Configuration and Discovery

Download this manual as a PDF file

This section describes how to configure Azure component devices in ELK stacks for monitoring by SL1 using the "ELK: Azure Activity LogPowerPack.

Prerequisites for Monitoring Azure ELK Stacks

To configure SL1 to monitor Azure component devices in ELK stacks using the "ELK: Azure Activity LogPowerPack, you must first:

  1. Install the "Microsoft: Azure" PowerPack.
  2. Create a virtual device in SL1 to represent your Azure service.
  3. Discover Azure component devices by manually aligning the "Microsoft: Azure Account Discovery" Dynamic Application to the virtual device.
  4. Ensure that your Azure Activity Log is properly configured for all read/write events.

For more information about the "Microsoft: AzurePowerPack, including how to install the PowerPack and discover Azure devices, see the section on Monitoring Microsoft Azure. 

Creating an Azure ELK Credential

To use the Dynamic Applications in the "ELK: Azure Activity LogPowerPack, you must first define a credential in SL1. This credential enables the Dynamic Applications in the "ELK: Azure Activity LogPowerPack to monitor your Azure component devices in ELK stacks. The PowerPack includes a sample Basic/Snippet credential that you can use as a template.

To create a Basic/Snippet credential:

  1. Go to the Credentials page (Manage > Credentials).
  2. Locate the "ELK: Azure Example" credential, then click its Actions icon () and select Duplicate from the drop-down field. The ""ELK: Azure Example copy" credential appears.
  3. Click the Action icon () for the "ELK: Azure Example copy" credential, then select Edit. The Edit Credential page appears.

    4. Edit the ELK: Azure Activity Log Basic/Snippet credential

  4. Enter values in the following fields:
  • Name. Enter a new name for the credential. This field is required.
  • All Organizations. Toggle on (blue) to align the credential to all organizations, or toggle off (gray) and then select one or more specific organizations from the Select the organizations the credential belongs to drop-down field to align the credential with those specific organizations.
  • Timeout. Enter the time, in milliseconds, after which SL1 will stop trying to communicate with the ELK: Azure Activity Log device. The default value is 5000. This field is required.
  • Hostname/IP. Enter the ELK: Azure Activity Log url.
  • Port. Type "9200".
  • Username. Enter the username associated with the ELK: Azure Activity Log administrator account.
  • Password. Enter the password associated with the ELK: Azure Activity Log administrator account.
  1. Click Save & Close.

Creating an Azure Elk Credential in the SL1 Classic User Interface

To use the Dynamic Applications in the "ELK: Azure Activity LogPowerPack in the classic user interface, you must first define a credential in SL1. This credential enables the Dynamic Applications in the "ELK: Azure Activity LogPowerPack to monitor your Azure component devices in ELK stacks. The PowerPack includes a sample Basic/Snippet credential that you can use as a template.

To define an Azure ELK credential in the classic user interface:

  1. Go to the Credential Management page (System > Manage > Credentials).
  2. Click the wrench icon () for the ELK: Azure Example credential. The Credential Editor modal page appears.
  3. Enter values in the following fields:
  • Credential Name. Type a new name for your Azure ELK credential.
  • Hostname/IP. Type the IP address or hostname for the Logstash server that collects data for the Azure components in your ELK stack.
  • Port. Type "9200".
  • Timeout(ms). Type a timeout value, in milliseconds.
  • Username. Type the username of a user with access to the Azure Logstash server.
  • Password. Type the password associated with the Username.

    If the Logstash server that collects data for your Azure components is not password-protected, you must still enter values in the Username and Password fields, as they are required fields. However, in this scenario, the values you enter do not matter.

  1. Click the Save As button, and then click OK.

Discovering ELK Azure Devices

To monitor your ELK: Azure Activity Log system, you must run a discovery session to discover the server on which ELK: Azure Activity Log is installed.

To create and run a discovery session that will discover an ELK: Azure Activity Log appliance:

  1. Go to the Devices page () or the Discovery Sessions page (Devices > Discovery Sessions) and click the Add Devices button.
  2. Click the Unguided Network Discovery Workflow button. Additional information about that requirements for discovery appears in the General Information pane to the right.

