Database Watcher - Not able to connect and collect data from Azure SQL Database

Question

Database Watcher - Not able to connect and collect data from Azure SQL Database

Mitesh Prajapati 35

We have created Database Watcher and trying to connect it with SQL authentication. It doesn't show up any database under dashboard.

Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-03-20T03:55:49.3566667+00:00
Hi Mitesh Prajapati

Greetings! As I understand, you're not able to see any database under dashboard.

When a watcher is created, it is not started automatically because additional configuration might be required.

To start a watcher, it must have:

A data store.

At least one target.

Access to the datastore and Targets

Access to a Key vault is also required if SQL authentication was selected for any target.

Either private or Public connectivity to targets, key vault (if using SQL authentication), and the data store.

To use private connectivity, create private end points.

Once a watcher is fully configured, use the Start button on the Overview page to start data collection. In a few minutes, new monitoring data appears in the data store and dashboard. If you don't see new data within five minutes, please follow the below links for possible errors and solutions.

Monitor Azure SQL workloads with database watcher - Azure SQL Database & SQL Managed Instance | Microsoft Learn

https://learn.microsoft.com/en-us/azure/azure-sql/database-watcher-manage?view=azuresql&tabs=sqldb

I hope this information helps. Please do let us know if you have any further queries.
Mitesh Prajapati 35 Reputation points

2025-04-04T19:42:19.36+00:00

We aren't able to see any database here.
Mitesh Prajapati 35 Reputation points

2025-04-05T18:13:02.7566667+00:00

@Mallaiah Sangi can you please help here?
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-07T10:03:18.47+00:00

Hi Mitesh Prajapati

Thank you for reaching out regarding your issue. We are always happy to assist you. Could you confirm whether you followed the steps I provided earlier? If possible, please share the error details, such as the error number or message, as this would help us investigate the problem in greater depth.
Mitesh Prajapati 35 Reputation points

2025-04-07T21:14:24.3866667+00:00

@Mallaiah Sangi We followed all the steps. We are not getting any error just it doesn't show any database.
Mitesh Prajapati 35 Reputation points

2025-04-07T21:14:32.56+00:00

We followed all the steps. We are not getting any error just it doesn't show any database.
Mitesh Prajapati 35 Reputation points

2025-04-07T21:33:09.87+00:00

We followed all the steps. We are not getting any error just it doesn't show any database.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-08T07:32:38.08+00:00

Hi Mitesh Prajapati

Thank you for getting back to me with your results.

Kindly request you to please share the details requested over the private message for further investigation.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-09T08:52:17.85+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-09T10:39:52.48+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mitesh Prajapati 35 Reputation points

2025-04-09T20:36:03.95+00:00

How can we provide private responses? as we would not like to share all the details here.
Mitesh Prajapati 35 Reputation points

2025-04-10T15:30:32.22+00:00

@Mallaiah Sangi Is it possible to setup a call? we can show you all the details over a call.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-10T17:16:50.47+00:00

Hi Mitesh Prajapati

Thank you for your response.

I have escalated this thread to the next level, and the specialized team is currently investigating the issue. @Pratik Lad will contact you soon with expected solution.

Thank you.
PratikLad 1,825 Reputation points Microsoft External Staff Moderator

2025-04-14T09:20:37.61+00:00
Hi Mitesh Prajapati

If you're having trouble seeing your databases on the Database Watcher dashboard while using SQL authentication, it’s important to double-check that you've completed all the necessary configuration steps.

Key Vault Configuration:

First things first, make sure you're using an Azure Key Vault that’s set up with the RBAC permission.

If you need private connectivity, don’t forget to create and approve a private endpoint to the vault.

For public connectivity, ensure that the vault is configured to allow access from all networks, as restricting it to specific networks isn’t supported.

SQL Authentication Setup:

You’ll need to create a SQL authentication login on each Azure SQL logical server or managed instance that you want to monitor.

To grant limited permissions, run the following T-SQL script in the master database as a server admin:

CREATE LOGIN [login-name-placeholder] WITH PASSWORD = 'password-placeholder'; ALTER SERVER ROLE ##MS_ServerPerformanceStateReader## ADD MEMBER [login-name-placeholder]; ALTER SERVER ROLE ##MS_DefinitionReader## ADD MEMBER [login-name-placeholder]; ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [login-name-placeholder];

Secrets in Azure Key Vault:

Next, create two secrets: one for the login name and another for the password (for example, database-watcher-login-name and database-watcher-password).

Make sure you have the Key Vault Secrets Officer role to create these secrets.

Add SQL Target in Database Watcher:

When you’re adding a SQL target, remember to:

Check the box for "Use SQL authentication."

Select the appropriate Key Vault.

Enter the secret names (not the actual login or password) for both the login name and password.

Permissions to Access Secrets:

If the current user isn’t an Owner or User Access Administrator on the vault, you’ll need to manually grant the watcher’s managed identity access:

Navigate to Access Control (IAM) on each secret. >> Assign the Key Vault Secrets User role to the watcher’s managed identity.

By carefully following these steps, your databases should start showing up in the Database Watcher dashboard.
PratikLad 1,825 Reputation points Microsoft External Staff Moderator

2025-04-15T09:16:43.23+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
PratikLad 1,825 Reputation points Microsoft External Staff Moderator

2025-04-16T08:48:03.76+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mitesh Prajapati 35 Reputation points

2025-04-16T12:28:27.8533333+00:00

Hi @PratikLad It did not work for us after following all the exact steps provided. would it be better to schedule a call to discuss this?
DiogoLopez 0 Reputation points

2025-06-10T15:44:25.73+00:00
I'm having the same problem to collect data of Azure SQL databases. Those are things I've checked:

Watcher is running.

