Azure Key Vault monitoring data reference
This article contains all the monitoring reference information for this service.
See Monitor Azure Key Vault for details on the data you can collect for Key Vault and how to use it.
Metrics
This section lists all the automatically collected platform metrics for this service. These metrics are also part of the global list of all platform metrics supported in Azure Monitor.
For information on metric retention, see Azure Monitor Metrics overview.
Supported metrics for microsoft.keyvault/managedhsms
The following table lists the metrics available for the microsoft.keyvault/managedhsms resource type.
- All columns might not be present in every table.
- Some columns might be beyond the viewing area of the page. Select Expand table to view all available columns.
Table headings
- Category - The metrics group or classification.
- Metric - The metric display name as it appears in the Azure portal.
- Name in REST API - The metric name as referred to in the REST API.
- Unit - Unit of measure.
- Aggregation - The default aggregation type. Valid values: Average (Avg), Minimum (Min), Maximum (Max), Total (Sum), Count.
- Dimensions - Dimensions available for the metric.
- Time Grains - Intervals at which the metric is sampled. For example,
PT1Mindicates that the metric is sampled every minute,PT30Mevery 30 minutes,PT1Hevery hour, and so on. - DS Export- Whether the metric is exportable to Azure Monitor Logs via diagnostic settings. For information on exporting metrics, see Create diagnostic settings in Azure Monitor.
| Metric | Name in REST API | Unit | Aggregation | Dimensions | Time Grains | DS Export |
|---|---|---|---|---|---|---|
| Overall Service Availability Service requests availability |
Availability |
Percent | Average | ActivityType, ActivityName, StatusCode, StatusCodeClass |
PT1M | No |
| Total Service Api Hits Number of total service api hits |
ServiceApiHit |
Count | Count | ActivityType, ActivityName |
PT1M | Yes |
| Overall Service Api Latency Overall latency of service api requests |
ServiceApiLatency |
Milliseconds | Average | ActivityType, ActivityName, StatusCode, StatusCodeClass |
PT1M | No |
Supported metrics for Microsoft.KeyVault/vaults
The following table lists the metrics available for the Microsoft.KeyVault/vaults resource type.
- All columns might not be present in every table.
- Some columns might be beyond the viewing area of the page. Select Expand table to view all available columns.
Table headings
- Category - The metrics group or classification.
- Metric - The metric display name as it appears in the Azure portal.
- Name in REST API - The metric name as referred to in the REST API.
- Unit - Unit of measure.
- Aggregation - The default aggregation type. Valid values: Average (Avg), Minimum (Min), Maximum (Max), Total (Sum), Count.
- Dimensions - Dimensions available for the metric.
- Time Grains - Intervals at which the metric is sampled. For example,
PT1Mindicates that the metric is sampled every minute,PT30Mevery 30 minutes,PT1Hevery hour, and so on. - DS Export- Whether the metric is exportable to Azure Monitor Logs via diagnostic settings. For information on exporting metrics, see Create diagnostic settings in Azure Monitor.
| Metric | Name in REST API | Unit | Aggregation | Dimensions | Time Grains | DS Export |
|---|---|---|---|---|---|---|
| Overall Vault Availability Vault requests availability |
Availability |
Percent | Average | ActivityType, ActivityName, StatusCode, StatusCodeClass |
PT1M | Yes |
| Overall Vault Saturation Vault capacity used |
SaturationShoebox |
Percent | Average | ActivityType, ActivityName, TransactionType |
PT1M | No |
| Total Service Api Hits Number of total service api hits |
ServiceApiHit |
Count | Count | ActivityType, ActivityName |
PT1M | Yes |
| Overall Service Api Latency Overall latency of service api requests |
ServiceApiLatency |
MilliSeconds | Average | ActivityType, ActivityName, StatusCode, StatusCodeClass |
PT1M | Yes |
| Total Service Api Results Number of total service api results |
ServiceApiResult |
Count | Count | ActivityType, ActivityName, StatusCode, StatusCodeClass |
PT1M | Yes |
Metric dimensions
For information about what metric dimensions are, see Multi-dimensional metrics.
This service has the following dimensions associated with its metrics.
- ActivityType
- ActivityName
- TransactionType
- StatusCode
- StatusCodeClass
Resource logs
This section lists the types of resource logs you can collect for this service. The section pulls from the list of all resource logs category types supported in Azure Monitor.
Supported resource logs for microsoft.keyvault/managedhsms
| Category | Category display name | Log table | Supports basic log plan | Supports ingestion-time transformation | Example queries | Costs to export |
|---|---|---|---|---|---|---|
AuditEvent |
Audit Event | AzureDiagnostics Logs from multiple Azure resources. |
No | No | Queries | No |
Supported resource logs for Microsoft.KeyVault/vaults
| Category | Category display name | Log table | Supports basic log plan | Supports ingestion-time transformation | Example queries | Costs to export |
|---|---|---|---|---|---|---|
AuditEvent |
Audit Logs | AZKVAuditLogs Audit logs can be used to monitor how and when your key vaults are accessed, and by whom. Customers will be able to log all authentication api requests. Operations on the key vault itself, including creation, deletion, setting key vault access policies, and updating key vault attributes such as tags.Operation on keys and secrets in keyvault including creating, deleting, signing. |
Yes | No | Queries | No |
AzurePolicyEvaluationDetails |
Azure Policy Evaluation Details | AZKVPolicyEvaluationDetailsLogs Contains details of Azure Policy Evaluation including the outcome and details of what checks were performed. |
Yes | No | Yes |
Azure Monitor Logs tables
This section lists the Azure Monitor Logs tables relevant to this service, which are available for query by Log Analytics using Kusto queries. The tables contain resource log data and possibly more depending on what is collected and routed to them.
Key Vault microsoft.keyvault/managedhsms
Key Vault Microsoft.KeyVault/vaults
Activity log
The linked table lists the operations that can be recorded in the activity log for this service. These operations are a subset of all the possible resource provider operations in the activity log.
For more information on the schema of activity log entries, see Activity Log schema.
Diagnostics tables
Key Vault uses the Azure Diagnostics, Azure Activity table, and Azure Metrics tables to store resource log information. The following columns are relevant.
Azure Diagnostics
| Property | Description |
|---|---|
| _ResourceId | A unique identifier for the resource that the record is associated with. |
| CallerIPAddress | IP address of the user who performed the operation UPN claim or SPN claim based on availability. |
| DurationMs | The duration of the operation in milliseconds. |
| httpStatusCode_d | HTTP status code returned by the request, for example, 200. |
| Level | Level of the event. One of the following values: Critical, Error, Warning, Informational and Verbose. |
| OperationName | Name of the operation, for example, Alert. |
| properties_s | |
| Region_s | |
| requestUri_s | The URI of the client request. |
| Resource | |
| ResourceProvider | Resource provider of the Azure resource reporting the metric. |
| ResultSignature | |
| TimeGenerated | Date and time the record was created. |
Related content
- See Monitor Azure Key Vault for a description of monitoring Key Vault.
- See Monitor Azure resources with Azure Monitor for details on monitoring Azure resources.
Зворотний зв’язок
Очікується незабаром: протягом 2024 року ми будемо припиняти використання механізму реєстрації проблем у GitHub для зворотного зв’язку щодо вмісту й замінювати його новою системою зворотного зв’язку. Докладніше: https://aka.ms/ContentUserFeedback.
Надіслати й переглянути відгук про