Elastic integration with Azure FAQ

General

What is Elastic in Azure?

Elastic in Azure is a set of managed services that deliver search, log analytics, and security monitoring functions for Azure environments. Microsoft and Elastic developed these services and manage them together. The three services are:

• Elastic Cloud (Elasticsearch): A managed Elasticsearch service for storing, searching, and analyzing structured and unstructured data.
• Elastic Observability: Collects and analyzes telemetry data (logs, metrics, traces) to monitor the performance and health of applications and infrastructure.
• Elastic Security: Collects and analyzes security-related data to support threat detection, investigation, and response across Azure resources.

How do I subscribe to Elastic?

You can subscribe to Elastic through Azure Marketplace. Choose from three offerings:

• ElasticCloud (Elasticsearch)
• Elastic Observability
• Elastic Security

You can also subscribe directly from the Azure portal when creating a new Elastic resource.

What are the differences between Serverless and Cloud Hosted deployment options?

Elastic resources are available as Serverless and Cloud Hosted:

• Serverless: Usage-based scaling with automatic infrastructure management. Available for Elastic Search, Elastic Observability, and Elastic Security.
• Cloud Hosted: Dedicated, managed clusters with configurable versions and sizes. Provides more control over deployment specifications.

For more information, see Compare Elastic Cloud Hosted and Serverless.

Where can I learn more about Elastic integration with Azure?

For more help using the Elastic service, see the Elastic documentation for Azure integration.

Authentication and access

Is single sign-on (SSO) supported?

Yes. The ability to automatically navigate between the Azure portal and Elastic Cloud is enabled by using single sign-on (SSO). This option is automatically enabled and turned on for all Azure users.

What permissions do I need to create an Elastic resource?

You must have Owner or Contributor access on the Azure subscription to create an Elastic resource. If you're unable to create a resource, confirm that you have the appropriate access.

Monitoring and logs

Can I send Azure logs and metrics to Elastic?

Yes. You can configure resources to send metrics and logs to Elastic during resource creation or afterward. Select Send subscription activity logs and Send Azure resource logs for all defined sources in the Logs & metrics tab. You can reconfigure these settings anytime by selecting Elastic deployment configuration > Logs & metrics in the Azure portal.

Why are my logs not being emitted to Elastic?

Common reasons include:

• Only resources listed in Azure Monitor resource log categories emit logs to Elastic.
• The resource doesn't support sending logs. Only resource types with monitoring log categories can be configured.
• The resource reached the limit of five diagnostic settings.
• A delete lock is applied to the resource or resource group, preventing diagnostic setting cleanup.
• Export of metrics data isn't currently supported by partner solutions under Azure Monitor diagnostic settings.

Can I monitor multiple Azure subscriptions with one Elastic resource?

Yes. To monitor multiple subscriptions:

1. Select Elastic deployment configuration > Monitored Subscriptions.
2. Select Add subscriptions from the command bar.
3. Select the subscriptions you want to monitor and select Add.

You must have Owner role assigned to the subscriptions you want to add.

How do I monitor Azure virtual machines with Elastic agents?

You can install Elastic agents on virtual machines by selecting Elastic deployment configuration > Virtual machines in the service menu, then following the installation instructions.

Integration and configuration

Can I integrate Azure OpenAI with Elastic?

Yes. You can configure Azure OpenAI integration:

1. Select Elastic deployment configuration > Azure OpenAI configuration.
2. Select Add from the command bar.
3. Select your preferred Azure OpenAI Resource and Azure OpenAI Deployment.
4. Select Create.

After the connector is created, navigate to Kibana. Your connector can be used in Elastic's Observability AI Assistant. Currently, Elastic resources support only deployments of text or chat completion models, like GPT-4.

What are traffic filters and how do I use them?

Traffic filters allow you to control network access to your Elastic deployment. To create a traffic filter:

1. Select Elastic deployment configuration > Traffic Filter.
2. Enter a name for the filter.
3. Select a Filter Type.
4. Select Create.

The traffic filter must be in the same region as the deployment. If a traffic filter is no longer needed, unlink it from deployment and then delete it.

Billing and resources

How is Elastic billed in Azure?

A single Azure Marketplace SaaS unifies billing for multiple Elastic deployments.

How do I delete an Elastic resource?

To delete all linked Elastic deployments and serverless projects created from the Azure portal and the Elastic console, follow the standard Azure resource deletion process. If you wish to completely stop billing for the marketplace SaaS, delete all linked Elastic deployments created from the Azure portal or Elastic portal.

Can I view all my connected Elastic resources in one place?

Yes. To access all Elastic resources and deployments you created using the Azure or Elastic portal, go to the Connected Elastic Resources tab in any of your Azure Elastic resources. You can easily manage the corresponding Elastic deployments or Azure resources using the links, provided you have owner or contributor rights.

Troubleshooting

What should I do if I encounter marketplace purchase errors?

Common marketplace purchase errors and their resolutions are documented in the troubleshooting guide. Verify your subscription permissions and ensure you have the necessary access to complete the purchase.

