Edit

Share via

Ingest OpenTelemetry Protocol signals into Azure Monitor (Limited Preview)

Azure Monitor now supports native ingestion of OpenTelemetry Protocol (OTLP) signals, enabling you to send telemetry data directly from OpenTelemetry-instrumented applications to Azure Monitor.

Important

Note

  • Sign up for the preview before onboarding to receive support, participate in Q&A sessions, and share feedback.
  • Support for this feature is limited to enrolled subscriptions.

Overview

Azure Monitor can receive OTLP signals through three ingestion mechanisms:

  • OpenTelemetry Collector - Send data directly to Azure Monitor cloud ingestion endpoints from any OTel Collector deployment.
  • Azure Monitor Agent (AMA) - Ingest data from applications running on Azure VMs, Virtual Machine Scale Sets, or Azure Arc-enabled servers.
  • Azure Kubernetes Service (AKS) add-on - Collect telemetry from containerized applications in AKS clusters.

This article covers the OpenTelemetry Collector and Azure Monitor Agent methods. For AKS deployments, see Enable Azure Monitor OpenTelemetry for Kubernetes clusters.

Prerequisites

  • Azure subscription: If you don't have one, create an Azure subscription for free.
  • OpenTelemetry SDK instrumented application (any supported language).
  • For VMs and Virtual Machine Scale Sets deployments: Azure Monitor Agent version 1.38.1 or higher (Windows) or 1.37.0 or higher (Linux).
  • For OpenTelemetry Collector deployments: Collector version 0.132.0 or higher with the Azure Authentication extension.

Set up OTLP data collection

You can configure OTLP data collection in Azure Monitor using one of two approaches. The Application Insights-based approach is recommended for most scenarios as it automates resource creation and enables built-in troubleshooting experiences.

This method automatically provisions all required Azure resources and configures their relationships, enabling you to use Application Insights for application performance monitoring, distributed tracing, and failure analysis.

  1. Register the Application Insights OTLP preview features and provider:

    az feature register --name OtlpApplicationInsights --namespace Microsoft.Insights
az feature list -o table --query "[?contains(name, 'Microsoft.Insights/OtlpApplicationInsights')].{Name:name,State:properties.state}"

az provider register -n Microsoft.Insights

  2. In the Azure portal, create a new Application Insights resource.

  3. On the Basics tab, select the Enable OTLP support checkbox.

    Screenshot showing the Create Application Insights page with Enable OTLP support option selected.

  4. Complete the resource creation process.

  5. After deployment, navigate to the Overview page of your Application Insights resource.

  6. Locate the OTLP Connection Info section and copy the following values:

    • Data Collection Rule (DCR) resource ID
    • Endpoint URLs for traces, logs, and metrics (if using OpenTelemetry Collector)

    Screenshot showing OTLP connection information on the Application Insights Overview page.

Proceed to Configure your telemetry pipeline.

Option 2: Manual resource orchestration

This option requires you to manually create and configure Data Collection Endpoints (DCE), Data Collection Rules (DCR), and destination workspaces. Use this approach when you need custom configurations or want to reuse existing resources.

Create destination workspaces

If you don't have existing workspaces, create the following resources in the same Azure region:

  • Log Analytics workspace (LAW) - Stores log and trace data
  • Azure Monitor workspace (AMW) - Stores metrics data

Record the resource IDs of both workspaces for later use.

(Optional) Create an Application Insights resource

To enable Application Insights troubleshooting experiences with your OTLP data:

  1. Create an Application Insights resource in the same region as your workspaces.
  2. Clear the Enable OTLP support checkbox to avoid creating duplicate resources.
  3. Copy the Application Insights resource ID.

Note

If you skip this step, you'll need to modify the ARM template in the next section to remove Application Insights references.

Deploy the Data Collection Endpoint and Rule

  1. In the Azure portal, search for Deploy a custom template and select it.

  2. Select Build your own template in the editor.

  3. Copy the template content from the Azure Monitor Community repository.

  4. Paste the template into the editor and update the parameters with your workspace resource IDs and (optionally) Application Insights resource ID.

  5. Set the location to match your workspace region.

  6. Review and create the deployment.

  7. After deployment completes, navigate to the created DCR and copy its resource ID from the Overview page.

Configure your telemetry pipeline

Choose the configuration method based on your compute environment.

Option 1: Azure Monitor Agent (for Azure VMs, Virtual Machine Scale Sets, and Arc-enabled servers)

The Azure Monitor Agent provides a simplified ingestion path for Azure-hosted and Arc-enabled compute resources.

Deploy Azure Monitor Agent

Install the Azure Monitor Agent using Azure CLI or PowerShell. For detailed instructions, see Install and manage Azure Monitor Agent.

Verify you're installing the minimum required version:

  • Windows: Version 1.38.1 or higher
  • Linux: Version 1.37.0 or higher

Associate the DCR with your compute resources

Create an association between your Data Collection Rule and the VMs, Virtual Machine Scale Sets, or Arc-enabled servers running your instrumented applications:

  1. Navigate to your DCR in the Azure portal.
  2. Select Resources under Configuration.
  3. Select Add and choose the compute resources to associate.

For programmatic association, see Manage data collection rule associations.

Configure application environment

Set the following configuration in your application environment:

  1. Add the microsoft.applicationId resource attribute with the Application Insights connection string application ID (the GUID portion after InstrumentationKey=).

