WEBVTT 0:00:03.440000 --> 0:00:08.620000 Hi, in this video, we're going to take a look at resource diagnostics. 0:00:08.620000 --> 0:00:12.060000 And what we're going to cover, we'll start out with an overview of some 0:00:12.060000 --> 0:00:16.980000 of the tools that are available within the Azure environment for diagnostics. 0:00:16.980000 --> 0:00:21.440000 And then we're going to jump directly in to some demonstration. 0:00:21.440000 --> 0:00:25.320000 I'm going to show you how to configure diagnostics for a variety of resources. 0:00:25.320000 --> 0:00:29.540000 And we'll also take a look at where we can view some of this diagnostic 0:00:29.540000 --> 0:00:35.460000 data. So let's go ahead and jump right in talking about some of the tools 0:00:35.460000 --> 0:00:36.720000 that are available. 0:00:36.720000 --> 0:00:40.020000 Now, first of all, there's some built -in diagnostics that are available 0:00:40.020000 --> 0:00:44.660000 for most of the resources in Azure. 0:00:44.660000 --> 0:00:47.320000 For all resources, you have the activity log. 0:00:47.320000 --> 0:00:50.980000 And that goes from the subscription through the resource group down to 0:00:50.980000 --> 0:00:52.700000 individual resources. 0:00:52.700000 --> 0:00:59.240000 The activity log by and large is recording control plane activity. 0:00:59.240000 --> 0:01:04.080000 So things that are interacting with the resources as Azure resources. 0:01:04.080000 --> 0:01:08.320000 So you are provisioning a storage account or you're updating the keys 0:01:08.320000 --> 0:01:12.460000 in a storage account or you are shutting down a virtual machine, all of 0:01:12.460000 --> 0:01:14.480000 these things that have to do with controlling the resource. 0:01:14.480000 --> 0:01:18.080000 But don't typically go down below into the data play. 0:01:18.080000 --> 0:01:22.400000 You also have performance and there are often two levels of performance. 0:01:22.400000 --> 0:01:26.200000 Sometimes you've got built-in performance, which might give you very bare 0:01:26.200000 --> 0:01:27.580000 minimum performance counters. 0:01:27.580000 --> 0:01:32.780000 And then you may have additional performance capabilities if you enable 0:01:32.780000 --> 0:01:35.720000 certain features or add extensions. 0:01:35.720000 --> 0:01:39.920000 Now, there are in addition to kind of the standard generic diagnostic 0:01:39.920000 --> 0:01:45.340000 tools. There are diagnostic tools specific to different specific types 0:01:45.340000 --> 0:01:49.960000 of resources. So for example, we have listed here your storage accounts 0:01:49.960000 --> 0:01:56.280000 have their own diagnostic settings, your app services, so web services, 0:01:56.280000 --> 0:01:58.100000 API services, etc. 0:01:58.100000 --> 0:02:01.640000 They have their own settings as do virtual machines. 0:02:01.640000 --> 0:02:05.040000 And those resource specific ones, we're going to actually take a look 0:02:05.040000 --> 0:02:08.640000 at each one of those in demonstration to show you how you can go about 0:02:08.640000 --> 0:02:09.400000 setting those up. 0:02:09.400000 --> 0:02:13.640000 Now, another tool that you absolutely want to become familiar with when 0:02:13.640000 --> 0:02:17.520000 it comes to diagnostics is Azure Monitor. 0:02:17.520000 --> 0:02:21.640000 Azure Monitor is a tool that's built into the portal and it's really a 0:02:21.640000 --> 0:02:28.260000 centralized space, a centralized dashboard for monitoring all the diagnostics 0:02:28.260000 --> 0:02:30.660000 across your entire subscription. 0:02:30.660000 --> 0:02:35.200000 In fact, you can even have multiple subscriptions that you are monitoring 0:02:35.200000 --> 0:02:37.340000 through that tool simultaneously. 