Monitor Azure Blob Storage
This article describes:
- The types of monitoring data you can collect for this service.
- How to analyze that data.
If you're already familiar with this service and/or Azure Monitor and just want to know how to analyze monitoring data, see the Analyze section near the end of this article.
When you have critical applications and business processes that rely on Azure resources, you need to monitor and get alerts for your system. The Azure Monitor service collects and aggregates metrics and logs from every component of your system. Azure Monitor provides you with a view of availability, performance, and resilience, and notifies you of issues. You can use the Azure portal, PowerShell, Azure CLI, REST API, or client libraries to set up and view monitoring data.
- For more information on Azure Monitor, see the Azure Monitor overview.
- For more information on how to monitor Azure resources in general, see Monitor Azure resources with Azure Monitor.
Metrics and logs in Azure Monitor support only Azure Resource Manager storage accounts. Azure Monitor doesn't support classic storage accounts. If you want to use metrics or logs on a classic storage account, you need to migrate to an Azure Resource Manager storage account. For more information, see Migrate to Azure Resource Manager.
Some services in Azure have a built-in monitoring dashboard in the Azure portal that provides a starting point for monitoring your service. These dashboards are called insights, and you can find them in the Insights Hub of Azure Monitor in the Azure portal.
Azure Storage insights offer a unified view of storage performance, capacity, and availability. See Monitor storage with Azure Monitor Storage insights.
Azure Monitor organizes core monitoring data into metrics and logs based on resource types, also called namespaces. Different metrics and logs are available for different resource types. Your service might be associated with more than one resource type.
Resource types are also part of the resource IDs for every resource running in Azure. For example, one resource type for a virtual machine is
Microsoft.Compute/virtualMachines. For a list of services and their associated resource types, see Resource providers.
Metrics data is stored in the Azure Monitor metrics database. Log data is stored in the Azure Monitor logs store. Log Analytics is a tool in the Azure portal that can query this store. The activity log is a separate store. You can optionally route metric and activity log data to the Azure Monitor logs database so you can query the data and correlate it with other log data.
For detailed information on how Azure Monitor stores data, see Azure Monitor data platform.
Azure Monitor provides platform metrics for most services. These metrics are:
- Individually defined for each namespace.
- Stored in the Azure Monitor time-series metrics database.
- Lightweight and capable of supporting near real-time alerting.
- Used to track the performance of a resource over time.
Collection: Azure Monitor collects platform metrics automatically. No configuration is required.
Routing: You can also route platform metrics to Azure Monitor logs so you can query them with other log data. For more information, see Azure Monitor Agent overview.
For a list of all metrics it's possible to gather for all resources in Azure Monitor, see Supported metrics in Azure Monitor.
For a list of available metrics for Azure Blob Storage, see Azure Blob Storage monitoring data reference.
Resource logs provide insight into operations that were done by an Azure resource. Logs are generated automatically, but you must route them to Azure Monitor logs to save or query them. Logs are organized by category. A given namespace might have multiple resource log categories.
Collection: Resource logs aren't collected and stored until you create a diagnostic setting and route the logs to one or more locations. When you create a diagnostic setting, you specify which categories of logs to collect. There are multiple ways to create and maintain diagnostic settings, including the Azure portal, programmatically, and though Azure Policy.
Routing: The suggested default is to route resource logs to Azure Monitor Logs so you can query them with other log data. Other locations such as Azure Storage, Azure Event Hubs, and certain Microsoft monitoring partners are also available. For more information, see Azure resource logs and Resource log destinations.
For detailed information about collecting, storing, and routing resource logs, see Diagnostic settings in Azure Monitor.
For a list of all available resource log categories in Azure Monitor, see Supported resource logs in Azure Monitor.
All resource logs in Azure Monitor have the same header fields, followed by service-specific fields. The common schema is outlined in Azure Monitor resource log schema.
For the available resource log categories, their associated Log Analytics tables, and the logs schemas for Azure Blob Storage, see Azure Blob Storage monitoring data reference.
Data Lake Storage Gen2 doesn't appear as a storage type because Data Lake Storage Gen2 is a set of capabilities available to Blob storage.
For general destination limitations, see Destination limitations. The following limitations apply only to monitoring Azure Storage accounts.
You can't send logs to the same storage account that you're monitoring with this setting. This would lead to recursive logs in which a log entry describes the writing of another log entry. You must create an account or use another existing account to store log information.
You can't set a retention policy.
If you archive logs to a storage account, you can manage the retention policy of a log container by defining a lifecycle management policy. To learn how, see Optimize costs by automating Azure Blob Storage access tiers.
If you send logs to Log Analytics, you can manage the data retention period of Log Analytics at the workspace level or even specify different retention settings by data type. To learn how, see Change the data retention period.
The Activity log contains subscription-level events that track operations for each Azure resource as seen from outside that resource; for example, creating a new resource or starting a virtual machine.
Collection: Activity log events are automatically generated and collected in a separate store for viewing in the Azure portal.
