Follow this guide to start ingesting data remotely from Azure Monitor.
This guide focuses on infrastructure monitoring of Azure services, specifically the monitoring of Azure cloud services via Azure Monitor. See What's next for Full-Stack and Log Monitoring of your Azure services.
Note: Alternatively, you can configure your Dynatrace SaaS environment using Azure Marketplace.
After you established the initial monitoring, you can add, remove, or modify service monitoring using the Dynatrace web UI or, at scale, with the Dynatrace API.
The infrastructure monitoring of Azure services provides metrics from Azure Monitor and infrastructure data available via public Azure API. The data is collected in five-minute intervals.
Cost of monitoring
Factors that contribute to the cost of monitoring Azure with Dynatrace via Azure Monitor:
Each service monitored by Dynatrace through Azure Monitor, as well as log processing and analysis, causes the consumption of Davis data units.
Microsoft may charge you extra for Azure Monitor metric queries if you exceed 1 million API calls monthly. For the details on these additional costs, please consult Microsoft online documentation.
Monitoring prerequisites
There are three prerequisites for Azure monitoring setup:
Dynatrace admin permissions
ActiveGate capable of Azure monitoring
Azure roles and permissions
Dynatrace admin permissions
To manage Azure monitoring configuration, you need the Change monitoring settings permission in Dynatrace. See Users groups, permissions and policies for details on how to manage and set permissions.
ActiveGate capable of Azure monitoring
To monitor Azure services, Dynatrace needs to connect to the Azure Monitor API and query it every 5 minutes. At least one ActiveGate needs to be able to connect to Azure Monitor to perform the monitoring tasks.
To check for the existence of a suitable ActiveGate
In the Dynatrace menu, go to Deployment status and select the ActiveGates tab.
Set a filter for With modules: Azure.
If the resulting list is empty, you need to add at least one ActiveGate with the cloud monitoring module enabled
If the list is not empty, you are ready to activate Azure monitoring
To add an ActiveGate that is capable of cloud monitoring, follow the ActiveGate installation guide and resume this guide when done.
Azure roles and permissions
Note: To perform these steps, you need to have Azure admin privileges.
Azure monitoring is performed remotely via Azure Monitor APIs that are created and exposed by Microsoft. Dynatrace needs to be able to access these APIs, so you need to configure Azure to allow for such access. You need the following:
Sufficient permissions to register an application with your Azure AD tenant and assign the application to a role in your Azure subscription
For Dynatrace to monitor your services, you need at least reader permissions. The steps below describe adding the service principal reader permissions and refer to a common, single-tenant access approach. Note: Dynatrace integration for Azure supports Azure Lighthouse, which allows Dynatrace to have multi-tenant access to Azure.
Run the following command to list all the subscriptions so you can select the one for which you want to add permissions.
bash
az account list --output table
Copy the following command and edit it to replace the placeholders with actual values as described below.
bash
az ad sp create-for-rbac --name <YourServicePrincipalName> --role <YourCustomRole> --scopes /subscriptions/<YourSubscriptionID1> /subscriptions/<YourSubscriptionID2> --query "{ClientID:appId,TenantID:tenant,SecretKey:password}"
Replace the placeholders (<...>) with your values:
<YourServicePrincipalName> - the name of the service principal that will be created for Dynatrace to access Azure
<YourCustomRole> - the name of the role you have created for Dynatrace
<YourSubscriptionID1>, <YourSubscriptionID2> - names of subscriptions listed in the previous step (subscriptions that you want Dynatrace to have access to)
Run the edited command.
Copy the credentials that are output from the command and save them for later.
To create a service principal in Azure Portal, you must register your application in the Azure Active Directory and grant access permissions for your service principal.
To register your application
Go to the Azure Management Portal and select Azure Active Directory.
You can create, activate, and manage multiple monitoring connections. Each connection is defined by the credentials and/or access tokens required for Dynatrace to be able to pull in the data, as well as the actual scope of monitoring.
Allowing for multiple connections and configurations makes it possible to monitor even extremely complex environments. With such an approach, you don't need to configure everything at once. Instead, you can gradually add monitoring configurations to your existing setup. Such an architecture also makes it easy to react to the dynamic changes of the monitored environment, without the need to reconfigure the unaffected elements.
Add a new Azure connection
Azure services monitored by default
Other Azure services
Add a new Azure connection
If you have followed all of the previous steps, you are ready to configure Azure monitoring.
To add a new Azure connection
In the Dynatrace menu, go to Settings and select Cloud and virtualization > Azure. The Azure page lists Azure connections already configured.
Note: If you haven't provided an ActiveGate required for Azure monitoring (check Prerequisites for details), the respective information will be provided on the screen and you will not be able to continue with the configuration process.
You can go back and change the already configured connections at a later time.
In the Dynatrace menu, go to Settings and select Cloud and virtualization > Azure. The page lists existing connections.
Edit connections as needed.
To edit an existing connection or the monitored services within, select Edit in that row.
To delete an existing connection, select Delete in that row.
Select Connect new instance and complete the configuration fields.
Connection ID—type a descriptive name for the connection.
Client ID and Tenant ID—enter the values obtained when creating the Azure service principal.
Note: If you created the Azure service principal in PowerShell, set Client ID to the ApplicationId value.
Secret Key—obtained when creating the Azure service principal.
You can limit the data captured from the Azure Monitor by defining a tag-based filter of specific resources.
You can choose to monitor resources based on existing Azure tags, as Dynatrace automatically imports them from service instances.
To monitor resources based on tags
In the Dynatrace menu, go to Settings and select Cloud and virtualization > Azure.
On the Azure overview page, select the Edit icon for the Azure instance.
Set Resources to be monitored to Monitor resources selected by tags.
Enter key/value pairs to identify resources to exclude from monitoring or include in monitoring.
You can enter multiple key/value pairs: each time you enter a pair, another empty row is displayed for you to edit as needed.
Select Save to save your configuration.
Note: To import the Azure tags automatically into Dynatrace, turn on Capture Azure tags automatically.
Optionally, you can turn off automatic tag import. If turned on, resource tags will be imported, but resource group tags will not be imported.
Select Connect to add the connection information to the list of Azure connections.
Azure services monitored by default
After Dynatrace connects to your Azure environment, it immediately starts monitoring Azure's built-in services for the service principal you have defined. Default Azure metrics lists the metrics of Azure cloud services monitored by default.
Monitor other Azure services
In addition to Azure cloud services that are monitored by default, it is also possible to monitor all other Azure cloud services. Azure cloud services are enabled for monitoring per Azure connection.
To add a service to monitoring
In the Dynatrace menu, go to Settings and select Cloud and virtualization > Azure.
On the Azure overview page, find the connection that you want to change and select Edit in that row.
Under Services, select Manage services.
Select Add service.
Select a service name from the list.
Select Add service.
Select the service from the list and then select Add service.
Select Save changes to save your configuration.
Note: You can add multiple cloud services by repeating the steps above.
To see the complete list of Azure cloud services and learn about the metrics collected for each of them, see Azure cloud services.
Alternatively, you can check the list of supported Azure services on Dynatrace Hub or within the in-product Hub: in the Dynatrace menu, go to Dynatrace Hub and search for Azure.
Set up monitoring notifications with Azure Alerts. This enables you to apply alerts and automatically transform them into events that are leveraged by the Davis® AI causation engine for deeper insights.