0:02:37.340000 --> 0:02:40.780000 And you can see it's got things like diagnostics where I can determine 0:02:40.780000 --> 0:02:44.000000 what diagnostic settings I want for what resources. 0:02:44.000000 --> 0:02:46.280000 You've got the activity log. 0:02:46.280000 --> 0:02:49.000000 Now, that's the same activity log that's built in for each resource, but 0:02:49.000000 --> 0:02:52.840000 it's showing you really all the way from the subscription level down to 0:02:52.840000 --> 0:02:54.260000 the individual resource level. 0:02:54.260000 --> 0:02:57.620000 You've got advanced performance capabilities where I can look not only 0:02:57.620000 --> 0:03:01.240000 at the performance of a resource, but I can actually look at the performance 0:03:01.240000 --> 0:03:03.740000 of multiple resources in a single graph. 0:03:03.740000 --> 0:03:06.620000 And it also ties into log analytics. 0:03:06.620000 --> 0:03:08.940000 Log analytics is this really cool. 0:03:08.940000 --> 0:03:10.660000 Yes, that's a technical term. 0:03:10.660000 --> 0:03:15.260000 A really cool analytics tool that we're going to cover in other videos, 0:03:15.260000 --> 0:03:19.380000 but it's definitely something that you want to get a hold of. 0:03:19.380000 --> 0:03:22.160000 So those are really the basic concepts. 0:03:22.160000 --> 0:03:24.800000 Now, let's take a look at some demonstrations. 0:03:24.800000 --> 0:03:28.140000 We're going to start out just looking at different ways of configuring 0:03:28.140000 --> 0:03:30.400000 diagnostics for some of our different resources. 0:03:30.400000 --> 0:03:34.320000 I'm actually going to start out with what you might call the one offs. 0:03:34.320000 --> 0:03:38.020000 So some resources that have their own unique configuration. 0:03:38.020000 --> 0:03:39.320000 I'm going to take a look at a virtual machine. 0:03:39.320000 --> 0:03:43.700000 We're going to take a look at a web app and also take a look at a storage 0:03:43.700000 --> 0:03:49.420000 account. Then I'm going to set the diagnostics for a public IP address, 0:03:49.420000 --> 0:03:53.080000 not that I think it's critically important to know how to set diagnostics 0:03:53.080000 --> 0:04:00.860000 for a public IP, but that has a more standard interface and process for 0:04:00.860000 --> 0:04:02.940000 configuring and viewing diagnostic data. 0:04:02.940000 --> 0:04:04.320000 So we'll take a look at that. 0:04:04.320000 --> 0:04:11.020000 All right. And so without further ado, let's jump right into this. 0:04:11.020000 --> 0:04:15.540000 I have a resource group that I've already created and I have a number 0:04:15.540000 --> 0:04:18.020000 of resources and I've got this sorted by type. 0:04:18.020000 --> 0:04:20.220000 So you can see I've got the app service. 0:04:20.220000 --> 0:04:22.360000 I've got a couple of virtual machines. 0:04:22.360000 --> 0:04:27.860000 I've got a couple network interfaces, et cetera, virtual network and many 0:04:27.860000 --> 0:04:30.680000 more. And I'm going to jump right in and take a look at the diagnostic 0:04:30.680000 --> 0:04:32.900000 settings for virtual machines. 0:04:32.900000 --> 0:04:37.140000 Now, first of all, when I go into the virtual machine diagnostic settings 0:04:37.140000 --> 0:04:41.020000 right away or not even to the diagnostic settings, this is actually just 0:04:41.020000 --> 0:04:45.260000 the overview page of the blade in the portal. 0:04:45.260000 --> 0:04:46.660000 You'll notice I've got these charts. 0:04:46.660000 --> 0:04:49.560000 I've got CPU. I've got network. 0:04:49.560000 --> 0:04:51.880000 I've got disk. A couple of different disks. 