microsoft.Storage/storageAccounts/tableServices/providers/diagnosticsettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('storageAccountName'),'/default/Microsoft.Insights/', parameters('settingName'))]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageSinkName'))]",
"logs": [
{
"category": "StorageRead",
"enabled": true
},
{
"category": "StorageWrite",
"enabled": true
},
{
"category": "StorageDelete",
"enabled": true
}
],
"metrics": [
{
"category": "Transaction",
"enabled": true
}
]
}
},
{
"condition": "[variables('hasfile')]",
"type": "Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticsettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('storageAccountName'),'/default/Microsoft.Insights/', parameters('settingName'))]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageSinkName'))]",
"logs": [
{
"category": "StorageRead",
"enabled": true
},
{
"category": "StorageWrite",
"enabled": true
},
{
"category": "StorageDelete",
"enabled": true
}
],
"metrics": [
{
"category": "Transaction",
"enabled": true
}
]
}
},
{
"condition": "[variables('hasqueue')]",
"type": "Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('storageAccountName'),'/default/Microsoft.Insights/', parameters('settingName'))]",
"properties": {
"workspaceId": "[parameters('workspaceId')]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageSinkName'))]",
"logs": [
{
"category": "StorageRead",
"enabled": true
},
{
"category": "StorageWrite",
"enabled": true
},
{
"category": "StorageDelete",
"enabled": true
}
],
"metrics": [
{
"category": "Transaction",
"enabled": true
}
]
}
}
]
}
}
}
]
}
normesta
on 9 Jul 2020
Thanks @normesta, this worked:
"type": "Microsoft.Storage/storageAccounts/blobServices/providers/diagnosticsettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('storageAccountName'),'/default/Microsoft.Insights/', parameters('settingName'))]",
Related issues
Agazoth
·
3Comments
paulmarshall
·
3Comments
spottedmahn
·
3Comments
JeffLoo-ong
·
3Comments
DeepPuddles
·
3Comments
Most helpful comment
Have there been any updates regarding this? @Adam-Smith-MSFT
We have come across the same question. I had a look at the generated automation script after configuring the diagnostic logs manually, hoping that I can use this as a reference on how to solve this, and found that these settings are not included in the script. In fact none of the diagnostic log settings for our resources are included in the automated script.
Can you please give me some pointers on how to configure diagnostic logs for storage accounts in ARM templates?
Thanks!