  2. Configure the OpenTelemetry SDK to send to localhost using these ports:

    • Metrics: Port 4317 (gRPC)
    • Logs and Traces: Port 4319 (gRPC)

Example environment variable configuration:

export OTEL_EXPORTER_OTLP_ENDPOINT="http://localhost:4317"
export OTEL_RESOURCE_ATTRIBUTES="microsoft.applicationId=<your-application-id>"

Note

The Azure Monitor Agent running on the VM handles authentication and routing to Azure Monitor endpoints.

Option 2: OpenTelemetry Collector

For non-Azure environments or when you need maximum flexibility, configure the OpenTelemetry Collector to send data directly to Azure Monitor endpoints.

Configure Microsoft Entra authentication

The OpenTelemetry Collector requires Microsoft Entra authentication to send data to Azure Monitor.

For Azure VMs and Virtual Machine Scale Sets:

  1. Enable system-assigned managed identity on your compute resource.
  2. Assign the Monitoring Metrics Publisher role to the managed identity.
  3. Leave the managed_identity section blank in your collector configuration to use the system-assigned identity.

For non-Azure environments:

Configure the Azure Authentication extension in your collector with an appropriate Entra identity:

extensions:
  azureauth/monitor:
    managed_identity:
      client_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"  # Your identity client ID
    scopes:
      - https://monitor.azure.com/.default

For workload identities, service principals, or other Entra identities, provide the client_id of the identity that will authenticate.

Grant permissions to the Data Collection Rule

The identity used by your collector needs permission to write data to your DCR:

  1. Navigate to your DCR in the Azure portal.

  2. Select Access control (IAM) in the left navigation.

  3. Select Add > Add role assignment.

    Screenshot showing how to add a role assignment to a Data Collection Rule.

  4. Select Monitoring Metrics Publisher and select Next.

    Screenshot showing the Monitoring Metrics Publisher role selection.

  5. For Assign access to, select User, group, or service principal.

  6. Select Select members and choose your application or managed identity.

    Screenshot showing member selection for role assignment.

  7. Select Review + assign to save the role assignment.

Construct endpoint URLs

If you created your resources using the Application Insights method, you already have the endpoint URLs from the OTLP Connection Info section. Skip to Update collector configuration.

For manually orchestrated resources, construct the endpoint URLs:

  1. Navigate to your Data Collection Endpoint in the Azure portal.

  2. Select JSON View from the Overview page.

  3. Copy the logsIngestion and metricsIngestion endpoint values:

    "logsIngestion": {
    "endpoint": "https://<name>.<location>-1.ingest.monitor.azure.com"
},
"metricsIngestion": {
    "endpoint": "https://<name>.<location>-1.metrics.ingest.monitor.azure.com"
}

  4. Navigate to your Data Collection Rule and copy the Immutable ID from the Overview page.

  5. Construct your endpoint URLs using this pattern:

    Metrics endpoint:

    https://<metrics-dce-domain>/datacollectionRules/<dcr-immutable-id>/streams/microsoft-otelmetrics/otlp/v1/metrics

    Logs endpoint:

    https://<logs-dce-domain>/datacollectionRules/<dcr-immutable-id>/streams/opentelemetry_logs/otlp/v1/logs

    Traces endpoint:

    https://<logs-dce-domain>/datacollectionRules/<dcr-immutable-id>/streams/opentelemetry_traces/otlp/v1/traces

    Note

    The traces endpoint uses the logs DCE domain.

Update collector configuration

Configure your OpenTelemetry Collector with the authentication extension and Azure Monitor endpoints. Here's a sample configuration:

receivers:
  otlp:
    protocols:
      grpc:
        endpoint: localhost:4317
      http:
        endpoint: localhost:4318

processors:
  batch:

extensions:
  azureauth/monitor:
    use_default: true
    scopes:
      - https://monitor.azure.com/.default

exporters:
  otlphttp/azuremonitor:
    traces_endpoint: "https://<logs-dce-domain>/datacollectionRules/<dcr-immutable-id>/streams/opentelemetry_traces/otlp/v1/traces"
    logs_endpoint: "https://<logs-dce-domain>/datacollectionRules/<dcr-immutable-id>/streams/opentelemetry_logs/otlp/v1/logs"
    metrics_endpoint: "https://<metrics-dce-domain>/datacollectionRules/<dcr-immutable-id>/streams/microsoft-otelmetrics/otlp/v1/metrics"
    auth:
      authenticator: azureauth/monitor

service:
  extensions:
    - azureauth/monitor
  pipelines:
    traces:
      receivers: [otlp]
      processors: [batch]
      exporters: [otlphttp/azuremonitor]
    metrics:
      receivers: [otlp]
      processors: [batch]
      exporters: [otlphttp/azuremonitor]
    logs:
      receivers: [otlp]
      processors: [batch]
      exporters: [otlphttp/azuremonitor]

Limitations

The following Azure regions aren't supported during the preview:

  • Austria East
  • Chile Central
  • Indonesia Central
  • Malaysia West
  • Mexico Central
  • New Zealand North
  • North Central US
  • Poland Central
  • Qatar Central
  • West India

Support

Reach out to us at otel@microsoft.com with your experiences, questions, or suggestions.

Next steps

  • Last updated on