0:04:51.880000 --> 0:04:55.980000 And I'm just seeing these charts of performance and I could actually pen 0:04:55.980000 --> 0:05:00.020000 these to the current dashboard. 0:05:00.020000 --> 0:05:03.960000 I can dive down into these and really expand those out. 0:05:03.960000 --> 0:05:05.180000 We'll get to that in a bit. 0:05:05.180000 --> 0:05:07.660000 But that's right on the overview page. 0:05:07.660000 --> 0:05:12.680000 Now, I want to show you where you can go to set up some diagnostics. 0:05:12.680000 --> 0:05:16.500000 First of all, I'm going to go to the diagnostic settings page. 0:05:16.500000 --> 0:05:19.800000 Now, right now, this is showing me all of the diagnostics that have been 0:05:19.800000 --> 0:05:21.520000 set up for this machine. 0:05:21.520000 --> 0:05:25.420000 And I should let you know that the reason why I'm collecting all these 0:05:25.420000 --> 0:05:29.020000 is because when I provision this virtual machine, I checked an option 0:05:29.020000 --> 0:05:32.920000 to install the diagnostics extension. 0:05:32.920000 --> 0:05:37.720000 All right. All of these diagnostics come from an extension that gets installed 0:05:37.720000 --> 0:05:39.820000 onto the virtual machine. 0:05:39.820000 --> 0:05:43.060000 And I can go and I've got some coverage of this or some configuration 0:05:43.060000 --> 0:05:44.520000 of this. Excuse me. 0:05:44.520000 --> 0:05:48.820000 Here's my performance counters and I can choose the broad categories of 0:05:48.820000 --> 0:05:49.480000 performance counters. 0:05:49.480000 --> 0:05:53.740000 So let's say I know I'm going to run ASP net on this and I want to add 0:05:53.740000 --> 0:05:56.800000 that. Notice also the sample rate. 0:05:56.800000 --> 0:06:01.520000 By default, it's taking a performance counter every 60 seconds and say 0:06:01.520000 --> 0:06:06.540000 I was really, it's really critical to me to see the ASP net. 0:06:06.540000 --> 0:06:09.000000 And so I could select that. 0:06:09.000000 --> 0:06:14.020000 And I can go over to logs and I've got the same kind of thing. 0:06:14.020000 --> 0:06:17.080000 I can see my application security and system logs. 0:06:17.080000 --> 0:06:24.460000 And by the way, I can go to custom and I can get much more detailed collection 0:06:24.460000 --> 0:06:31.420000 information. So I could go in and put event logs that I wanted to monitor 0:06:31.420000 --> 0:06:33.760000 and put that information in. 0:06:33.760000 --> 0:06:35.740000 All right. And so here's the rest of what you can see. 0:06:35.740000 --> 0:06:37.440000 Application security system. 0:06:37.440000 --> 0:06:42.680000 Also notice that I've got IIS logs. 0:06:42.680000 --> 0:06:45.700000 So if I'm running IIS, I've actually got two options for that. 0:06:45.700000 --> 0:06:48.240000 I asked logs and fail request logs. 0:06:48.240000 --> 0:06:52.700000 I also have dot net application log tracing, which is in there by default 0:06:52.700000 --> 0:06:54.160000 or excuse me, it's not in there. 0:06:54.160000 --> 0:06:55.600000 It's disabled by default. 0:06:55.600000 --> 0:07:00.560000 I have event tracing for Windows, which is disabled by default as well. 0:07:00.560000 --> 0:07:02.800000 Let's go ahead and take a quick look. 0:07:02.800000 --> 0:07:07.500000 If I were to enable that, then I would have to set up event sources, which 0:07:07.500000 --> 0:07:09.480000 I don't feel like doing right now. 0:07:09.480000 --> 0:07:14.520000 So we won't. But if you do have to work with your event logs, you can 0:07:14.520000 --> 0:07:17.460000 see where that would be useful. 0:07:17.460000 --> 0:07:19.960000 I'm going to discard those changes. 