Routing: You can send Activity log data to Azure Monitor Logs so you can analyze it alongside other log data. Other locations such as Azure Storage, Azure Event Hubs, and certain Microsoft monitoring partners are also available. For more information on how to route the activity log, see Overview of the Azure activity log.
Analyze monitoring data
Azure Monitor provides several tools for analyzing monitoring data.
The basic tools are:
Metrics explorer, a tool in the Azure portal that allows you to view and analyze metrics for Azure resources. For more information, see Analyze metrics with Azure Monitor metrics explorer.
The activity log, which has a user interface in the Azure portal for viewing and basic searches. To do more in-depth analysis, you have to route the data to Azure Monitor logs and run more complex queries in Log Analytics.
Tools that allow more complex visualization include:
- Dashboards that let you combine different kinds of data into a single pane in the Azure portal.
- Workbooks, customizable reports that you can create in the Azure portal. Workbooks can include text, metrics, and log queries.
- Grafana, an open platform tool that excels in operational dashboards. You can use Grafana to create dashboards that include data from multiple sources other than Azure Monitor.
- Power BI, a business analytics service that provides interactive visualizations across various data sources. You can configure Power BI to automatically import log data from Azure Monitor to take advantage of these visualizations.
You can get data out of Azure Monitor into other tools by using the following methods:
Metrics: Use the REST API for metrics to extract metric data from the Azure Monitor metrics database. The API supports filter expressions to refine the data retrieved. For more information, see Azure Monitor REST API reference.
Logs: Use the REST API or the associated client libraries.
Another option is the workspace data export.
To get started with the REST API for Azure Monitor, see Azure monitoring REST API walkthrough.
Analyze metrics for Azure Blob Storage
Metrics for Azure Blob Storage are in these namespaces:
For a complete list of the dimensions that Azure Storage supports, see Metrics dimensions.
You can analyze metrics for Azure Storage with metrics from other Azure services by using Metrics Explorer. Open Metrics Explorer by choosing Metrics from the Azure Monitor menu. For details on using this tool, see Analyze metrics with Azure Monitor metrics explorer.
This example shows how to view Transactions at the account level.
For metrics that support dimensions, you can filter the metric with the desired dimension value. This example shows how to view Transactions at the account level on a specific operation by selecting values for the API Name dimension.
Analyze logs for Azure Blob Storage
You can access resource logs either as a blob in a storage account, as event data, or through Log Analytics queries. For information about how to find those logs, see Azure resource logs.
To get the list of SMB and REST operations that are logged, see Storage logged operations and status messages.
Log entries are created only if there are requests made against the service endpoint. For example, if a storage account has activity in its file endpoint but not in its table or queue endpoints, only logs that pertain to the Azure Blob Storage service are created. Azure Storage logs contain detailed information about successful and failed requests to a storage service. This information can be used to monitor individual requests and to diagnose issues with a storage service. Requests are logged on a best-effort basis.
When you view a storage account in the Azure portal, the operations called by the portal are also logged. For this reason, you may see operations logged in a storage account even though you haven't written any data to the account.
Log authenticated requests
The following types of authenticated requests are logged:
- Successful requests
- Failed requests, including time-out, throttling, network, authorization, and other errors
- Requests that use a shared access signature (SAS) or OAuth, including failed and successful requests
- Requests to analytics data (classic log data in the $logs container and class metric data in the $metric tables)
Requests made by the Blob storage service itself, such as log creation or deletion, aren't logged. For a full list of the logged data, see Storage logged operations and status messages and Storage log format.
Azure Monitor currently filters out logs that describe activity in the "insights-logs-" container.
Log anonymous requests
The following types of anonymous requests are logged:
- Successful requests
- Server errors
- Time out errors for both client and server
- Failed GET requests with the error code 304 (Not Modified)
Sample Kusto queries
When you select Logs from the service's menu in the portal, Log Analytics opens with the query scope set to the current service. This scope means that log queries will only include data from that type of resource. If you want to run a query that includes data from other Azure services, select Logs from the Azure Monitor menu. See Log query scope and time range in Azure Monitor Log Analytics for details.
For a list of common queries for any service, see the Log Analytics queries interface.
Here are some queries that you can enter in the Log search bar to help you monitor your Blob storage. These queries work with the new language.
To list the 10 most common errors over the last three days.
StorageBlobLogs | where TimeGenerated > ago(3d) and StatusText !contains "Success" | summarize count() by StatusText | top 10 by count_ desc
To list the top 10 operations that caused the most errors over the last three days.
StorageBlobLogs | where TimeGenerated > ago(3d) and StatusText !contains "Success" | summarize count() by OperationName | top 10 by count_ desc
To list the top 10 operations with the longest end-to-end latency over the last three days.
StorageBlobLogs | where TimeGenerated > ago(3d) | top 10 by DurationMs desc | project TimeGenerated, OperationName, DurationMs, ServerLatencyMs, ClientLatencyMs = DurationMs - ServerLatencyMs
To list all operations that caused server-side throttling errors over the last three days.
