Sending custom data metrics from AppService to Monitor (itself)

Question

Good day!

I want to send a custom data/business metrics to Azure Monitor from the AppService itself.
According to MS docs, in order to submit metrics it's needed to obtain a token and "An example is allowing a resource to emit metrics about itself."

Question #1: how can I allow an AppService to emit metrics about self?
Let's say we have an AppService with 3 env. slots, I enabled the System assigned managed identity and I see nothing about Azure Monitor in the list of possible Permissions. Then how can I grant Monitoring Metrics Publisher permissions to the AppService, so it could inject metrics to itself?

Question #2: how can I obtain a token, when all I have is Object (principal) ID (after enabling an Identity for AppService) ?

Question #3: in the metrics API URL that is used to send metrics to:
https://{azureRegion}.monitoring.azure.com/{azureResourceId}/metrics
is ResourceId - the same as full ResourceId of AppService?
in my case it's like: /subscriptions/GUID-of-subscription-here/resourceGroups/group-name-here/providers/Microsoft.Web/sites/app-service-name-here/slots/slot-name-here

Answer 1

Hi Vadim,

I was working on similar effort a week ago for one of my customers, had to go through a ton of research on MS. documentation. And based on Microsoft documentation and the query you've provided, here's the answer to your questions about sending custom data metrics from an AppService to Azure Monitor:

Question #1: Allowing an AppService to Emit Metrics About Itself

• To allow an Azure AppService to emit its own metrics, you need to configure the AppService to send custom metrics to Azure Monitor. This typically involves using the Azure Monitor REST API or a client library for Azure Monitor.
• Azure API Management's emit-metric policy is one way to emit custom metrics, but it's more relevant for scenarios where API Management is involved.
• For an AppService specifically, you can use Application Insights, which is integrated with Azure Monitor. Application Insights SDK can be added to your application to send custom telemetry data (including custom metrics) to Azure Monitor.
• Here's a step by step:

To enable your AppService to emit its own metrics:

1. Integration with Application Insights:

     - Add the Application Insights SDK to your web application. This can be done for various programming languages and frameworks. For example, in .NET, you would typically install the **`Microsoft.ApplicationInsights.Web`** NuGet package.
   
           - Configure the Application Insights instrumentation key in your application settings. This connects your app to the correct Application Insights resource.
   
                 - Use the Application Insights API to send custom metrics. For example, in C#:
   

                                                TelemetryClient telemetry = new TelemetryClient();
telemetry.TrackMetric("CustomMetricName", metricValue);
                                                
                                                ```

                              - These custom metrics are then automatically available in Azure Monitor for analysis and alerting.

      1. **Enabling System Assigned Managed Identity:**

                  - In the Azure portal, navigate to your AppService.

                        - Under "Settings", select "Identity", and then enable "System assigned" Managed Identity.

                              - This step is more about authentication and authorization if your AppService needs to interact with other Azure services.

**Question #2: Obtaining a Token for Azure Monitor**

- To obtain a token for Azure Monitor, you can use Managed Identity, which you've enabled for your AppService. The Managed Identity can authenticate to Azure services on behalf of your application.

- Use the Managed Identity to request an access token from the Azure AD token endpoint. The token can then be used to authenticate requests to Azure Monitor.

- To obtain a token for Azure Monitor with Managed Identity:

   1. **Use Managed Identity for Authentication:**

            - Your AppService can use its Managed Identity to authenticate to Azure AD and obtain an access token.

                  - For example, if your AppService is written in .NET, you can use the Azure Identity library:

                                    
```csharp
                                    var managedIdentityCredential = new ManagedIdentityCredential();
                                    var accessToken = await managedIdentityCredential.GetTokenAsync(
                                       new TokenRequestContext(new[] { "https://monitor.azure.com/.default" }));
                                    string token = accessToken.Token;
                                    
                                    ```

   This token can then be used in the Authorization header for calls to the Azure Monitor API.

**Question #3: Resource ID in the Metrics API URL**

- Yes, the ResourceId in the Azure Monitor metrics API URL is the same as the full ResourceId of your AppService.

- For sending metrics to Azure Monitor using the REST API:

**Correct Resource ID:**

- Ensure you have the correct Resource ID for your AppService, as mentioned in your question.

- The Resource ID is used in the API URL to ensure the metrics are associated with the correct Azure resource.

   1. **Sending Metrics via API:**

      - Construct an HTTP request to the Azure Monitor API endpoint with your Resource ID.

      - The request should include the obtained token for authentication.

      - The body of the request should contain the metric data you wish to send.

      - An example API endpoint would look like: **`https://<azureRegion>.monitoring.azure.com<resourceId>/metrics`**.

            - Replace **`<azureRegion>`** with your Azure region and **`<resourceId>`** with your AppService's Resource ID.

- Your format (**`/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Web/sites/<app-service-name>/slots/<slot-name>`**) is correct. This ResourceId uniquely identifies your AppService in Azure and is used to direct the metrics to the correct resource in Azure Monitor.

Hope this answer can help you with your issue.