    3. RabbitMQ Unguided Network Discovery Workflow

  3. Click Select. The three-step wizard appears starting with the Step 1 Basic Information tab.
  4. Complete the following fields:
  • Discovery Session Name. Type a unique name for this discovery session. This name is displayed in the list of discovery sessions on the Discovery Sessions tab.
  • Description.Optional. Type a short description of the discovery session. You can use the text in this description to search for the discovery session on the Discovery Sessions tab.
  • Select the organization to add discovered devices to. Select the name of the organization to which you want to add the discovered devices.
  1. Click Next. The Step 2 Credential Selection tab of the wizard appears.
  2. On the Credential Selection tab, locate and select the Basic/Snippet credential you created for ELK: Azure Activity Log appliances.
  3. Click Next. The Step 3 Discovery Session Details tab of the wizard appears.
  4. Complete the following fields:
  • List of IP/Hostnames. Type the IP address for the ELK: Azure Activity Log appliance.
  • Which collector will discover these devices?. Required. Select an existing collector to monitor the discovered devices.
  • Run after save. Toggle on (blue) to run this discovery session as soon as you save the session.
  • Advanced options. Click the down arrow () to complete the following fields:
    • Discover Non-SNMP. Toggle on (blue) to enable this setting.
    • Model Devices. Toggle on (blue) to enable this setting.
    • Select Device Template. If you configured an ELK: Azure Activity Log device template, select it here. Otherwise, leave the default selection.
  1. If you enabled the Run after save option, click the Save and Run button. The discovery session will run and the Discovery Logs page will display any relevant log messages. If the discovery session locates and adds any devices, the Discovery Logs page will include a link to the Device Investigator page for the discovered device.
  2. If you did not enable the Run after save option, click the Save and Close button. The Discovery Sessions page (Devices > Discovery Sessions) will display the new discovery session.

Aligning the Azure ELK Dynamic Applications

To monitor your Azure component devices in ELK stacks, you must manually align the "ELK: Azure Alignment" Dynamic Application with the Azure virtual device. When you do so, the remaining Dynamic Applications from the "ELK: Azure Activity LogPowerPack automatically align to the appropriate Azure component devices.

To manually align the "ELK: Azure Alignment" Dynamic Application to your virtual device:

  1. Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic SL1 user interface).
  2. Locate your Azure virtual device and click its wrench icon ().
  3. In the Device Administration panel, click the Collections tab. The Dynamic Application Collections page appears.
  4. Click the Actions button, and then select Add Dynamic Application from the menu.
  5. In the Dynamic Application Alignment modal page, select ELK: Azure Alignment in the Dynamic Applications field.
  6. In the Credentials field, select the credential you created for your Azure ELK components.
  7. Click Save.

By default, the "ELK: Azure Alignment" Dynamic Application begins collecting data after 60 minutes. If you want to begin collecting data immediately, click the lightning bolt icon () for the "ELK: Azure Alignment" Dynamic Application on the Dynamic Application Collections page.

When you align the "ELK: Azure Alignment" Dynamic Application to the Azure root device, SL1 then aligns the following Dynamic Application from the "ELK: Azure Activity LogPowerPack to the appropriate component devices:

  • ELK: Azure Activity Log
  • ELK: Azure Activity Logs Vm Stats

To view the data collected by the "ELK: Azure Activity Log" Dynamic Application, navigate to the Journal View page (Devices > Classic Devices > graph icon > Journals, Registry > Devices > Device Manager > graph icon > Journals in the classic SL1 user interface) and click ELK: Azure Activity Log on the left menu.

To view the data collected by the "ELK: Azure Activity Logs Vm Stats" Dynamic Application, navigate to the Device Performance page (Devices > Classic Devices > bar-graph icon > Performance, or Registry > Devices > Device Manager > bar-graph icon > Performance in the classic SL1 user interface) and click ELK: Azure Activity Logs Vm Stats on the left menu.