How can I suggest a new feature for Elastic integration with Azure?

Select the Suggest a feature link at the top of the resource overview page in the Azure portal. This link takes you to the Developer community forum where you can suggest new features, view, upvote, or comment on feature suggestions from other customers.

Where can I get more support?

For more help:

• Review the Elastic documentation for Azure integration.
• Check the troubleshooting guide for common issues and solutions.
• Contact support through the Azure portal or Elastic support channels.

Elastic in Azure is a set of managed services that deliver search, log analytics, and security monitoring functions for Azure environments. Microsoft and Elastic developed these services and manage them together. The three services are:

• Elastic Cloud (Elasticsearch): A managed Elasticsearch service for storing, searching, and analyzing structured and unstructured data.
• Elastic Observability: Collects and analyzes telemetry data (logs, metrics, traces) to monitor the performance and health of applications and infrastructure.
• Elastic Security: Collects and analyzes security-related data to support threat detection, investigation, and response across Azure resources.

You can subscribe to Elastic through Azure Marketplace. Choose from three offerings:

• ElasticCloud (Elasticsearch)
• Elastic Observability
• Elastic Security

You can also subscribe directly from the Azure portal when creating a new Elastic resource.

Elastic resources are available as Serverless and Cloud Hosted:

• Serverless: Usage-based scaling with automatic infrastructure management. Available for Elastic Search, Elastic Observability, and Elastic Security.
• Cloud Hosted: Dedicated, managed clusters with configurable versions and sizes. Provides more control over deployment specifications.

For more information, see Compare Elastic Cloud Hosted and Serverless.

For more help using the Elastic service, see the Elastic documentation for Azure integration.

Yes. The ability to automatically navigate between the Azure portal and Elastic Cloud is enabled by using single sign-on (SSO). This option is automatically enabled and turned on for all Azure users.

You must have Owner or Contributor access on the Azure subscription to create an Elastic resource. If you're unable to create a resource, confirm that you have the appropriate access.

Yes. You can configure resources to send metrics and logs to Elastic during resource creation or afterward. Select Send subscription activity logs and Send Azure resource logs for all defined sources in the Logs & metrics tab. You can reconfigure these settings anytime by selecting Elastic deployment configuration > Logs & metrics in the Azure portal.

Common reasons include:

• Only resources listed in Azure Monitor resource log categories emit logs to Elastic.
• The resource doesn't support sending logs. Only resource types with monitoring log categories can be configured.
• The resource reached the limit of five diagnostic settings.
• A delete lock is applied to the resource or resource group, preventing diagnostic setting cleanup.
• Export of metrics data isn't currently supported by partner solutions under Azure Monitor diagnostic settings.

Yes. To monitor multiple subscriptions:

1. Select Elastic deployment configuration > Monitored Subscriptions.
2. Select Add subscriptions from the command bar.
3. Select the subscriptions you want to monitor and select Add.

You must have Owner role assigned to the subscriptions you want to add.

You can install Elastic agents on virtual machines by selecting Elastic deployment configuration > Virtual machines in the service menu, then following the installation instructions.

Yes. You can configure Azure OpenAI integration:

1. Select Elastic deployment configuration > Azure OpenAI configuration.
2. Select Add from the command bar.
3. Select your preferred Azure OpenAI Resource and Azure OpenAI Deployment.
4. Select Create.

After the connector is created, navigate to Kibana. Your connector can be used in Elastic's Observability AI Assistant. Currently, Elastic resources support only deployments of text or chat completion models, like GPT-4.

Traffic filters allow you to control network access to your Elastic deployment. To create a traffic filter:

1. Select Elastic deployment configuration > Traffic Filter.
2. Enter a name for the filter.
3. Select a Filter Type.
4. Select Create.

The traffic filter must be in the same region as the deployment. If a traffic filter is no longer needed, unlink it from deployment and then delete it.

A single Azure Marketplace SaaS unifies billing for multiple Elastic deployments.

To delete all linked Elastic deployments and serverless projects created from the Azure portal and the Elastic console, follow the standard Azure resource deletion process. If you wish to completely stop billing for the marketplace SaaS, delete all linked Elastic deployments created from the Azure portal or Elastic portal.

Yes. To access all Elastic resources and deployments you created using the Azure or Elastic portal, go to the Connected Elastic Resources tab in any of your Azure Elastic resources. You can easily manage the corresponding Elastic deployments or Azure resources using the links, provided you have owner or contributor rights.

Common marketplace purchase errors and their resolutions are documented in the troubleshooting guide. Verify your subscription permissions and ensure you have the necessary access to complete the purchase.

Select the Suggest a feature link at the top of the resource overview page in the Azure portal. This link takes you to the Developer community forum where you can suggest new features, view, upvote, or comment on feature suggestions from other customers.

For more help:

• Review the Elastic documentation for Azure integration.
• Check the troubleshooting guide for common issues and solutions.
• Contact support through the Azure portal or Elastic support channels.