0:07:19.960000 --> 0:07:22.160000 It's interesting. 0:07:22.160000 --> 0:07:24.840000 I'm up here, crash dumps. 0:07:24.840000 --> 0:07:26.720000 I can enable crash dumps. 0:07:26.720000 --> 0:07:28.680000 Now the sinks, that looks cool. 0:07:28.680000 --> 0:07:33.480000 That's just send your diagnostic data to other services. 0:07:33.480000 --> 0:07:38.460000 Right now, your diagnostic data for a virtual machine goes to a storage 0:07:38.460000 --> 0:07:43.320000 account. And you can choose the configuration of that storage account. 0:07:43.320000 --> 0:07:45.400000 All right. And so that's basic diagnostics. 0:07:45.400000 --> 0:07:49.900000 Now, in addition to basic diagnostics, you also have boot diagnostics. 0:07:49.900000 --> 0:07:54.060000 And right now I'm showing boot diagnostics, but that is because I am capturing 0:07:54.060000 --> 0:07:55.700000 boot diagnostics. 0:07:55.700000 --> 0:07:58.280000 Boot diagnostics configuration is pretty simple. 0:07:58.280000 --> 0:08:00.120000 Either you're capturing it or you're not. 0:08:00.120000 --> 0:08:03.120000 And if you are capturing it, it needs to go into a storage account. 0:08:03.120000 --> 0:08:07.600000 And that is one thing, again, a little bit unique about the virtual machine 0:08:07.600000 --> 0:08:11.420000 is that if you are capturing diagnostic data, it is going into a storage 0:08:11.420000 --> 0:08:15.760000 account. And pretty simple. 0:08:15.760000 --> 0:08:23.000000 All right. Now, let's take a look at setting up diagnostics for a web 0:08:23.000000 --> 0:08:26.660000 app. Going to a web app. 0:08:26.660000 --> 0:08:29.580000 And there's actually two levels of this. 0:08:29.580000 --> 0:08:32.060000 One is to use application insights, which I'm not going to go through 0:08:32.060000 --> 0:08:43.740000 in this video. The other is to down here and under app service logs, I 0:08:43.740000 --> 0:08:50.420000 can define the way I want my web app to to log diagnostic data. 0:08:50.420000 --> 0:08:51.420000 And there's a couple. 0:08:51.420000 --> 0:08:55.080000 There's there's two different levels of diagnostic data. 0:08:55.080000 --> 0:08:58.740000 There's application logging and there's server level logging. 0:08:58.740000 --> 0:09:04.340000 So the application would be really your code and the code framework that 0:09:04.340000 --> 0:09:05.700000 we have up here. 0:09:05.700000 --> 0:09:09.040000 And the web server would be whatever is hosting it. 0:09:09.040000 --> 0:09:11.360000 I should note that this is going to be a little bit different, depending 0:09:11.360000 --> 0:09:16.080000 on whether you're in Windows or Linux as your host environment. 0:09:16.080000 --> 0:09:19.860000 But I have the ability for an application logging to choose either or 0:09:19.860000 --> 0:09:23.460000 both of file system and blob, but choose file system. 0:09:23.460000 --> 0:09:29.000000 That's going to write log files onto the host file system of the instances 0:09:29.000000 --> 0:09:31.800000 that are running my web app. 0:09:31.800000 --> 0:09:35.980000 Now, the web app can run across multiple instances and kind of a little 0:09:35.980000 --> 0:09:37.080000 bit aside to point here. 0:09:37.080000 --> 0:09:39.340000 It's pretty cool the way that they do this. 0:09:39.340000 --> 0:09:42.920000 There's a shared storage space across the instances and all the logging 0:09:42.920000 --> 0:09:44.440000 goes into that shared storage space. 0:09:44.440000 --> 0:09:47.220000 So it doesn't matter what machine is doing the logging. 0:09:47.220000 --> 0:09:49.260000 It's all in one place. 0:09:49.260000 --> 0:09:53.460000 I can set the level only, but that error actually will set that to warning. 