I am trying to find a list of resources that allow for diagnostic settings to route logs to resource specific destinations,. Documentation is quite vague on this and I'm unable to get a definite answer

Question

I am trying to find a list of resources that allow for diagnostic settings to route logs to resource specific destinations,. Documentation is quite vague on this and I'm unable to get a definite answer

For example this link shows azure keyvaults as a support resource but there is no resource specific logging option when checked

Answer 1

Hi @Zachary Ngooi(UST,SG) ,

There are multiple ways to send diagnostic settings logs to multiple destinations. Logs can be send to Log analytics workspace, Event Hubs, Storage Accounts etc.

Destinations

Platform logs and metrics can be sent to the destinations listed in the following table.

To ensure the security of data in transit, all destination endpoints are configured to support TLS 1.2.

Destination	Description
Log Analytics workspace	Metrics are converted to log form. This option might not be available for all resource types. Sending them to the Azure Monitor Logs store (which is searchable via Log Analytics) helps you to integrate them into queries, alerts, and visualizations with existing log data.
Log Analytics workspace	Metrics are converted to log form. This option might not be available for all resource types. Sending them to the Azure Monitor Logs store (which is searchable via Log Analytics) helps you to integrate them into queries, alerts, and visualizations with existing log data.
Azure Storage account	Archiving logs and metrics to a Storage account is useful for audit, static analysis, or back up. Compared to using Azure Monitor Logs or a Log Analytics workspace, Storage is less expensive, and logs can be kept there indefinitely.
Azure Event Hubs	When you send logs and metrics to Event Hubs, you can stream data to external systems such as third-party SIEMs and other Log Analytics solutions.
Azure Monitor partner solutions	Specialized integrations can be made between Azure Monitor and other non-Microsoft monitoring platforms. Integration is useful when you're already using one of the partners.

Please check the reference link for more details - https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings

How to create diagnostic settings can be found here- https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/create-diagnostic-settings?tabs=portal

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

Hi ,

As per your latest comment, please check this list

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-schema

Top-level common schema

Name	Required or optional	Description
time	Required	The timestamp (UTC) of the event being logged.
time	Required	The timestamp (UTC) of the event being logged.
resourceId	Required	The resource ID of the resource that emitted the event. For tenant services, this is of the form /tenants/tenant-id/providers/provider-name.
tenantId	Required for tenant logs	The tenant ID of the Active Directory tenant that this event is tied to. This property is used only for tenant-level logs. It does not appear in resource-level logs.
operationName	Required	The name of the operation that this event is logging, for example Microsoft.Storage/storageAccounts/blobServices/blobs/Read. The operationName is typically modeled in the form of an Azure Resource Manager operation, Microsoft.<providerName>/<resourceType>/<subtype>/<Write|Read|Delete|Action>, even if it's not a documented Resource Manager operation.
operationVersion	Optional	The API version associated with the operation, if operationName was performed through an API (for example, http://myservice.windowsazure.net/object?api-version=2016-06-01). If no API corresponds to this operation, the version represents the version of that operation in case the properties associated with the operation change in the future.
category or type	Required	The log category of the event being logged. Category is the granularity at which you can enable or disable logs on a particular resource. The properties that appear within the properties blob of an event are the same within a particular log category and resource type. Typical log categories are Audit, Operational, Execution, and Request. For Application Insights resource, type denotes the category of log exported.
resultType	Optional	The status of the logged event, if applicable. Values include Started, In Progress, Succeeded, Failed, Active, and Resolved.
resultSignature	Optional	The substatus of the event. If this operation corresponds to a REST API call, this field is the HTTP status code of the corresponding REST call.
resultDescription	Optional	The static text description of this operation; for example, Get storage file.
durationMs	Optional	The duration of the operation in milliseconds.
callerIpAddress	Optional	The caller IP address, if the operation corresponds to an API call that would come from an entity with a publicly available IP address.
correlationId	Optional	A GUID that's used to group together a set of related events. Typically, if two events have the same operationName value but two different statuses (for example, Started and Succeeded), they share the same correlationID value. This might also represent other relationships between events.
identity	Optional	A JSON blob that describes the identity of the user or application that performed the operation. Typically, this field includes the authorization and claims or JWT token from Active Directory.
level	Optional	The severity level of the event. Must be one of Informational, Warning, Error, or Critical.
location	Optional	The region of the resource emitting the event; for example, East US or France South.
properties	Optional	Any extended properties related to this category of events. All custom or unique properties must be put inside this "Part B" of the schema.