StorageBlobLogs | where TimeGenerated > ago(3d) and StatusText contains "ServerBusy" | project TimeGenerated, OperationName, StatusCode, StatusText
To list all requests with anonymous access over the last three days.
StorageBlobLogs | where TimeGenerated > ago(3d) and AuthenticationType == "Anonymous" | project TimeGenerated, OperationName, AuthenticationType, Uri
To create a pie chart of operations used over the last three days.
StorageBlobLogs | where TimeGenerated > ago(3d) | summarize count() by OperationName | sort by count_ desc | render piechart
Azure Monitor alerts proactively notify you when specific conditions are found in your monitoring data. Alerts allow you to identify and address issues in your system before your customers notice them. For more information, see Azure Monitor alerts.
There are many sources of common alerts for Azure resources. For examples of common alerts for Azure resources, see Sample log alert queries. The Azure Monitor Baseline Alerts (AMBA) site provides key alert metrics, dashboards, and guidelines for Azure Landing Zone (ALZ) scenarios.
The common alert schema standardizes the consumption of Azure Monitor alert notifications. For more information, see Common alert schema.
Types of alerts
You can alert on any metric or log data source in the Azure Monitor data platform. There are many different types of alerts depending on the services you're monitoring and the monitoring data you're collecting. Different types of alerts have various benefits and drawbacks. For more information, see Choose the right monitoring alert type.
The following list describes the types of Azure Monitor alerts you can create:
- Metric alerts evaluate resource metrics at regular intervals. Metrics can be platform metrics, custom metrics, logs from Azure Monitor converted to metrics, or Application Insights metrics. Metric alerts can also apply multiple conditions and dynamic thresholds.
- Log alerts allow users to use a Log Analytics query to evaluate resource logs at a predefined frequency.
- Activity log alerts trigger when a new activity log event occurs that matches defined conditions. Resource Health alerts and Service Health alerts are activity log alerts that report on your service and resource health.
You can also create the following types of alerts for some Azure services:
- Smart detection alerts on an Application Insights resource automatically warn you of potential performance problems and failure anomalies in your web application. You can migrate smart detection on your Application Insights resource to create alert rules for the different smart detection modules.
- Prometheus alerts alert on Prometheus metrics stored in Azure Monitor managed services for Prometheus. The alert rules are based on the PromQL open-source query language. Your service may not support this type of alert. Currently, Prometheus is used on a limited set of services with a guest operating system, such as Azure Virtual Machine and Azure Container Instances.
- Recommended alert rules are available out-of-box for some Azure resources, including virtual machines, Azure Kubernetes Service (AKS) resources, and Log Analytics workspaces.
Monitor multiple resources
You can monitor at scale by applying the same metric alert rule to multiple resources of the same type that exist in the same Azure region. Individual notifications are sent for each monitored resource. For supported Azure services and clouds, see Monitor multiple resources with one alert rule.
Azure Blob Storage alert rules
The following table lists common and recommended alert rules for Azure Blob Storage and the proper metric to use for the alert:
|Blob Storage service is throttled.
Dimension name: Response type
|Blob Storage requests are successful 99% of the time.
Dimension names: Geo type, API name, Authentication
|Blob Storage egress has exceeded 500 GiB in one day.
Dimension names: Geo type, API name, Authentication
If critical conditions or imminent changes occur during resource operations, an alert displays on the Overview page in the portal.
You can find more information and recommended fixes for the alert in Advisor recommendations under Monitoring. During normal operations, no advisor recommendations display.
For more information on Azure Advisor, see Azure Advisor overview.
Other Blob Storage monitoring content:
- Azure Blob Storage monitoring data reference. A reference of the logs and metrics created by Azure Blob Storage.
- Best practices for monitoring Azure Blob Storage. Guidance for common monitoring and troubleshooting scenarios.
- Metrics and logs FAQ.
Overall Azure Storage monitoring content:
- Monitor storage with Azure Monitor Storage insights. Get a unified view of storage performance, capacity, and availability.
- Transition to metrics in Azure Monitor. Move from Storage Analytics metrics to metrics in Azure Monitor.
- Troubleshoot performance issues. See common performance issues and guidance about how to troubleshoot them.
- Troubleshoot availability issues. See common availability issues and guidance about how to troubleshoot them.
- Troubleshoot client application errors. See common issues with connecting clients and how to troubleshoot them.
Azure Monitor content:
- Monitor Azure resources with Azure Monitor. General details on monitoring Azure resources.
- Azure Monitor Metrics overview. The basics of metrics and metric dimensions.
- Azure Monitor Logs overview. The basics of logs and how to collect and analyze them.
- Analyze metrics with Azure Monitor metrics explorer. A tour of Metrics Explorer.
- Overview of Log Analytics in Azure Monitor. A tour of Log Analytics.
- Gather metrics from your Azure Blob Storage containers. Create charts that show metrics, with step-by-step guidance.
- Monitor, diagnose, and troubleshoot your Azure Storage. Troubleshoot storage account issues, with step-by-step guidance.