Configuration and Discovery

Download this manual as a PDF file

The following sections describe how to configure Azure component devices in ELK stacks for monitoring by SL1 using the ELK: Azure Activity Log PowerPack:

Prerequisites for Monitoring Azure ELK Stacks

To configure SL1 to monitor Azure component devices in ELK stacks using the ELK: Azure Activity Log PowerPack, you must first:

  1. Install the Microsoft: AzurePowerPack.
  2. Create a virtual device in SL1 to represent your Azure service.
  3. Discover Azure component devices by manually aligning the "Microsoft: Azure Account Discovery" Dynamic Application to the virtual device.
  4. Ensure that your Azure Activity Log is properly configured for all read/write events.

For more information about the Microsoft: Azure PowerPack, including how to install the PowerPack and discover Azure devices, see the section on Monitoring Microsoft Azure. 

Creating an Azure ELK Credential

To use the Dynamic Applications in the ELK: Azure Activity Log PowerPack, you must first define a credential in SL1. This credential enables the Dynamic Applications in the ELK: Azure Activity Log PowerPack to monitor your Azure component devices in ELK stacks. The PowerPack includes a sample Basic/Snippet credential (ELK: Azure Example) that you can use as a template.

To define an Azure ELK credential:

  1. Go to the Credential Management page (System > Manage > Credentials).

  1. Click the wrench icon () for the ELK: Azure Example credential. The Credential Editor modal page appears.

  1. Enter values in the following fields:
  • Credential Name. Type a new name for your Azure ELK credential.

  • Hostname/IP. Type the IP address or hostname for the Logstash server that collects data for the Azure components in your ELK stack.
  • Port. Type "9200".
  • Timeout(ms). Type a timeout value, in milliseconds.
  • Username. Type the username of a user with access to the Azure Logstash server.
  • Password. Type the password associated with the Username.

If the Logstash server that collects data for your Azure components is not password-protected, you must still enter values in the Username and Password fields, as they are required fields. However, in this scenario, the values you enter do not matter.

  1. Click the Save As button, and then click OK.

Aligning the Azure ELK Dynamic Applications

To monitor your Azure component devices in ELK stacks, you must manually align the "ELK: Azure Alignment" Dynamic Application with the Azure virtual device. When you do so, the remaining Dynamic Applications from the ELK: Azure Activity Log PowerPack automatically align to the appropriate Azure component devices.

To manually align the "ELK: Azure Alignment" Dynamic Application to your virtual device:

  1. Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic SL1 user interface).
  2. Locate your Azure virtual device and click its wrench icon ().
  3. In the Device Administration panel, click the Collections tab. The Dynamic Application Collections page appears.
  1. Click the Actions button, and then select Add Dynamic Application from the menu.
  2. In the Dynamic Application Alignment modal page, select ELK: Azure Alignment in the Dynamic Applications field.
  3. In the Credentials field, select the credential you created for your Azure ELK components.
  1. Click Save.

By default, the "ELK: Azure Alignment" Dynamic Application begins collecting data after 60 minutes. If you want to begin collecting data immediately, click the lightning bolt icon () for the "ELK: Azure Alignment" Dynamic Application on the Dynamic Application Collections page.

When you align the "ELK: Azure Alignment" Dynamic Application to the Azure root device, SL1 then aligns the following Dynamic Application from the ELK: Azure Activity Log PowerPack to the appropriate component devices:

  • ELK: Azure Activity Log
  • ELK: Azure Activity Logs Vm Stats

To view the data collected by the "ELK: Azure Activity Log" Dynamic Application, navigate to the Journal View page (Devices > Classic Devices > graph icon > Journals, Registry > Devices > Device Manager > graph icon > Journals in the classic SL1 user interface) and click ELK: Azure Activity Log on the left menu.

To view the data collected by the "ELK: Azure Activity Logs Vm Stats" Dynamic Application, navigate to the Device Performance page (Devices > Classic Devices > bar-graph icon > Performance, or Registry > Devices > Device Manager > bar-graph icon > Performance in the classic SL1 user interface) and click ELK: Azure Activity Logs Vm Stats on the left menu: