Introduction

Download this manual as a PDF file

This section describes how to monitor Microsoft Azure component devices that are part of an Elasticsearch, Logstash, and Kibana (ELK) stack in SL1 using the "ELK: Azure Activity LogPowerPack.

The "ELK: Azure Activity LogPowerPack is meant to be used in conjunction with the "Microsoft: Azure" PowerPack. For more information about the "Microsoft: AzurePowerPack, including how to install the PowerPack and discover Azure devices, see Monitoring Microsoft Azure.

What is an Azure ELK Stack?

An ELK stack is a centralized log management platform consisting of three open-source products:

  • Elasticsearch, a storage solution with search and indexing capabilities
  • Logstash, a server-side data collection engine
  • Kibana, a web user interface used for visualizing stored data

In an ELK stack, Logstash collects data, Elasticsearch indexes and stores the data, and Kibana visually presents the data in a user-friendly manner.

You can install an ELK stack on a Microsoft Azure instance to collect, store, and visualize data about that instance.

What Does the ELK: Azure Activity Log PowerPack Monitor?

The "ELK: Azure Activity LogPowerPack includes the following features:

  • A sample credential that you can use to create Basic/Snippet credentials to monitor Azure component devices in ELK stacks
  • Dynamic Applications that align to Azure component devices in ELK stacks and then monitor Azure Activity Logs and state changes on Azure virtual machines
  • An event policy that notifies users when the ELK Dynamic Applications have aligned to Azure components
  • Run book policies and actions that align the ELK Dynamic Applications to Azure components and update the alignment status on the ScienceLogic Data Collector or All-In-One Appliance

Installing the ELK: Azure Activity Log PowerPack

Before completing the steps in this section, you must import and install the latest version of the "ELK: Azure Activity LogPowerPack.

By default, installing a new version of a PowerPack overwrites all content from a previous version of that PowerPack that has already been installed on the target system. You can use the Enable Selective PowerPack Field Protection setting in the Behavior Settings page (System > Settings > Behavior) to prevent new PowerPacks from overwriting local changes for some commonly customized fields. For more information, see the section on Global Settings.

For details on upgrading SL1, see the relevant SL1 Platform Release Notes.

To download and install the PowerPack:

  1. Search for and download the PowerPack from the PowerPacks page (Product Downloads > PowerPacksSyncPacks) at the ScienceLogic Support Site.
  2. In SL1, go to the PowerPacks page (System > Manage > PowerPacks).
  3. Click the Actions button and choose Import PowerPack. The Import PowerPack dialog box appears.
  4. Click [Browse] and navigate to the PowerPack file from step 1.
  5. Select the PowerPack file and click Import. The PowerPack Installer modal displays a list of the PowerPack contents.
  6. Click Install. The PowerPack is added to the PowerPacks page.

If you exit the PowerPack Installer modal without installing the imported PowerPack, the imported PowerPack will not appear in the PowerPacks page. However, the imported PowerPack will appear in the Imported PowerPacks modal. This page appears when you click the Actions menu and select Install PowerPack.