Enable Diagnostic Logging in Azure API for FHIR
In this article, you'll learn how to enable diagnostic logging in Azure API for FHIR and be able to review some sample queries for these logs. Access to diagnostic logs is essential for any healthcare service where compliance with regulatory requirements (such as HIPAA) is a must. The feature in Azure API for FHIR that enables diagnostic logs is the Diagnostic settings in the Azure portal.
View and Download FHIR Metrics Data
You can view the metrics under Monitoring | Metrics from the portal. The metrics include Number of Requests, Average Latency, Number of Errors, Data Size, RUs Used, Number of requests that exceeded capacity, and Availability (in %). The screenshot below shows RUs used for a sample environment with few activities in the last seven days. You can download the data in Json format.
Enable audit logs
To enable diagnostic logging in Azure API for FHIR, select your Azure API for FHIR service in the Azure portal
Navigate to Diagnostic settings
Select + Add diagnostic setting
Enter a name for the setting
Select the method you want to use to access your diagnostic logs:
- Archive to a storage account for auditing or manual inspection. The storage account you want to use needs to be already created.
- Stream to event hub for ingestion by a third-party service or custom analytic solution. You'll need to create an event hub namespace and event hub policy before you can configure this step.
- Stream to the Log Analytics workspace in Azure Monitor. You'll need to create your Logs Analytics Workspace before you can select this option.
Select AuditLogs and/or AllMetrics. The metrics include service name, availability, data size, total latency, total requests, total errors and timestamp. You can find more detail on supported metrics.
It might take up to 15 minutes for the first Logs to show in Log Analytics. Also, if Azure API for FHIR is moved from one resource group or subscription to another, update the setting once the move is complete.
For more information on how to work with diagnostic logs, please refer to the Azure Resource Log documentation
Audit log details
At this time, the Azure API for FHIR service returns the following fields in the audit log:
|CallerIdentity||Dynamic||A generic property bag containing identity information|
|CallerIPAddress||String||The caller’s IP address|
|FhirResourceType||String||The resource type for which the operation was executed|
|LogCategory||String||The log category (we're currently returning ‘AuditLogs’ LogCategory)|
|Location||String||The location of the server that processed the request (for example, South Central US)|
|OperationDuration||Int||The time it took to complete this request in seconds|
|OperationName||String||Describes the type of operation (for example, update, search-type)|
|RequestUri||String||The request URI|
|ResultType||String||The available values currently are Started, Succeeded, or Failed|
|StatusCode||Int||The HTTP status code. (for example, 200)|
|TimeGenerated||DateTime||Date and time of the event|
|Properties||String||Describes the properties of the fhirResourceType|
|SourceSystem||String||Source System (always Azure in this case)|
|Type||String||Type of log (always MicrosoftHealthcareApisAuditLog in this case)|
|_ResourceId||String||Details about the resource|
Here are a few basic Application Insights queries you can use to explore your log data.
Run this query to see the 100 most recent logs:
MicrosoftHealthcareApisAuditLogs | limit 100
Run this query to group operations by FHIR Resource Type:
MicrosoftHealthcareApisAuditLogs | summarize count() by FhirResourceType
Run this query to get all the failed results
MicrosoftHealthcareApisAuditLogs | where ResultType == "Failed"
Having access to diagnostic logs is essential for monitoring a service and providing compliance reports. Azure API for FHIR allows you to do these actions through diagnostic logs.
FHIR is the registered trademark of HL7 and is used with the permission of HL7.
In this article, you learned how to enable Audit Logs for Azure API for FHIR. For information about Azure API for FHIR configuration settings, see
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.