0:09:53.460000 --> 0:09:58.200000 And I can also log to blob storage. 0:09:58.200000 --> 0:10:03.640000 And I can set the error, the application, error level that I want. 0:10:03.640000 --> 0:10:10.480000 And I can go to blob storage and find there we go. 0:10:10.480000 --> 0:10:15.660000 3509 diagnostics and I'm going to add a container. 0:10:15.660000 --> 0:10:28.040000 Web app. All right, I'm pushing my diagnostics there and I'm going to 0:10:28.040000 --> 0:10:30.700000 save them for 365 days. 0:10:30.700000 --> 0:10:35.620000 Then the web server is in either or, whereas with the application, I can 0:10:35.620000 --> 0:10:38.680000 choose both the web server, either I'm going to storage or I'm going to 0:10:38.680000 --> 0:10:45.320000 file system. So I choose file system, except the retention days. 0:10:45.320000 --> 0:10:47.380000 And detailed error messages. 0:10:47.380000 --> 0:10:51.380000 So do I want detailed server error messages and failed request tracing? 0:10:51.380000 --> 0:10:55.240000 Failed request tracing is that a request actually comes to the server, 0:10:55.240000 --> 0:10:58.180000 but there's no way the server can figure out what to do with it. 0:10:58.180000 --> 0:11:03.480000 All right, and those are my diagnostic settings on a web app. 0:11:03.480000 --> 0:11:07.260000 Again, different than a virtual machine and really different than anything 0:11:07.260000 --> 0:11:13.520000 else. Last, well, last of the outliers, the one offs, if you will, but 0:11:13.520000 --> 0:11:15.820000 not last of everything is storage. 0:11:15.820000 --> 0:11:18.660000 So I've got this storage account. 0:11:18.660000 --> 0:11:22.400000 And I'm going to go and set up diagnostics for the storage account. 0:11:22.400000 --> 0:11:26.260000 Now, the diagnostic settings, you'll notice it says classic. 0:11:26.260000 --> 0:11:31.080000 That has been that way for over a year now. 0:11:31.080000 --> 0:11:34.460000 Eventually that will, anytime you see something like that, it'll go away, 0:11:34.460000 --> 0:11:40.540000 but I haven't really seen any kind of particular specifics about when 0:11:40.540000 --> 0:11:42.180000 or how it's going away. 0:11:42.180000 --> 0:11:46.940000 All right, now, underneath of the diagnostics for a storage account, there's 0:11:46.940000 --> 0:11:49.020000 really two ways to divide this out. 0:11:49.020000 --> 0:11:51.960000 One is by type of logging. 0:11:51.960000 --> 0:11:56.140000 I've got metric logging and I've got action logging. 0:11:56.140000 --> 0:11:59.340000 Okay, so metric logging by default is enabled at the hour. 0:11:59.340000 --> 0:12:01.960000 I can also enable it at the minute. 0:12:01.960000 --> 0:12:04.740000 And you can see what those settings are. 0:12:04.740000 --> 0:12:08.900000 And logging, I've got version one dot, oh, and two dot, oh, just have 0:12:08.900000 --> 0:12:12.060000 different data. And you can log actual activity. 0:12:12.060000 --> 0:12:14.320000 So I'm saying, okay, I want to log, read, write and delete. 0:12:14.320000 --> 0:12:18.340000 I want to keep all this for seven days. 0:12:18.340000 --> 0:12:22.920000 Now file properties, I've got the metrics, but you don't have the detailed 0:12:22.920000 --> 0:12:31.120000 logging. And then table and queue are structurally the same as blob. 0:12:31.120000 --> 0:12:37.400000 Easy enough, although there's the versioning for blob and queue, not for 0:12:37.400000 --> 0:12:40.760000 table. All right, and I can also, of course, turn all of this off. 0:12:40.760000 --> 0:12:42.500000 I'm going to go ahead and save that. 0:12:42.500000 --> 0:12:50.520000 And that is configuration for the diagnostic logging itself for a storage 0:12:50.520000 --> 0:12:54.680000 account. Now let's take a look at, we're going to shift off of those one 0:12:54.680000 --> 0:12:58.520000 offs. And I'm going to pull up, I mentioned a public IP address. 