Set up integration with Azure Monitor

In addition to monitoring your Azure workloads using OneAgent, Dynatrace provides integration with Azure Monitor which adds infrastructure monitoring to gain insight even into serverless application scenarios.

The integration uses Azure Monitor metrics for service insights, as well as Azure Resource Manager (ARM) to gather metadata.

Cloud-service monitoring consumption

Beginning in early 2021, all cloud services will consume Davis Data Units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs). For DDU consumption estimates per service instance (recommended metrics only, predefined dimensions, and assumed dimension values), see DDU consumption estimates for per cloud service instance.

Prerequisites

  • Sufficient permissions to register an application with your Azure AD tenant, and assign the application to a role in your Azure Subscription.
  • An Azure service principal to access Azure APIs.
  • ActiveGate version 1.161+ (GA).
  • See the Dynatrace release notes for the latest enhancements and capabilities. We recommend that you keep your versions up to date.

Create an Azure service principal

To create a service principal, you must register your application in the Azure Active Directory.

Note: Dynatrace integration for Azure supports Azure Lighthouse, which allows Dynatrace to have multi-tenant access to Azure.

The instructions below refer to a common single-tenant access approach.

  1. Go to the Azure Management Portal and select Azure Active Directory.
  2. Select App registrations in the navigation pane of the selected Active Directory.
  3. Select New application registration at the top of the App registrations blade, and type the name of your application.
  4. Select Register.
  5. Copy the Application (client) ID, and save it for future retrieval. This ID is required to configure Dynatrace to connect to your Azure account.
  6. Select Certificates & secrets > New client secret to create a new security key.
  7. Type a key description and select a key duration in the Expires list.
  8. Select Add to save the new key, which displays the key value in the Value field. Copy the value and save it for future retrieval (along with your Client ID).

Important: This is your only chance to copy this value. You can't retrieve the key value after you leave the Key blade.

Grant access permissions for your service principal

You need at least reader permissions for Dynatrace to monitor your services.

Grant access to an Azure subscription

  1. On Azure Portal, select All services > General > Subscriptions.
  2. In the Subscriptions blade, enter your subscription.
  3. Select Access control (IAM) in the subscription navigation pane.
  4. Select Add and enter the Reader role.
  5. In the Select field, paste the description name or application (client) ID obtained when creating the Azure service principal.
  6. Select the application and Save to grant the service principal access to your subscription.

Configure Dynatrace to connect to your Azure environment

To connect Dynatrace to your Azure environment, you have to provide an Azure service principal, which Dynatrace uses to access Azure APIs to capture telemetry and metadata.

  1. In the desired Dynatrace environment, click Settings > Cloud and virtualization > Azure.

  2. Type a descriptive name for the connection.

  3. Enter the Client ID and Tenant ID obtained when creating the Azure service principal.

  4. Enter the Secret Key obtained when creating the Azure service principal.

    Connect Dynatrace to Azure

  5. Optional If there are services for which you want to capture service metrics from the Azure Monitor metrics API, you need to define a tag-based filter for those specific services.

  1. Optional Turn off automatic tag import. If turned on, resource tags are imported (resource group tags aren't imported).

  2. Select Connect to add the connection information to the list of Azure connections. You can edit connection information at any time.

Note: The integration accesses the following Azure API endpoints, so they need to be available from your environment:

  • https://management.azure.com/
  • https://login.microsoftonline.com/

After you have configured Dynatrace to connect to your Azure environment, Dynatrace immediately starts investigating the subscriptions and deployed services accessible for the service principal and starts monitoring them.

Set up monitoring notifications with Azure Alerts

After setting up Azure Monitor integration, you can start setting up monitoring notifications with Azure Alerts.

Azure Alerts is a unified notification hub for all types of important conditions found in Azure monitoring data. The integration of Azure Alerts enables you to consume alerts, which are automatically transformed into events that are leveraged by Davis AI for deeper insights.

To set up monitoring notifications with Azure Alerts you need to do the following steps.

1. Create an API token

To generate an API token

  1. Go to Settings > Integration > Dynatrace API and select Generate token.
  2. Enter a name for your token.
  3. Enable the Data ingest, e.g.: metrics and events permission.
  4. Select Generate.

Note: You can assign multiple permissions to a single token, or you can generate several tokens, each with different access levels, and use them accordingly. Check your organization's security policies for best practices.

2. Configure one or more designated ActiveGates

Note: The ActiveGate designated to consume Azure Alerts doesn't have to be the same ActiveGate that runs the Azure Monitor integration.

To configure a designated ActiveGate to consume Azure Alerts

  1. Configure a valid TLS certificate (not a self-signed certificate) for the ActiveGate to communicate via HTTPS. For details, see how to configure custom SSL certificate for an ActiveGate.

  2. Add the following lines to your ActiveGate custom.properties file and restart the ActiveGate after applying the configuration.

[azure_monitoring]
event_servlet = true
  1. Give access to ActiveGate for Azure Alerts source IP addresses.
    For more details, see source IP address ranges in Azure documentation.

3. Configure Azure Alerts via webhook

Azure Alerts consumed via webhooks are configured in your Azure Alert Rules. The alerts are mapped to the closest known matching entity. This means that they either map to their related Azure resource entity or, as a fallback, to the Azure subscription of the resource.