Service-specific schemas

The schema for resource logs varies depending on the resource and log category. The following list shows Azure services that make available resource logs and links to the service and category-specific schemas (where available). The list changes as new services are added. If you don't see what you need, feel free to open a GitHub issue on this article so we can update it.

Expand table

Service or feature	Schema and documentation
Microsoft Entra ID	Overview, Audit log schema, Sign-ins schema
Microsoft Entra ID	Overview, Audit log schema, Sign-ins schema
Azure Analysis Services	Azure Analysis Services: Set up diagnostic logging
Azure API Management	API Management resource logs
Azure App Service	App Service logs
Azure Application Gateway	Logging for Application Gateway
Azure Automation	Log Analytics for Azure Automation
Azure Batch	Azure Batch logging
Azure AI Search	Cognitive Search monitoring data reference (schemas)
Azure AI services	Logging for Azure AI services
Azure Container Instances	Logging for Azure Container Instances
Azure Container Registry	Logging for Azure Container Registry
Azure Content Delivery Network	Diagnostic logs for Azure Content Delivery Network
Azure Cosmos DB	Azure Cosmos DB logging
Azure Data Explorer	Azure Data Explorer logs
Azure Data Factory	Monitor Data Factory by using Azure Monitor
Azure Data Lake Analytics	Accessing logs for Azure Data Lake Analytics
Azure Data Lake Storage	Accessing logs for Azure Data Lake Storage
Azure Database for MySQL	Azure Database for MySQL diagnostic logs
Azure Database for PostgreSQL	Azure Database for PostgreSQL logs
Azure Databricks	Diagnostic logging in Azure Databricks
Azure DDoS Protection	Logging for Azure DDoS Protection
Azure Digital Twins	Set up Azure Digital Twins diagnostics
Azure Event Hubs	Azure Event Hubs logs
Azure ExpressRoute	Monitoring Azure ExpressRoute
Azure Firewall	Logging for Azure Firewall
Azure Front Door	Logging for Azure Front Door
Azure Functions	Monitoring Azure Functions Data Reference Resource Logs
Application Insights	Application Insights Data Reference Resource Logs
Azure Health Data Services	Logging for Azure Health Data Services
Azure IoT Hub	IoT Hub operations
Azure IoT Hub Device Provisioning Service	Device Provisioning Service operations
Azure Key Vault	Azure Key Vault logging
Azure Kubernetes Service	Azure Kubernetes Service logging
Azure Load Balancer	Log Analytics for Azure Load Balancer
Azure Load Testing	Azure Load Testing logs
Azure Logic Apps	Logic Apps B2B custom tracking schema
Azure Machine Learning	Diagnostic logging in Azure Machine Learning
Azure Media Services	Media Services monitoring schemas
Network security groups	Log Analytics for network security groups (NSGs)
Azure Operator Insights	Monitoring Azure Operator Insights data reference
Azure Power BI Embedded	Logging for Power BI Embedded in Azure
Recovery Services	Data model for Azure Backup
Azure Service Bus	Azure Service Bus logs
Azure SignalR	Monitoring Azure SignalR Service data reference
Azure SQL Database	Azure SQL Database logging
Azure Storage	Blobs, Files, Queues, Tables
Azure Stream Analytics	Job logs
Azure Traffic Manager	Traffic Manager log schema
Azure Video Indexer	Monitor Azure Video Indexer data reference
Azure Virtual Network	Schema not available
Azure Web PubSub	Monitoring Azure Web PubSub data reference
Virtual network gateways	Logging for Virtual Network Gateways