0:12:58.520000 --> 0:13:02.620000 It doesn't really matter what resource, what I'm going to show you is 0:13:02.620000 --> 0:13:06.200000 going to be pretty much the same across resources. 0:13:06.200000 --> 0:13:13.100000 If I go to diagnostic settings, I have this, it's going to look like I 0:13:13.100000 --> 0:13:15.780000 don't have any diagnostic settings for this. 0:13:15.780000 --> 0:13:18.280000 It'll take a moment to come up. 0:13:18.280000 --> 0:13:29.000000 So this comes up and it tells me that there are no diagnostic settings 0:13:29.000000 --> 0:13:32.260000 defined. And what I'm about to show you, on the one hand, there's a couple 0:13:32.260000 --> 0:13:36.680000 things that are specific to the public IP address, but by and large, these 0:13:36.680000 --> 0:13:42.600000 are pretty standard, settings for most of your resources. 0:13:42.600000 --> 0:13:46.380000 And what I do is I go in, I say, okay, I'm going to give this a name, 0:13:46.380000 --> 0:13:50.080000 and we're going to just say pip, diag. 0:13:50.080000 --> 0:13:55.900000 And I've got three options for where I'm going to store the diagnostic 0:13:55.900000 --> 0:13:59.580000 output. I can archive it to a storage account, I can stream it to event 0:13:59.580000 --> 0:14:02.880000 hub, or send it to log analytics. 0:14:02.880000 --> 0:14:05.880000 To keep things a little bit simple, I'm just going to archive it to a 0:14:05.880000 --> 0:14:06.920000 storage account. 0:14:06.920000 --> 0:14:11.560000 Now I would have to pick the storage account. 0:14:11.560000 --> 0:14:16.580000 And okay. And then if I had an event hub, I could stream it there, and 0:14:16.580000 --> 0:14:19.240000 I could also send it to log analytics. 0:14:19.240000 --> 0:14:27.000000 Then I'm going to define the logs and the metrics that I want to capture 0:14:27.000000 --> 0:14:31.820000 for this particular public IP address. 0:14:31.820000 --> 0:14:36.640000 And I go ahead and save that. 0:14:36.640000 --> 0:14:41.900000 And those diagnostic settings are the same diagnostic settings that I 0:14:41.900000 --> 0:14:45.780000 would have, as I said, on most of my resources. 0:14:45.780000 --> 0:14:50.400000 The only real difference when you go from one resource to another is the 0:14:50.400000 --> 0:14:54.220000 actual logs and metrics that you're collecting. 0:14:54.220000 --> 0:14:57.920000 That may change, but what you log into in the process you go through to 0:14:57.920000 --> 0:15:00.780000 get there really is not. 0:15:00.780000 --> 0:15:08.520000 Now if I go back to my virtual machine, you'll notice in addition to diagnostic 0:15:08.520000 --> 0:15:11.060000 settings, I also have logs. 0:15:11.060000 --> 0:15:16.180000 Now if I had chosen to write this out to a log analytics, what this would 0:15:16.180000 --> 0:15:23.720000 do is it would allow me to jump in and run queries against this public 0:15:23.720000 --> 0:15:27.720000 IP address to see what has been captured, or possibly add what are called 0:15:27.720000 --> 0:15:34.580000 solutions into my log analytics to see what's going on. 0:15:34.580000 --> 0:15:38.160000 Now I can also potentially say activity logs. 0:15:38.160000 --> 0:15:41.340000 None of this of course is coming through from this public IP address because 0:15:41.340000 --> 0:15:45.360000 I'm not writing that data to log analytics. 