To configure Azure Alerts via webhook

  1. In Azure Portal, go to Home > Monitor > Manage actions.
  2. Go to Actions > Action type and select Webhook.
  3. Give a name to the action.
  4. For the URI field, enter https://<YOUR_ACTIVEGATE_ADDRESS>:9999/modules/azure_monitoring/alerts_webhook?token=<YOUR_API_TOKEN>.
    Note: Be sure to replace <YOUR_ACTIVEGATE_ADDRESS> and <YOUR_API_TOKEN> with your own values.
  5. For Enable the common alert schema, select No.

For more information, see Webhook rules in Azure documentation.

Azure Alert types

The following alert types are supported.

Metric alerts

Metric alerts are complementary to Dynatrace integration of Azure Monitor metrics.

Metric alerts enable you to retrieve metric-based events without the need to push the metrics to Dynatrace. This is helpful in reducing API and network pressure, especially in cases where you might not need the metric (for example, for charting purposes).

The event type is defined based on alert Severity:

  • Sev-0 (Critical): ERROR_EVENT
  • Sev-1 (Error): PERFORMANCE_EVENT
  • Sev-2 (Warning): RESOURCE_CONTENTION_EVENT
  • Default (Informational): CUSTOM_ANNOTATION

Activity alerts

Dynatrace supports three types of activity notifications.

Activity Log Resource Health

The event type is defined based on severity Level:

  • Critical: AVAILABILITY_EVENT
  • Error: AVAILABILITY_EVENT
  • Default: CUSTOM_ANNOTATION

See Configure resource health alerts using Azure portal in Azure documentation for more information.

Activity Log Service Health

The event type is defined based on IncidentType:

  • ActionRequired: ERROR_EVENT
  • Incident or Security + Error: ERROR_EVENT
  • Default: CUSTOM_ANNOTATION

See Create activity log alerts on service notifications using the Azure portal in Azure documentation for more information.

Activity Log Administrative

  • Default: CUSTOM_ANNOTATION

Set up metric events for alerting

To configure metric events for alerting, in Dynatrace go to Settings > Cloud and virtualization > Azure > Metric events for alerting > Manage alerting rules. On the Metric events for alerting page you can create, enable/disable, and configure recommended alerting rules.
For an overview of all recommended alerting rules for all supporting services, see the list below.

The number of recommended alerting rules depends on the number of your monitored supporting services.
To add recommended alerting rules for a new supporting service, you first need to add the new service to monitoring.

Note that not all supporting services have their own predefined alerting rules.

  1. Create and enable alerting rules.
    To enable recommended alerting rules, you first need to create them. You can create alerting rules and automatically enable them, or (if you clear Automatically enable created rules) create them and manually enable them after possible configuration changes.

create-alerting-rules For example, you can create and automatically enable a first batch of alerts. When you start monitoring new services, you can create alerts for these new services without automatically enabling them (because you want to configure them first).

  1. Configure alerting rules.
    How you edit rules depends on whether you chose to automatically enable alerts.
  • If you chose to automatically enable alerts when creating them, go to Adjust recommended alerting rules, expand Enabled recommended alerting rules, and select any rule. This takes you to Edit custom event for alerting, where you can change the configuration rules for that specific service.
    conf-alerts2
  • If you didn't choose to automatically enable alerts when creating them, go to Enable recommended alerting rules, expand Disabled recommended alerting rules, and select any of the disabled rules. This takes you to the same Edit custom event for alerting page.
    enable-rules
  1. Disable alerting rules.
    You can disable all alerting rules, or disable or delete them selectively. custom-alerts
  • To disable all alerting rules, go to Adjust recommended alerting rules and select Disable all enabled recommended alerting rules.
  • To disable or delete alerting rules selectively, go to Adjust recommended alerting rules and select Custom events for alerting. On the Custom events for alerting page, you can disable an alert by turning it off in the On/Off column, or you can delete it by selecting x in the Delete column. custom-events

Note: If you disable any or all of the alerting rules, you can always re-enable them. enable-rules

Estimate Azure consumption for metric queries from Azure Monitor

The table below shows the number of metrics captured for your Azure Services supported through the integration of Dynatrace with Azure Monitor.

Azure service Monitoring entity Additional dimensions Number of metrics
Load balancer1 Load balancer
Load balanced Virtual Machine
7
5
Application Gateway Application Gateway
Application Gateway - Backend Pool
Application Gateway - HTTP Status Group
2
4
1
Cosmos DB Cosmos DB Azure region, Database name, Collection name 11
Event-Hub Event-Hub
Event-Hub Namespace
13
3
IOT-Hub IOTHub 25
Redis Cache Redis Cache 13
ServiceBus ServiceBus Namespace
ServiceBus Queue
ServiceBus Topic
13
10
11
Azure SQL Azure SQL Database
Azure SQL ElasticPool
15
12
Azure Storage account Azure Storage account
Azure Storage account
Type (blob, table, etc.), Tier
 
3
8
Virtual Machine Virtual Machine 7
Virtual Machine Scale Sets Virtual Machine Scale Sets 7
Azure AppServices Azure AppService AppService Plan instances 14
Azure Functions Azure Functions AppService Plan instances2 12

1Only standard tier exposes load balancer metrics via Azure Monitor metrics API. 2Functions based on consumption plan measure as one instance.

Metrics queries

The query interval is 5 minutes with a resolution of 1 minute. Azure Resource Manager might throttle API requests, which will increase the interval to 10 or 15 minutes. For more details on request limits, see Throttling Resource Manager requests.