In this article I take a quick look at setting up some monitoring for an in-house developed application. Service Manager Scribe is a custom email ingestion service for our Microsoft Service Manager based helpdesk. There are several ways in which you could potentially instrument your application. However, one of the simplest options is simply to write to the Windows event log. Then you simply collect this log data in Azure Log Analytics.
Check the data formats
To be able to maximise the usefulness of the data, check the formatting of the log data at source. For example, our application uses its own custom event log, so it is easier to target the collection of the data. The application is also written such that different IDs are used to differentiate events. For example, when Scribe adds an update to a Service Manager incident, or when it resolves an incident. The format of the messages in the log is also significant, to enable custom fields pulled from the message body. In this example, the Service Manager Incident Reference (IR number.) Scribe also logs an event on a recurring basis every 30 seconds, which is useful as the basis for a heartbeat when we set up a monitor for application health.
Then collect the log data
Next, we use Azure Log Analytics to collect this log data. Having OMS workspace, at free or higher tier is a prerequisite. As is the Microsoft Monitoring Agent which is installed on the server hosting the application and registered with the workspace. The workspace is then configured to collect events from our custom event log.
After a short time, we verify that events are being collected by performing a simple query in the Log Analytics Log Search. At this point I also set up extraction of the Incident Reference (IR) numbers from the events as a custom field so we could leverage these in our insights.
Then we use Azure Log Analytics to create queries to generate insights
With collection in place, we start thinking about what kind of insights we want to tease out of the data. A simple example would be counts of each event type over a given time period – for example, the number of incident updates in a day and in a week. Another useful secondary insight is a count of updates by IR number to see which incidents have had the most activity in day. The Log Analytics advanced query editor was used to design the queries for each of these insights.
And finally we create a dashboard
Finally, using the Log Analytics View Designer, we are able to create a custom tile for our Service Manager Scribe insights that we pin to our Azure Dashboard. Clicking through this tile allows us to see further insights into our application.
The Scribe service now performs an important business function, ingesting emails from customers and updating support incidents, and as such we need to be alerted if it stops functioning. One way we do this is with Azure Monitor, further leveraging the log collection we have set up here in Log Analytics. In this case, we use the alert capability of Azure Monitor to send an email alert when no instances of the heartbeat message are collected within a 15 minute time period.
And there we have it. Really useful tools within Azure that you too can use to monitor your custom apps.
How can Silversands help?
Silversands has a wealth of Microsoft experience and expertise. If you would like to learn more about Azure Log Analytics and Azure Monitor and how Silversands can support you, please get in touch by completing the contact form. We also post regular blogs about topical IT issues so please do follow us.