0:15:45.360000 --> 0:15:48.740000 Now I'm going to jump over for one last thing and we'll take a look at 0:15:48.740000 --> 0:15:52.500000 Azure Monitor. Now I'm not going to go deep into monitor because we will 0:15:52.500000 --> 0:15:56.260000 look at this again, but it's got some pretty cool things. 0:15:56.260000 --> 0:16:03.880000 If I go over to monitor, I can go to diagnostic settings in monitor. 0:16:03.880000 --> 0:16:11.500000 And what I will see is I will see all of the resources that I can directly 0:16:11.500000 --> 0:16:15.480000 set monitoring diagnostic settings for. 0:16:15.480000 --> 0:16:19.580000 You'll notice for example that I've got public IP addresses in here, but 0:16:19.580000 --> 0:16:22.840000 I don't have my virtual machines. 0:16:22.840000 --> 0:16:32.680000 And so I could go directly from here and add diagnostic settings, even 0:16:32.680000 --> 0:16:36.860000 though that's slightly contradictory there. 0:16:36.860000 --> 0:16:43.800000 And I could send this to an existing log analytics workspace and find 0:16:43.800000 --> 0:16:45.180000 what data I want to send. 0:16:45.180000 --> 0:16:48.240000 So I can do this directly from this monitor. 0:16:48.240000 --> 0:16:52.320000 It gives me this centralized interface for setting up diagnostics. 0:16:52.320000 --> 0:16:56.060000 The other thing that I can do through monitors, I can actually view my 0:16:56.060000 --> 0:17:01.360000 diagnostics. Anywhere as I mentioned from activity log, if I go up here, 0:17:01.360000 --> 0:17:06.720000 I can see that here is pretty much everything, including some problems 0:17:06.720000 --> 0:17:10.480000 returning storage account SaaS tokens that I'll have to look into. 0:17:10.480000 --> 0:17:15.180000 And you can go in see subscriptions, time span, I can change the time 0:17:15.180000 --> 0:17:22.780000 span. And event severity, et cetera. 0:17:22.780000 --> 0:17:26.720000 Let's take a look at this error. 0:17:26.720000 --> 0:17:34.660000 So this is telling me that a SaaS token, so storage account SaaS token 0:17:34.660000 --> 0:17:37.700000 for event grid could not be found. 0:17:37.700000 --> 0:17:42.200000 So I must have any event grid registration that I was using for another 0:17:42.200000 --> 0:17:44.460000 demonstration that I forgot to delete. 0:17:44.460000 --> 0:17:47.060000 So I could then trace that out. 0:17:47.060000 --> 0:17:52.460000 Let's just go to event grid subscriptions. 0:17:52.460000 --> 0:17:54.940000 It might be topics. 0:17:54.940000 --> 0:17:57.200000 So I don't have any subscriptions. 0:17:57.200000 --> 0:17:59.860000 Maybe I would find topics. 0:17:59.860000 --> 0:18:04.380000 And it's telling me I don't have any topics either. 0:18:04.380000 --> 0:18:06.400000 So I'll have to go back and find that. 0:18:06.400000 --> 0:18:08.300000 But that's the idea. 0:18:08.300000 --> 0:18:12.780000 Is that first step of seeing that something's actually wrong, that I can 0:18:12.780000 --> 0:18:14.720000 find from that activity log. 0:18:14.720000 --> 0:18:16.400000 And I can also then filter it. 0:18:16.400000 --> 0:18:25.340000 Metrics, metrics allows me to build my own metrics graph. 0:18:25.340000 --> 0:18:29.440000 So let's say for example, I'm going to see what's in 3509 diagnostics. 0:18:29.440000 --> 0:18:36.100000 And here are the resources that I should be able to run diagnostics on. 0:18:36.100000 --> 0:18:41.320000 So here for example is my storage account. 0:18:41.320000 --> 0:18:45.540000 And here are the diagnostic options. 0:18:45.540000 --> 0:18:47.620000 So let's say ingress. 