Azure Application Insights Integration

edit

Azure Application Insights Integration

edit

Version

1.7.0 (View all)

Compatible Kibana version(s)

8.13.0 or higher

Supported Serverless project types
What’s this?

Security
Observability

Subscription level
What’s this?

Basic

The Application Insights Integration allows users to retrieve application insights metrics from specified applications.

Integration level configuration options
edit
Application ID
([]string) ID of the application. This is Application ID from the API Access settings blade in the Azure portal.
Api Key
([]string) The API key which will be generated, more on the steps here https://dev.applicationinsights.io/documentation/Authorization/API-key-and-App-ID.
Configuration options
edit
Metrics
List of different metrics to collect information
id
([]string) IDs of the metrics that’s being reported. Usually, the id is descriptive enough to help identify what’s measured. Default metrics include a curated selection of requests counters, performance, and service availability. The list of options can be found here https://docs.microsoft.com/en-us/rest/api/application-insights/metrics/get#metricid
interval
(string) The time interval to use when retrieving metric values. This is an ISO8601 duration. If interval is omitted, the metric value is aggregated across the entire timespan. If interval is supplied, the result may adjust the interval to a more appropriate size based on the timespan used for the query.
aggregation
([]string) The aggregation to use when computing the metric values. To retrieve more than one aggregation at a time, separate them with a comma. If no aggregation is specified, then the default aggregation for the metric is used.
segment
([]string) The name of the dimension to segment the metric values by. This dimension must be applicable to the metric you are retrieving. In this case, the metric data will be segmented in the order the dimensions are listed in the parameter.
top
(int) The number of segments to return. This value is only valid when segment is specified.
order_by
(string) The aggregation function and direction to sort the segments by. This value is only valid when segment is specified.
filter
(string) An expression used to filter the results. This value should be a valid OData filter expression where the keys of each clause should be applicable dimensions for the metric you are retrieving.

Example configuration:

 - id: ["requests/count", "requests/failed"]
   segment: "request/name"
   aggregation: ["sum"]

Additional notes about metrics and costs

edit

Costs: Metric queries are charged based on the number of standard API calls. More information on pricing here https://azure.microsoft.com/en-us/pricing/details/monitor/.

Example

An example event for app_insights looks as following:

{
    "@timestamp": "2021-08-23T14:37:42.268Z",
    "agent": {
        "ephemeral_id": "4162d5df-ab00-4c1b-b4f3-7db2e3b599d4",
        "hostname": "docker-fleet-agent",
        "id": "d979a8cf-ddeb-458f-9019-389414e0ab47",
        "name": "docker-fleet-agent",
        "type": "metricbeat",
        "version": "7.15.0"
    },
    "azure": {
        "app_insights": {
            "end_date": "2021-08-23T14:37:42.268Z",
            "start_date": "2021-08-23T14:32:42.268Z"
        },
        "application_id": "42cb59a9-d5be-400b-a5c4-69b0a0026ac6",
        "dimensions": {
            "request_name": "GET Home/Index",
            "request_url_host": "demoappobs.azurewebsites.net"
        },
        "metrics": {
            "requests_count": {
                "sum": 4
            }
        }
    },
    "cloud": {
        "provider": "azure"
    },
    "data_stream": {
        "dataset": "azure.app_insights",
        "namespace": "default",
        "type": "metrics"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "d979a8cf-ddeb-458f-9019-389414e0ab47",
        "snapshot": true,
        "version": "7.15.0"
    },
    "event": {
        "agent_id_status": "verified",
        "dataset": "azure.app_insights",
        "duration": 503187300,
        "ingested": "2021-08-23T14:37:41Z",
        "module": "azure"
    },
    "host": {
        "architecture": "x86_64",
        "containerized": true,
        "hostname": "docker-fleet-agent",
        "id": "1642d255f9a32fc6926cddf21bb0d5d3",
        "ip": [
            "192.168.96.7"
        ],
        "mac": [
            "02-42-AC-1F-00-07"
        ],
        "name": "docker-fleet-agent",
        "os": {
            "codename": "Core",
            "family": "redhat",
            "kernel": "4.19.128-microsoft-standard",
            "name": "CentOS Linux",
            "platform": "centos",
            "type": "linux",
            "version": "7 (Core)"
        }
    },
    "metricset": {
        "name": "app_insights",
        "period": 300000
    },
    "service": {
        "type": "azure"
    }
}

Changelog

edit
Changelog
Version Details Kibana version(s)

1.7.0

Enhancement (View pull request)
Add processor support for app_insights and app_state data streams.

8.13.0 or higher

1.6.0

Enhancement (View pull request)
ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.5.0

Enhancement (View pull request)
Add global filter for dashboards to improve performance.

8.12.0 or higher

1.4.0

Enhancement (View pull request)
Enable secret for the sensitive fields.

8.12.0 or higher

1.3.0

Enhancement (View pull request)
Enable time series data for metrics data streams. This dramatically reduces storage for metrics and is expected to progressively improve query [performance](https://www.elastic.co/blog/70-percent-storage-savings-for-metrics-with-elastic-observability). For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.12.0 or higher

1.2.3

Bug fix (View pull request)
Rename the app insights dimensions fingerprint field to prevent it from being nested within azure.dimensions.

8.9.0 or higher

1.2.2

Enhancement (View pull request)
Migrate App State Overview dashboard visualizations to lens.

8.9.0 or higher

1.2.1

Enhancement (View pull request)
Add dimension and metric_type mappings to the app_state datastream

8.9.0 or higher

1.2.0

Enhancement (View pull request)
Update the package format_version to 3.0.0.

8.9.0 or higher

1.1.0

Enhancement (View pull request)
Add app_insights dimensions and metric_type for metrics field.

8.9.0 or higher

1.0.6

Enhancement (View pull request)
Fix mappings of tags and dimensions

7.14.0 or higher
8.0.0 or higher

1.0.5

Enhancement (View pull request)
Added categories and/or subcategories.

7.14.0 or higher
8.0.0 or higher

1.0.4

Bug fix (View pull request)
Fix misspelled field name in the app_state data stream.

7.14.0 or higher
8.0.0 or higher

1.0.3

Enhancement (View pull request)
Updated Readme

7.14.0 or higher
8.0.0 or higher

1.0.2

Enhancement (View pull request)
Add documentation for multi-fields

1.0.1

Enhancement (View pull request)
Remove beta release tag from data streams

7.14.0 or higher
8.0.0 or higher

1.0.0

Enhancement (View pull request)
Move azure_application_insights package to GA

7.14.0 or higher
8.0.0 or higher

0.3.1

Enhancement (View pull request)
Update to ECS 8.0

0.3.0

Enhancement (View pull request)
Support Kibana 8.0

0.2.1

Enhancement (View pull request)
Uniform with guidelines

0.2.0

Enhancement (View pull request)
Update to ECS 1.12.0

0.1.0

Enhancement (View pull request)
initial release