Watcher has access to the data store (as Admin).

Data Explorer cluster is running.

Watcher has access to the SQL targets (using Microsoft Entra authentication and privilege script generated by Watcher portal).

Microsoft Entra is enabled on the SQL Target.

I'm using private connectivity. I've created Managed endpoints for each SQL Target and they have been approved.

Private endpoint also configured on the Data Explorer cluster.

The Azure Data Explorer database exists. I can run a query on the database and I can see the Watcher has Admin privilege and I myself have Viewer privilege.

Is there anything else that I can check?

Accepted answer

0 additional answers

Your answer

Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-03-20T03:55:49.3566667+00:00

Hi Mitesh Prajapati

Greetings! As I understand, you're not able to see any database under dashboard.

When a watcher is created, it is not started automatically because additional configuration might be required.

To start a watcher, it must have:

A data store.

At least one target.

Access to the datastore and Targets

Access to a Key vault is also required if SQL authentication was selected for any target.

Either private or Public connectivity to targets, key vault (if using SQL authentication), and the data store.

To use private connectivity, create private end points.

Once a watcher is fully configured, use the Start button on the Overview page to start data collection. In a few minutes, new monitoring data appears in the data store and dashboard. If you don't see new data within five minutes, please follow the below links for possible errors and solutions.

Monitor Azure SQL workloads with database watcher - Azure SQL Database & SQL Managed Instance | Microsoft Learn

https://learn.microsoft.com/en-us/azure/azure-sql/database-watcher-manage?view=azuresql&tabs=sqldb

I hope this information helps. Please do let us know if you have any further queries.
Mitesh Prajapati 35 Reputation points

2025-04-04T19:42:19.36+00:00

We aren't able to see any database here.
Mitesh Prajapati 35 Reputation points

2025-04-05T18:13:02.7566667+00:00

@Mallaiah Sangi can you please help here?
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-07T10:03:18.47+00:00

Hi Mitesh Prajapati

Thank you for reaching out regarding your issue. We are always happy to assist you. Could you confirm whether you followed the steps I provided earlier? If possible, please share the error details, such as the error number or message, as this would help us investigate the problem in greater depth.
Mitesh Prajapati 35 Reputation points

2025-04-07T21:14:24.3866667+00:00

@Mallaiah Sangi We followed all the steps. We are not getting any error just it doesn't show any database.
Mitesh Prajapati 35 Reputation points

2025-04-07T21:14:32.56+00:00

We followed all the steps. We are not getting any error just it doesn't show any database.
Mitesh Prajapati 35 Reputation points

2025-04-07T21:33:09.87+00:00

We followed all the steps. We are not getting any error just it doesn't show any database.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-08T07:32:38.08+00:00

Hi Mitesh Prajapati

Thank you for getting back to me with your results.

Kindly request you to please share the details requested over the private message for further investigation.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-09T08:52:17.85+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-09T10:39:52.48+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mitesh Prajapati 35 Reputation points

2025-04-09T20:36:03.95+00:00

How can we provide private responses? as we would not like to share all the details here.
Mitesh Prajapati 35 Reputation points

2025-04-10T15:30:32.22+00:00

@Mallaiah Sangi Is it possible to setup a call? we can show you all the details over a call.
Mallaiah Sangi 1,145 Reputation points Microsoft External Staff Moderator

2025-04-10T17:16:50.47+00:00

Hi Mitesh Prajapati

Thank you for your response.

I have escalated this thread to the next level, and the specialized team is currently investigating the issue. @Pratik Lad will contact you soon with expected solution.

Thank you.
PratikLad 1,825 Reputation points Microsoft External Staff Moderator

2025-04-15T09:16:43.23+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
PratikLad 1,825 Reputation points Microsoft External Staff Moderator

2025-04-16T08:48:03.76+00:00

Hi Mitesh Prajapati

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Mitesh Prajapati 35 Reputation points

2025-04-16T12:28:27.8533333+00:00

Hi @PratikLad It did not work for us after following all the exact steps provided. would it be better to schedule a call to discuss this?
DiogoLopez 0 Reputation points

2025-06-10T15:44:25.73+00:00

I'm having the same problem to collect data of Azure SQL databases. Those are things I've checked:

Watcher is running.

Watcher has access to the data store (as Admin).

Data Explorer cluster is running.

Watcher has access to the SQL targets (using Microsoft Entra authentication and privilege script generated by Watcher portal).

Microsoft Entra is enabled on the SQL Target.

I'm using private connectivity. I've created Managed endpoints for each SQL Target and they have been approved.

Private endpoint also configured on the Data Explorer cluster.

The Azure Data Explorer database exists. I can run a query on the database and I can see the Watcher has Admin privilege and I myself have Viewer privilege.

Is there anything else that I can check?

Answer 1

Hi Mitesh Prajapati

The document link shows the exact permission required by Watcher. You have to ensure that the user (because it is SQL Auth here) has exactly those permissions. Not less not more. You can do this via SMSS or the script (can be downloaded through the add target blade).

To allow a watcher to collect SQL monitoring data, you must execute a T-SQL script that grants the watcher specific, limited SQL permissions. The user should not be assigned any additional permissions.


CREATE LOGIN [login-name-placeholder] WITH PASSWORD = 'password-placeholder';

ALTER SERVER ROLE ##MS_ServerPerformanceStateReader## ADD MEMBER [login-name-placeholder];

ALTER SERVER ROLE ##MS_DefinitionReader## ADD MEMBER [login-name-placeholder];

ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [login-name-placeholder];

Share via

Database Watcher - Not able to connect and collect data from Azure SQL Database

0 additional answers

Your answer