0:18:47.620000 --> 0:18:53.300000 One of the things I recommend that you do, while you're looking through 0:18:53.300000 --> 0:18:56.640000 and you absolutely need to look through the monitoring options, is just 0:18:56.640000 --> 0:19:02.220000 select some different types of resources and look at the metrics that 0:19:02.220000 --> 0:19:07.500000 are available, particularly your common resources such as a storage account. 0:19:07.500000 --> 0:19:09.420000 So this will take a moment to come up and what it does. 0:19:09.420000 --> 0:19:16.560000 We'll just see what my ingress metrics are. 0:19:16.560000 --> 0:19:21.020000 And so I get this graph, which is a little bit skewed over here, but I 0:19:21.020000 --> 0:19:24.380000 can go in and say, you know what, I don't want the last 24 hours. 0:19:24.380000 --> 0:19:27.760000 Hopefully this demo hasn't taken more than 30 minutes. 0:19:27.760000 --> 0:19:28.740000 We'll pop in there. 0:19:28.740000 --> 0:19:30.980000 And in fact, looks like it has. 0:19:30.980000 --> 0:19:33.700000 So let's go last hour. 0:19:33.700000 --> 0:19:37.280000 My editor is going to hate this. 0:19:37.280000 --> 0:19:39.720000 It's going to have a lot of work to do. 0:19:39.720000 --> 0:19:45.380000 All right. And so you can see I'm getting a little more reading here as 0:19:45.380000 --> 0:19:47.600000 far as what's happening. 0:19:47.600000 --> 0:19:51.180000 Fortunately, I remembered that I haven't been demoing this long. 0:19:51.180000 --> 0:19:53.080000 I did start this up earlier. 0:19:53.080000 --> 0:19:57.180000 So may not be recording for an hour, but you get the idea. 0:19:57.180000 --> 0:19:58.940000 And I can see what's going on. 0:19:58.940000 --> 0:20:02.380000 And as I move through the graph, it's actually giving me what the value 0:20:02.380000 --> 0:20:03.980000 is at any given point. 0:20:03.980000 --> 0:20:06.620000 So lots of cool things that I can do. 0:20:06.620000 --> 0:20:08.500000 The activity log the metrics. 0:20:08.500000 --> 0:20:14.180000 I can also, again, this is viewing logs out of your log analytics, which 0:20:14.180000 --> 0:20:17.300000 is a topic for another video. 0:20:17.300000 --> 0:20:22.500000 All right. But to wrap all this up, we've got this ability to log diagnostic 0:20:22.500000 --> 0:20:28.780000 data. And we have some diagnostic settings that are fairly standard, or 0:20:28.780000 --> 0:20:30.040000 that are standard. 0:20:30.040000 --> 0:20:33.340000 So when we looked at the public IP address, for example, we saw the way 0:20:33.340000 --> 0:20:37.900000 that you set up diagnostics for that, that you can write to storage, you 0:20:37.900000 --> 0:20:41.020000 can write to event hub, or you can write to log analytics. 0:20:41.020000 --> 0:20:44.160000 That capability is available in most resources. 0:20:44.160000 --> 0:20:47.760000 I say most because that is something that has literally been evolving 0:20:47.760000 --> 0:20:53.520000 over the last few months, actively, while I've been working with that. 0:20:53.520000 --> 0:20:56.400000 And it's something that by the time you watch this video, it may well 0:20:56.400000 --> 0:21:01.560000 be universal. But then you also have those one-off diagnostic configurations. 0:21:01.560000 --> 0:21:06.040000 So virtual machine configuration, storage account configuration, service 0:21:06.040000 --> 0:21:10.900000 app configuration, and you see how those are, have their own thing. 0:21:10.900000 --> 0:21:12.040000 And it's a little bit different. 0:21:12.040000 --> 0:21:15.160000 But it's really pretty straightforward to set up diagnostics. 0:21:15.160000 --> 0:21:18.980000 And to view diagnostics, you have some diagnostic capabilities through 0:21:18.980000 --> 0:21:21.160000 a resource blade directly. 0:21:21.160000 --> 0:21:25.180000 But you'll have much more through the Azure Monitor blade in the Azure